HAProxy
From KevinWiki
(Difference between revisions)
		
		
| Line 239: | Line 239: | ||
| <pre> | <pre> | ||
| $ restart rsyslog   | $ restart rsyslog   | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | = HATop = | ||
| + | == Installation == | ||
| + | <pre> | ||
| + | $ apt-get install hatop  | ||
| + | </pre> | ||
| + | |||
| + | == Usage == | ||
| + | <pre> | ||
| + | $ hatop -s /var/run/haproxy/haproxy.sock  | ||
| + | </pre> | ||
| + | Or set alias | ||
| + | <pre> | ||
| + | alias hamonitor='hatop -s /var/run/haproxy/haproxy.sock' | ||
| </pre> | </pre> | ||
Revision as of 19:18, 7 August 2013
| Contents | 
Installation
$ apt-get install make
- for gcc
$ apt-get install build-essential
- If the following error occurs,
# Install libpcre3-dev if you get "include/common/regex.h:28:18: fatal error: pcre.h: No such file or directory"
- install
$ apt-get install libpcre3-dev
- If the following error occurs,
# libssl-dev if you get "include/types/server.h:29:25: fatal error: openssl/ssl.h: No such file or directory"
- install
$ apt-get install libssl-dev
- HAProxy website:
http://haproxy.1wt.eu/
HAProxy Installation
- Download HAProxy,
e.g.)
$ wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev19.tar.gz
- Install
$ tar -zxvf haproxy-1.5-dev19.tar.gz $ cd haproxy-1.5-dev19 $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 $ make install
- Clean all for recompilation
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 clean all
- Add haproxy user
$ useradd -m haproxy -s /bin/false
- For SSL support
$ cat server_domain-crt-bundle.crt server_domain.key > server_domain.pem
-  Modify the /etc/haproxy/haproxy.cfgfile
bind :443 ssl crt /etc/ssl/certs/server_domain.pem
Configuration
haproxy.cfg
-  Example of /etc/haproxy/haproxy.cfg
global
  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice
  #log loghost  local0 info
  maxconn 4096
  #chroot /usr/share/haproxy
  user haproxy
  group haproxy
  daemon
  #debug
  #quiet
  stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin
defaults
  log global
  mode  http
  option  httplog
  option  dontlognull
  retries 3
  option redispatch
  maxconn 2000
  contimeout  5000
  clitimeout  50000
  srvtimeout  50000
## first.domain.com { ##
# frontend public
frontend http_first
  # HTTP
  bind 192.168.0.222:80
  # Redirect all HTTP traffic to HTTPS
  redirect scheme https if !{ ssl_fc }
 
frontend https_first
  bind 192.168.0.222:443 ssl crt /location/to/ssl/first.pem
  default_backend main_backend_https
backend main_backend_https
  mode http
  # Tell the backend that this is a secure connection,
  # even though it's getting plain HTTP.
  reqadd X-Forwarded-Proto:\ https
  # Check by hitting a page intended for this use.
#  option httpchk GET /isrunning
  option httpchk
  timeout check 500ms
  # Wait 500ms between checks.
  option forwardfor header X-Real-IP
  option http-server-close
  balance roundrobin
  cookie JSESSIONID prefix
  server app_backend1 192.168.0.301:80 check port 80 cookie app_backend1
  server app_backend2 192.168.0.302:80 check port 80 cookie app_backend2
## } first.domain.com ##
## second.domain.com { ##
frontend http_second
  bind 192.168.0.202:80
  redirect scheme https if !{ ssl_fc }
frontend https_second
  bind 192.168.0.202:443 ssl crt /location/to/ssl/second.pem
  default_backend main_backend_https
## } second.domain.com ##
## third.domain.com { ##
frontend http_third
  bind 192.168.0.203:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_third
  bind 192.168.0.203:443 ssl crt /location/to/ssl/third.pem
  default_backend main_backend_https
## } third.domain.com ##
## fourth.domain.com { ##
frontend http_fourth
  bind 192.168.0.204:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_fourth
  bind 192.168.0.204:443 ssl crt /location/to/ssl/fourth.pem
  default_backend main_backend_https
## } fourth.domain.com ##
## fifth.domain.com { ##
frontend http_fifth
  bind 192.168.0.205:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_fifth
  bind 192.168.0.205:443 ssl crt /location/to/ssl/fifth.pem
  default_backend main_backend_https
## } fifth.domain.com ##
Log
HAProxy uses syslog instead of writing it directly into a file.
So change the configuration fine of the default syslog daemon that is rsyslogd.
-  Edit /etc/rsyslog.conf
$ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514
-  Also Edit /etc/rsyslog.d/49-haproxy.conf
local0.* -/var/log/haproxy_0.log local1.* -/var/log/haproxy_1.log & ~
-  Edit /etc/logrotate.d/haproxy
/var/log/haproxy*.log
{
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        reload rsyslog >/dev/null 2>&1 || true
    endscript
}
$ restart rsyslog
HATop
Installation
$ apt-get install hatop
Usage
$ hatop -s /var/run/haproxy/haproxy.sock
Or set alias
alias hamonitor='hatop -s /var/run/haproxy/haproxy.sock'

