dokucama

User Tools

Site Tools

Trace:
network_stuff:haproxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
network_stuff:haproxy [2017/08/27 18:24] – created jotasandokunetwork_stuff:haproxy [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 1: Line 1:
 __**BASIC CONCEPTS**__\\ __**BASIC CONCEPTS**__\\
 [[https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts|External Link]]\\ [[https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts|External Link]]\\
 +  /etc/haproxy/haproxy.cfg
 We define acl and backends. We define acl and backends.
 Then acl define what backend we use. Then acl define what backend we use.
   use_backend blog-backend if acl_url_blog   use_backend blog-backend if acl_url_blog
 +
 +----
 +**OPERATION:**\\
 +Restart:
 +  /etc/rc.d/init.d/haproxy restart
 +
 +----
 +
 +
 __**MONITORING**__\\ __**MONITORING**__\\
-[[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/com|External Link]]+From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections. 
 +  echo "show info;show stat" | nc -U /var/lib/haproxy/stats  # Also | grep DOWN to see what is not working atm 
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show stat" | nc -U /var/lib/haproxy/stats" > file1 ; csvtool readable file1 | view - 
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show info" | nc -U /var/lib/haproxy/stats"  
 + 
 +[[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/|External Link]]
 There's GUI available as well as interacetive commands accessible with:  There's GUI available as well as interacetive commands accessible with: 
   nc -U /var/run/haproxy.sock   nc -U /var/run/haproxy.sock
 Also non-interactive commands for automated based operations. Also non-interactive commands for automated based operations.
 +\\
 +\\
 +From the stats page:
 +  * Session rate : number of new sessions per second. A session is a connection that was accepted by the layer 4 rules.
 +  * Connection: Note that a session can have one or more connections. "With the introduction of SSL, proxy protocol and layer4 ACLs, it was needed to cut the end-to-end sessions in smaller parts, hence the introduction of "connections""
 +
 +
 +----
 +
 +__**PROTECT AGAINST DDOS:**__\\
 +  * [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|haproxy-first-row-of-defense-against-ddos]]
 +  * Block by source IP based on different criteria. Stick tables. Some examples [[http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/st-ddos/|here]]: 
 +
 +----
 +
 +**SPECIAL FEATURES**\\
 +Enable slow start:
 +[[https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-slowstart|https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-slowstart]]
 +
  
 +----
 +  * Conceptual difference between a proxy and a 'reverse proxy': Proxy is a client proxy; reverse proxy is ~load balancer. 
 +    * Proxy hides clients identity to the server. This is for client to server connections.
 +    * Proxy hides servers identity to the client. This is for client to server connections **as well**.
 +TODO:\\
 +  * Block by source IP based on different criteria. Stick tables:
 +  * Some examples here: http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
network_stuff/haproxy.1503858243.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki