dokucama

User Tools

Site Tools

Trace: debugging bash github
network_stuff:haproxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:haproxy [2017/08/27 18:57] jotasandokunetwork_stuff:haproxy [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 7: Line 7:
  
 ---- ----
-OPERATION:\\+**OPERATION:**\\
 Restart: Restart:
   /etc/rc.d/init.d/haproxy restart   /etc/rc.d/init.d/haproxy restart
 +
 +----
  
  
Line 15: Line 17:
 From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections. From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections.
   echo "show info;show stat" | nc -U /var/lib/haproxy/stats  # Also | grep DOWN to see what is not working atm   echo "show info;show stat" | nc -U /var/lib/haproxy/stats  # Also | grep DOWN to see what is not working atm
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show stat" | nc -U /var/lib/haproxy/stats" > file1 ; csvtool readable file1 | view -
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show info" | nc -U /var/lib/haproxy/stats" 
  
 [[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/|External Link]] [[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/|External Link]]
Line 20: Line 24:
   nc -U /var/run/haproxy.sock   nc -U /var/run/haproxy.sock
 Also non-interactive commands for automated based operations. Also non-interactive commands for automated based operations.
 +\\
 +\\
 +From the stats page:
 +  * Session rate : number of new sessions per second. A session is a connection that was accepted by the layer 4 rules.
 +  * Connection: Note that a session can have one or more connections. "With the introduction of SSL, proxy protocol and layer4 ACLs, it was needed to cut the end-to-end sessions in smaller parts, hence the introduction of "connections""
 +
 +
 +----
 +
 +__**PROTECT AGAINST DDOS:**__\\
 +  * [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|haproxy-first-row-of-defense-against-ddos]]
 +  * Block by source IP based on different criteria. Stick tables. Some examples [[http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/st-ddos/|here]]: 
 +
 +----
 +
 +**SPECIAL FEATURES**\\
 +Enable slow start:
 +[[https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-slowstart|https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-slowstart]]
 +
  
 +----
 +  * Conceptual difference between a proxy and a 'reverse proxy': Proxy is a client proxy; reverse proxy is ~load balancer. 
 +    * Proxy hides clients identity to the server. This is for client to server connections.
 +    * Proxy hides servers identity to the client. This is for client to server connections **as well**.
 +TODO:\\
 +  * Block by source IP based on different criteria. Stick tables:
 +  * Some examples here: http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
network_stuff/haproxy.1503860265.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki