ChinaNetCloud Training - HAProxy Intro
- 1. ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 HAProxy By ChinaNetCloud Pioneers in OaaS – Operations-as-a-Service January, 2015 www.ChinaNetCloud.com Copyright 2015 ChinaNetcloud Training Program ChinaNetCloud Training
- 2. 2 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Introduction ● HAProxy key part of most large systems ● World's most powerful software load balancer ● A little complex ● Interesting and fun
- 3. 3 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Load Balancer Overview ● Listen on front-end ports, usually 80/443 ● Forwards to a back-end pool of servers ● Has health checks of back-end ● Only send to Healthy & UP servers ● Has sticky sessions, usually using cookies ● Web servers see LB as client, with LB's IP ● Use X-Forwarded-for Header to send real IP ● Important for web server logs
- 4. 4 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Load Balancer Overview ● Single LB, many web ● Two LB, many web
- 5. 5 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 High-Avail HAProxy ● Two HAProxy ● Run KeepAlived to manage failover ● Have front-end VIP ● We have standard config, Wiki ● Usually Physical / Private ● On Public Cloud use ELB or Heartbeat
- 6. 6 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 HA Load Balancer – Public Cloud ● Amazon, Aliyun – Have their ELB/SLB in front ● Use their to help bandwidth and failover ● AWS – Need ELB for HA between zones ● Aliyun – Need SLB for single bandwidth point ● Still use two HAProxy ● HAProxy more powerful, configurable ● HAProxy can be monitored (Nginx can't)
- 7. 7 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Parts of HAProxy ● Front-End Listeners ● Back-End Pools ● ACLs ● Rewrites ● Logs ● Monitoring
- 8. 8 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Front-End ● Listening part of HAProxy ● Pretty simple ● Has IP, port to listen on ● Has networking options, like timeouts ● Includes vhost, name to listen on ● Can have several front-ends ● Usually for different domains, www., images., etc. ● Can go to same or different back-ends
- 9. 9 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Back End Pools ● Part that does the work ● Lots of options ● Also does logging, error handling ● And health checks of backend servers ● Has a backend server list ● Each server has options, weights, health checks
- 10. 10 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 ACLs – Control & Multi-Pool ● Can split traffic by URL, host ● For vhost split, use second Front-end ● For URL split, use ACLs ● Based on Headers, URL, or Path ● If-then structure ● Also can avoid scans, DDoS ● Example: ● acl is_www_domain_com hdr_end(host) -i domain.com ● use_backend www_ex_com if is_www_example_com
- 11. 11 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Rewrites ● Has basic rewrites ● Can be useful, especially cross-domain ● Usually better to rewrite on web server
- 12. 12 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Configuration ● Single file ● Has Global default second, for all Front/Back ● Has section for each Front & Back ● Not much to change, other than pools & URLs ● Sometimes change timeouts ● Sometimes advanced features like keepalive ● Sometimes Tomcat needs more changes ● server srv-example-web1_80 10.9.1.205:80 cookie srv-example-web1_80 check maxconn 2000
- 13. 13 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Session Stickiness ● Makes sure same user goes to same server ● Especially in one session ● Very important for Java ● Not very important for PHP if uses shared cache ● Can cause instability on big systems ● Done with separate (not session) cookie ● Remove cookie name in server list to disable
- 14. 14 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Logs ● Very powerful and useful ● Uses syslog, so /var/log/haproxy … ● Shows disconnect reason/state ● 4 letter code like CRNI, RHEP ● See manual for meaning ● Show is Client or Backend server disconnected – Also often shows why or how ● Also shows if session/cookie was used
- 15. 15 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Monitoring ● Very good ● Keeps stats by pool and by servers ● Records status, errors, but not timing ● Unusual words: ● Sessions – Concurrent connections ● Session Rate – Request rate ● Two ways to use (Can also manage servers) ● API called via Socket ● GUI web interface
- 16. 16 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 GUI Web Monitor ● Lots of good detail
- 17. 17 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 SSL in HAProxy ● Just got support in June, 2014 – Version 1.5 ● Starting to see in production use ● Until now, we had to: ● Have to use Nginx in front ● Set Nginx on port 443 as proxy ● Sends traffic to Haproxy on port 80 or 81 – Use 81 if need to keep SSL traffic separate ● Now we can use directly in version 1.5 ● See docs on how to configure
- 18. 18 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Multi-Process ● HAProxy is single process – use single CPU ● Usually okay, but can limit scaling ● 250,000 connections, but only 2,500 requests/sec ● 50,000+ requests/sec, but only 2,500 concurrent con ● Need special config and discussion to use ● It CAN run multi-process, but monitoring is wrong ● All monitoring by process, so gets confused ● Messy
- 19. 19 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Summary ● HAProxy important and powerful ● Very configurable ● Has pools ● Great logs ● Good luck !
- 20. 20 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Lab ● Create VM on AWS ● Install Nginx & Apache ● Configure Nginx on port 81 and Apache on 82 ● Install HAProxy from RPM & Wiki ● Create frontend & backend for nginx, test ● Add ACL and Apache backend pool ● Split URLs between Nginx & Apache, test ● Look at monitor page, use CLI tools ● Look at logs, look up status codes
- 21. 21 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 About ChinaNetCloud Www.ChinaNetCloud.com – +86-21-6422-1946 – Sales@ChinaNetCloud.com ChinaNetCloud is a Shanghai-based, full-service Internet managed services provider (MSP). We architect, build, optimize, and manage large-scale systems for e-commerce, games, apps, mobile, media, and more. We deliver Reliability, Performance, Scale, Security, and cost savings via our Operations- as-a-Service (OaaS) platform, which includes 7x24 operations, deep predcitive monitoring, networking, security scanning, backups, databases, upgrades,rapid troubleshooting, configuration changes, and much more. Our OaaS platform is state-of-the-art with a wide variety of sophisticated tools ranging from deep design to audit, migration, management, monitoring, backups, CMDB, load testing, capacity planning, performance analysis, portals, and much more. Over six years, we've helped hundreds of internet companies improve their systems, focusing on Reliability, Performance, Scalability, Security, and Cost-Savings. Let us help you today!
- 22. 22 ChinaNetCloudRunning the World's Internet Servers 管理全球服务器 Contact ChinaNetCloud Silicon Valley Office: 440 North Wolfe Road Sunnyvale, 94085 USA ChinaNetCloud www.ChinaNetCloud.com Sales@ChinaNetCloud.com Shanghai Headquarters: X2 Space 10601 1238 Xietu Lu Shanghai, 200032 China Beijing Office: Lee World Business Building #305 57 Middl Xingfu Village Rd., Chaoyang Beijing, 100027 China T: +86-21-6422-1946