HAProxy: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(29 intermediate revisions by the same user not shown)
Line 1: Line 1:
  sudo apt install haproxy
  sudo apt-get install haproxy
  sudo apt install --no-install-recommends software-properties-common
  sudo apt-get install --no-install-recommends software-properties-common
  sudo add-apt-repository ppa:vbernat/haproxy-2.4 -y
  sudo add-apt-repository ppa:vbernat/haproxy-2.4 -y
  sudo apt install haproxy=2.4.\*
  sudo apt-get install haproxy=2.4.\*
  haproxy -v
  haproxy -v
==Default » TCP==
<syntaxhighlight lang="text">
defaults
        log    global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 5000ms
        timeout client  50000ms
        timeout server  50000ms
        retries 3
</syntaxhighlight>
==Default » HTTP==
<syntaxhighlight lang="text">
defaults
        log    global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
</syntaxhighlight>


==Load Balancing==
==Load Balancing==
Line 35: Line 67:


| valign="bottom" |
| valign="bottom" |
#    acl path-prefix-is-pgadmin4  path_beg /pgadmin4
#    acl path-prefix-is-gateway  path_beg /data/ OR path_beg /user/ OR path_beg /policy/
#    acl path-prefix-is-gateway  path_beg /data/ && path_beg /user/ && path_beg /policy/
#    use_backend chorke-servers if host-is-chorke path-prefix-is-gateway
#    use_backend chorke-servers if path-prefix-is-pgadmin4
  frontend chorke-http
  frontend chorke-http
     bind *:80
     bind *:80
Line 47: Line 85:
|}
|}


==Knowledge==
==HTTP Rewrite==
<syntaxhighlight lang="text">
frontend academia
  bind *:80
  mode http
  acl host-is-academia-flow  hdr(host) -i flow.academia.local
  acl host-is-academia      hdr(host) -i academia.local
  acl is-insurance          path_beg /services/insurance/
  acl is-policy              path_beg /services/policy/
  acl is-quote              path_beg /services/quote/
  acl is-audit              path_beg /services/audit/
  acl is-data                path_beg /services/data/
  acl is-user                path_beg /services/user/
  acl is-tds                path_beg /services/tds/
 
  use_backend academia-insurance  if host-is-academia is-insurance
  use_backend academia-policy    if host-is-academia is-policy
  use_backend academia-quote      if host-is-academia is-quote
  use_backend academia-audit      if host-is-academia is-audit
  use_backend academia-data      if host-is-academia is-data
  use_backend academia-user      if host-is-academia is-user
  use_backend academia-tds        if host-is-academia is-tds
  use_backend academia-flow      if host-is-academia-flow
  use_backend academia-admin      if host-is-academia
 
  default_backend academia-apache
 
 
backend academia-apache
  server apache 127.0.0.1:2013
  mode http
 
backend academia-insurance
  http-request set-path "%[path,regsub(^/services/insurance/,/)]"
  server tomcat 127.0.0.1:16002
  mode http
 
backend academia-data
  http-request set-path "%[path,regsub(^/services/data/,/)]"
  server tomcat 127.0.0.1:16001
  mode http
 
backend academia-user
  http-request set-path "%[path,regsub(^/services/user/,/)]"
  server tomcat 127.0.0.1:16001
  mode http
 
backend academia-flow
  server tomcat 127.0.0.1:16001
  mode http
 
backend academia-policy
  http-request set-path "%[path,regsub(^/services/policy/,/)]"
  server tomcat 127.0.0.1:9002
  mode http
 
backend academia-quote
  http-request set-path "%[path,regsub(^/services/quote/,/)]"
  server tomcat 127.0.0.1:9001
  mode http
 
backend academia-audit
  http-request set-path "%[path,regsub(^/services/audit/,/)]"
  server tomcat 127.0.0.1:9003
  mode http
 
backend academia-tds
  http-request set-path "%[path,regsub(^/services/tds/,/)]"
  server tomcat 127.0.0.1:9000
  mode http
 
backend academia-admin
  server nodejs 127.0.0.1:3000
  mode http
</syntaxhighlight>
 
==Validate==
<syntaxhighlight lang="bash">
haproxy -c -V -f /etc/haproxy/haproxy.cfg
</syntaxhighlight>
 
==Playground==
{|
{|
| valign="top" |
<syntaxhighlight lang="bash">
lxc image info ubuntu:noble --vm|yq .Aliases
lxc image info ubuntu:24.04 --vm|yq .Aliases
lxc image info ubuntu:noble    |yq .Aliases
lxc image info ubuntu:24.04    |yq .Aliases
</syntaxhighlight>
| colspan="2" |
<syntaxhighlight lang="bash">
lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine
lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine
lxc image list ubuntu: os=ubuntu release=noble type=container
lxc image list ubuntu: os=ubuntu release=noble type=container
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
lxc image list ubuntu:24.04
lxc launch ubuntu:24.04 haproxy
lxc launch ubuntu:40d8df642812 haproxy
</syntaxhighlight>
| colspan="2" |
<syntaxhighlight lang="bash">
lxc list status=running name=haproxy --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=haproxy --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info haproxy|yq '.Resources.["Network usage"][]["IP addresses"].inet'
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
</syntaxhighlight>
| colspan="2" |
<syntaxhighlight lang="bash">
lxc snapshot haproxy base:2.8.5
lxc publish  haproxy/base:2.8.5 --alias haproxy/base:2.8.5
lxc restore  haproxy base:2.8.5
</syntaxhighlight>
|-
|colspan='3'|
----
|-
|valign='top'|
|valign='top'|
sudo ss -tulwn | grep LISTEN
<syntaxhighlight lang="bash">
sudo ss -tulpn | grep LISTEN
cat /etc/haproxy/haproxy.cfg
sudo ss -tulpn | grep LISTEN | grep sshd
sudo journalctl -xeu haproxy
sudo ss -tulpn | grep LISTEN | grep minio
systemctl status haproxy
sudo ss -tulpn | grep LISTEN | grep resolve
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
apt info -a haproxy
apt search haproxy
haproxy -v
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
sudo apt-get install -y haproxy
sudo apt-get remove  -y haproxy
sudo apt-get purge  -y haproxy
</syntaxhighlight>


|-
|-
Line 65: Line 253:
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
nmap --reason  dev.chorke.org -Pn -p21,22
mtr -wrbzc 100 dev.chorke.org
ping -c5      dev.chorke.org
mtr -r        dev.chorke.org
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
</syntaxhighlight>


|}
|}
Line 87: Line 287:


| valign="top" |
| valign="top" |
* [https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/ Getting started with Apache HTTP Server]
* [https://serversforhackers.com/c/letsencrypt-with-haproxy HAProxy » Frontend » <code>--http-01-port=19830</code>]
* [https://unix.stackexchange.com/questions/47434/ Difference between curl vs. wget]
* [https://unix.stackexchange.com/questions/47434/ Difference between curl vs. wget]
* [https://git-scm.com/download/linux Git Download for Linux and Unix]
* [https://git-scm.com/download/linux Git Download for Linux and Unix]
Line 103: Line 303:
* [https://medium.com/@lalosaimi/haproxy-e5d39ca64a07 HAProxy » Spring Boot Application]
* [https://medium.com/@lalosaimi/haproxy-e5d39ca64a07 HAProxy » Spring Boot Application]
* [https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-haproxy/ HAProxy » Jenkins Reverse Proxy]
* [https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-haproxy/ HAProxy » Jenkins Reverse Proxy]
* [https://docs.haproxy.org/3.0/configuration.html HAProxy » Configuration » 3.0]
* [https://docs.haproxy.org/2.8/configuration.html HAProxy » Configuration » 2.8]
* [https://docs.haproxy.org/2.4/configuration.html HAProxy » Configuration » 2.4]
* [https://docs.haproxy.org/3.0/management.html HAProxy » Management » 3.0]
* [https://docs.haproxy.org/2.8/management.html HAProxy » Management » 2.8]
* [https://docs.haproxy.org/2.4/management.html HAProxy » Management » 2.4]
|-
| colspan="3" |
----
|-
| valign="top" |
* [[K8s/HAProxy/Ingress|HAProxy » K8s » Ingress]]
* [[HAProxy/Frontend|HAProxy » Frontend]]
* [[HAProxy/Reconfig|HAProxy » Reconfig]]
| valign="top" |
| valign="top" |
|-
| colspan="3" |
----
|-
| valign="top" |
* [https://www.linkedin.com/pulse/how-https-lets-encrypt-haproxy-jack-mtembete HAProxy » HTTPS with Let's Encrypt]
* [https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers/ HAProxy » Configuration Basics]
* [https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers/ HAProxy » Configuration Basics]
* [https://www.haproxy.com/blog/introduction-to-haproxy-acls/ HAProxy » Introduction to ACLs]
* [https://www.haproxy.com/blog/introduction-to-haproxy-acls/ HAProxy » Introduction to ACLs]
* [https://docs.haproxy.org/2.4/configuration.html HAProxy » Configuration » 2.4]
* [https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-1-introduction HAProxy » As an API Gateway]
* [https://docs.haproxy.org/2.4/management.html HAProxy » Management » 2.4]
* [https://www.haproxy.com/blog/how-to-install-haproxy-on-ubuntu/ HAProxy » Install on Ubuntu]
* [https://www.haproxy.com/blog/how-to-install-haproxy-on-ubuntu/ HAProxy » Install on Ubuntu]
* [https://www.haproxy.com/blog/announcing-haproxy-3-0 HAProxy » Announcing » 3.0]
* [https://www.haproxy.com/blog/autoscaling-with-the-haproxy-kubernetes-ingress-controller-and-keda HAProxy » K8s Autoscaling]
* [https://docs.haproxy.org/ HAProxy » Documentation]
* [https://docs.haproxy.org/ HAProxy » Documentation]
* [https://www.haproxy.com/blog/haproxy-and-let-s-encrypt HAProxy »  Let’s Encrypt]
| valign="top" |
| valign="top" |


|-
|-
Line 115: Line 347:
|-
|-
| valign="top" |
| valign="top" |
* [https://www.linode.com/docs/guides/diagnosing-network-issues-with-mtr/ MTR » Diagnosing Network Issues]
* [https://help.ubuntu.com/community/WakeOnLan Setting Up Wake-on-LAN]
* [[Convention for Projects]]
* [[Convention for Projects]]
* [[K8s/Ingress]]
* [[PostgreSQL]]
* [[PostgreSQL]]
* [[Localtunnel]]
* [[Camunda]]
* [[Camunda]]
* [[Pi-hole]]
* [[Pi-hole]]
* [[Nginx]]
* [[Nginx]]
* [[MinIO]]
* [[MinIO]]
| valign="top" |


| valign="top" |
| valign="top" |

Latest revision as of 09:48, 1 April 2025

sudo apt-get install haproxy
sudo apt-get install --no-install-recommends software-properties-common
sudo add-apt-repository ppa:vbernat/haproxy-2.4 -y
sudo apt-get install haproxy=2.4.\*
haproxy -v

Default » TCP

defaults
        log     global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 5000ms
        timeout client  50000ms
        timeout server  50000ms
        retries 3

Default » HTTP

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

Load Balancing

frontend chorke-http
   bind *:80
   mode http
   default_backend chorke-minio

backend chorke-minio
   server minio1 127.0.0.1:1983
   mode http

Reverse Proxy

frontend chorke-http
   bind *:80
   mode http
   acl host-is-chorke hdr(host) -i chorke.local
   acl path-prefix-is-services  path_beg /services/
   use_backend chorke-servers if host-is-chorke path-prefix-is-services
   use_backend chorke-clients if host-is-chorke

backend chorke-servers
   server apache 127.0.0.1:2013
   mode http

backend chorke-clients
   server apache 127.0.0.1:3000
   mode http

#    acl path-prefix-is-pgadmin4  path_beg /pgadmin4
#    acl path-prefix-is-gateway   path_beg /data/ OR path_beg /user/ OR path_beg /policy/
#    acl path-prefix-is-gateway   path_beg /data/ && path_beg /user/ && path_beg /policy/
#    use_backend chorke-servers if host-is-chorke path-prefix-is-gateway
#    use_backend chorke-servers if path-prefix-is-pgadmin4

frontend chorke-http
   bind *:80
   mode http
   acl path-prefix-is-minio  path_beg /minio/
   use_backend chorke-minio if path-prefix-is-minio

backend chorke-minio
   server minio1 127.0.0.1:9801
   mode http

HTTP Rewrite

frontend academia
   bind *:80
   mode http
   acl host-is-academia-flow  hdr(host) -i flow.academia.local
   acl host-is-academia       hdr(host) -i academia.local
 
   acl is-insurance           path_beg /services/insurance/
   acl is-policy              path_beg /services/policy/
   acl is-quote               path_beg /services/quote/
   acl is-audit               path_beg /services/audit/
   acl is-data                path_beg /services/data/
   acl is-user                path_beg /services/user/
   acl is-tds                 path_beg /services/tds/

   use_backend academia-insurance  if host-is-academia is-insurance
   use_backend academia-policy     if host-is-academia is-policy
   use_backend academia-quote      if host-is-academia is-quote
   use_backend academia-audit      if host-is-academia is-audit
   use_backend academia-data       if host-is-academia is-data
   use_backend academia-user       if host-is-academia is-user
   use_backend academia-tds        if host-is-academia is-tds
   use_backend academia-flow       if host-is-academia-flow
   use_backend academia-admin      if host-is-academia

   default_backend academia-apache


backend academia-apache
   server apache 127.0.0.1:2013
   mode http

backend academia-insurance
   http-request set-path "%[path,regsub(^/services/insurance/,/)]"
   server tomcat 127.0.0.1:16002
   mode http

backend academia-data
   http-request set-path "%[path,regsub(^/services/data/,/)]"
   server tomcat 127.0.0.1:16001
   mode http

backend academia-user
   http-request set-path "%[path,regsub(^/services/user/,/)]"
   server tomcat 127.0.0.1:16001
   mode http

backend academia-flow
   server tomcat 127.0.0.1:16001
   mode http

backend academia-policy
   http-request set-path "%[path,regsub(^/services/policy/,/)]"
   server tomcat 127.0.0.1:9002
   mode http

backend academia-quote
   http-request set-path "%[path,regsub(^/services/quote/,/)]"
   server tomcat 127.0.0.1:9001
   mode http

backend academia-audit
   http-request set-path "%[path,regsub(^/services/audit/,/)]"
   server tomcat 127.0.0.1:9003
   mode http

backend academia-tds
   http-request set-path "%[path,regsub(^/services/tds/,/)]"
   server tomcat 127.0.0.1:9000
   mode http

backend academia-admin
   server nodejs 127.0.0.1:3000
   mode http

Validate

haproxy -c -V -f /etc/haproxy/haproxy.cfg

Playground

lxc image info ubuntu:noble --vm|yq .Aliases
lxc image info ubuntu:24.04 --vm|yq .Aliases

lxc image info ubuntu:noble     |yq .Aliases
lxc image info ubuntu:24.04     |yq .Aliases

lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine
lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine

lxc image list ubuntu: os=ubuntu release=noble type=container
lxc image list ubuntu: os=ubuntu release=noble type=container

lxc image list ubuntu:24.04
lxc launch ubuntu:24.04 haproxy
lxc launch ubuntu:40d8df642812 haproxy

lxc list status=running name=haproxy --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=haproxy --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info haproxy|yq '.Resources.["Network usage"][]["IP addresses"].inet'

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd

lxc snapshot haproxy base:2.8.5
lxc publish  haproxy/base:2.8.5 --alias haproxy/base:2.8.5
lxc restore  haproxy base:2.8.5

cat /etc/haproxy/haproxy.cfg
sudo journalctl -xeu haproxy
systemctl status haproxy

apt info -a haproxy
apt search haproxy
haproxy -v

sudo apt-get install -y haproxy
sudo apt-get remove  -y haproxy
sudo apt-get purge   -y haproxy

nmap --reason  dev.chorke.org -Pn -p21,22
mtr -wrbzc 100 dev.chorke.org
ping -c5       dev.chorke.org
mtr -r         dev.chorke.org

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=HAProxy&oldid=14440"