HAProxy as Load Balancer for Web and Databases

HAProxy 可以用來當各種服務(db 或 web)的 load balancer
其實就是幫你把 requests 分散到後端不同的機器
也會自動偵測機器掛掉的話就不會把請求送給它
即所謂的 Reverse Proxy

還有一種是 Caching Reverse Proxy
例如 Varnish, Squid
通常會直接把 response 緩存下來
這樣就不需要把 requests 打到後端去了

Install

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:vbernat/haproxy-1.5
$ sudo apt-get update
$ sudo apt-get install haproxy

Web Load Balancer: nginx

Configuration

in /etc/haproxy/haproxy.cfg

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL).
    ssl-default-bind-ciphers A_SECRET_STRING
    ssl-default-bind-options no-sslv3

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend web
    bind *:80
    mode http
    # acl static path_beg /asset
    # use_backend static_nodes if static
    default_backend web_nodes

backend web_nodes
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    # option httpclose
    # option http-server-close
    # appsession session len 32 timeout 12h
    cookie haproxyserverid insert nocache maxidle 1h
    option httpchk HEAD /health/
    server web1 100.100.100.1:80 check cookie web1
    server web2 100.100.100.2:80 check cookie web2
    server web3 100.100.100.3:80 check cookie web3
    server worker1 100.100.100.11:80 check cookie worker1
    server worker2 100.100.100.12:80 check cookie worker2

listen stats *:1936
    stats enable
    stats uri /
    stats hide-version
    stats auth YOUR_USERNAME:YOUR_PASSWORD

balance
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-balance

cookie
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-cookie

appsession
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-appsession

option forwardfor
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor

ref:
https://serversforhackers.com/haproxy/
https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-as-a-layer-7-load-balancer-for-wordpress-and-nginx-on-ubuntu-14-04

Database Load Balancer: MySQL

Create User for HAProxy in managed Databases

必須在要管理的資料庫新增一個 haproxy 的 user
讓 haproxy 檢測連線

# 100.100.100.78 是跑 haproxy 的那台機器
CREATE USER [email protected];

# 你可以看看 user 有沒有被建立
SELECT user, host, password FROM mysql.user;

Configuration

in /etc/haproxy/haproxy.cfg

global
    log 127.0.0.1 local0 notice
    maxconn 2000
    user haproxy
    group haproxy

defaults
    log     global
    retries 5
    timeout connect  10000
    timeout client  100000
    timeout server  100000

listen mariadb-cluster
    bind 0.0.0.0:3306
    mode tcp
    option mysql-check user haproxy
    balance source
    server svtw-db1 100.100.100.79:3306 check weight 4
    server svtw-db2 100.100.100.80:3306 check weight 4
    server svtw-db3 100.100.100.88:3306 check weight 2

listen webinterface
    bind 0.0.0.0:8080
    mode http
    stats enable
    stats uri /
$ sudo service haproxy reload
$ sudo service haproxy restart

ref:
https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-to-set-up-http-load-balancing-on-an-ubuntu-vps