network_stuff:haproxy
This is an old revision of the document!
BASIC CONCEPTS
External Link
/etc/haproxy/haproxy.cfg
We define acl and backends. Then acl define what backend we use.
use_backend blog-backend if acl_url_blog
OPERATION:
Restart:
/etc/rc.d/init.d/haproxy restart
MONITORING
From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections.
echo "show info;show stat" | nc -U /var/lib/haproxy/stats # Also | grep DOWN to see what is not working atm ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show stat" | nc -U /var/lib/haproxy/stats" > file1 ; csvtool readable file1 | view - ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show info" | nc -U /var/lib/haproxy/stats"
External Link There's GUI available as well as interacetive commands accessible with:
nc -U /var/run/haproxy.sock
Also non-interactive commands for automated based operations.
From the stats page:
- Session rate : number of new sessions per second. A session is a connection that was accepted by the layer 4 rules.
- Connection: Note that a session can have one or more connections. “With the introduction of SSL, proxy protocol and layer4 ACLs, it was needed to cut the end-to-end sessions in smaller parts, hence the introduction of “connections””
PROTECT AGAINST DDOS:
- Block by source IP based on different criteria. Stick tables. Some examples here:
SPECIAL FEATURES
Enable slow start:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-slowstart
TODO:
- Block by source IP based on different criteria. Stick tables:
network_stuff/haproxy.1511367803.txt.gz · Last modified: (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
