Haproxy Installation Configuration Tuning Basics Tutorial

HAProxy provides high availability, load balancing, and proxy for TCP and HTTP applications, supporting virtual hosting, which is a free, fast, and reliable solution. According to official data, its highest limit supports 10G concurrency. HAProxy is especially useful for those highly loaded web sites that typically require session persistence or seven layers of processing. HAProxy runs on current hardware and can support tens of thousands of concurrent connections. And its mode of operation makes it easy and safe to integrate into your current architecture while protecting your web server from exposure to the network.

It supports network switching from Layer 4 to Layer 7, ie covering all TCP protocols. That is to say, Haproxy even supports the balanced load of Mysql. . If it is said that the WEB balanced load can be implemented in the proxy reverse proxy mode, there are many such products. Including Nginx, ApacheProxy, lighttpd, Cheroke, etc. But to be clear, Haproxy is not an Http server. All of the products mentioned above with a reverse proxy equalization load are all WEB servers. Simply put, they can provide static (html, jpg, gif..) or dynamic (php, cgi..) file transfers and processing. Haproxy is only, and is specifically an application agent for balancing loads. It does not provide http services by itself.

But it is simple to configure, has a very good server health check function and a special system status monitoring page. When the backend server of the agent fails, HAProxy will automatically remove the server. After the fault is recovered, The server is automatically added. Since version 1.3, frontend, backend, frontend have been introduced to match rules based on the contents of any HTTP request header, and then the request is directed to the relevant backend.

In addition, version 1.3 is an active development version that supports the following new features:

l Content Exchange: You can select a group of servers based on any part of the request, such as The requested URI, the Host header, the cookie, and anything else. Of course, there are more requirements for this feature for statically separated sites.

l Fully transparent proxy: You can use the client IP address or any other address to connect to the backend server. This feature can only be used after the cctproxy patch is applied to the Linux 2.4/2.6 kernel. This feature also makes It is possible for a particular server to handle part of the traffic without modifying the address of the server.

l Tree-based faster scheduler: Versions above 1.2.16 require all timeouts to be set to the same value to support tens of thousands of full-speed connections. This feature has been ported to 1.2.17 .

l Kernel TCP splicing: Avoids kernel-to-user and then user-to-kernel data copying, increasing throughput while reducing CPU usage. Haproxy 1.3 supports Linux L7SW to meet Gbps on commercial hardware The need for throughput.

l Connection Rejection: Because the overhead of maintaining the opening of a connection is very low, sometimes we need to limit the attack worms, which means limiting their connection opening to limit their harm. This has been developed for a site that is stuck in a small DDoS attack and has saved many sites.

l Subtle heading: Makes writing header-based rules simpler and handles certain parts of the URI.

l Fast and reliable header processing: It takes less than 2ms to analyze and index all the general requests using a full RFC2616 compatible integrity check.

l Modular design: Allow more people to join this project, debugging is also very simple. Poller has been separated, has made their development a lot easier. HTTP has been separated from TCP, so add new The seven-layer feature becomes very simple. Other subsystems will also be modularized very quickly

l Speculative I/O Processing: Try to read data from a socket before it is ready. The poller only speculates which ones may be ready and not, try to guess, and if successful, some expensive system calls can be saved. These system calls are called if they fail. The known use of Linux epoll() has been a net increase of at least 10%.

l ACLs : Use any combination of arbitrary rules as the execution condition of an action.

l TCP protocol check: Combine ACL to check any part of the request, and then forward it. This allows for protocol verification to be performed instead of blind forwarding. For example, allow SSL but reject SSH.

l More load balancing algorithms: Now, Dynamic Round Robin, Weighted Source Hash, Weighted URL Hash and Weighted Parameter Hash ) has been implemented. Other algorithms such as Weighted Measured Response Time will also be implemented soon.

Haproxy has the strongest performance for balanced load alone, exceeding Nginx. Substituting Haproxy for the balanced load feature that comes with Nginx will give you a discount. Haproxy's ability to balance load is far more mature than Nginx, such as session paste, cookie booting, etc., which nginx does not have.