HAProxy

From Chorke Wiki
Jump to navigation Jump to search 
sudo apt-get install haproxy
sudo apt-get install --no-install-recommends software-properties-common
sudo add-apt-repository ppa:vbernat/haproxy-2.4 -y
sudo apt-get install haproxy=2.4.\*
haproxy -v

Default » TCP

defaults
        log     global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 5000ms
        timeout client  50000ms
        timeout server  50000ms
        retries 3

Default » HTTP

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

Load Balancing

frontend chorke-http
   bind *:80
   mode http
   default_backend chorke-minio

backend chorke-minio
   server minio1 127.0.0.1:1983
   mode http

Reverse Proxy

frontend chorke-http
   bind *:80
   mode http
   acl host-is-chorke hdr(host) -i chorke.local
   acl path-prefix-is-services  path_beg /services/
   use_backend chorke-servers if host-is-chorke path-prefix-is-services
   use_backend chorke-clients if host-is-chorke

backend chorke-servers
   server apache 127.0.0.1:2013
   mode http

backend chorke-clients
   server apache 127.0.0.1:3000
   mode http

#    acl path-prefix-is-pgadmin4  path_beg /pgadmin4
#    acl path-prefix-is-gateway   path_beg /data/ OR path_beg /user/ OR path_beg /policy/
#    acl path-prefix-is-gateway   path_beg /data/ && path_beg /user/ && path_beg /policy/
#    use_backend chorke-servers if host-is-chorke path-prefix-is-gateway
#    use_backend chorke-servers if path-prefix-is-pgadmin4

frontend chorke-http
   bind *:80
   mode http
   acl path-prefix-is-minio  path_beg /minio/
   use_backend chorke-minio if path-prefix-is-minio

backend chorke-minio
   server minio1 127.0.0.1:9801
   mode http

HTTP Rewrite

frontend academia
   bind *:80
   mode http
   acl host-is-academia-flow  hdr(host) -i flow.academia.local
   acl host-is-academia       hdr(host) -i academia.local
 
   acl is-insurance           path_beg /services/insurance/
   acl is-policy              path_beg /services/policy/
   acl is-quote               path_beg /services/quote/
   acl is-audit               path_beg /services/audit/
   acl is-data                path_beg /services/data/
   acl is-user                path_beg /services/user/
   acl is-tds                 path_beg /services/tds/

   use_backend academia-insurance  if host-is-academia is-insurance
   use_backend academia-policy     if host-is-academia is-policy
   use_backend academia-quote      if host-is-academia is-quote
   use_backend academia-audit      if host-is-academia is-audit
   use_backend academia-data       if host-is-academia is-data
   use_backend academia-user       if host-is-academia is-user
   use_backend academia-tds        if host-is-academia is-tds
   use_backend academia-flow       if host-is-academia-flow
   use_backend academia-admin      if host-is-academia

   default_backend academia-apache


backend academia-apache
   server apache 127.0.0.1:2013
   mode http

backend academia-insurance
   http-request set-path "%[path,regsub(^/services/insurance/,/)]"
   server tomcat 127.0.0.1:16002
   mode http

backend academia-data
   http-request set-path "%[path,regsub(^/services/data/,/)]"
   server tomcat 127.0.0.1:16001
   mode http

backend academia-user
   http-request set-path "%[path,regsub(^/services/user/,/)]"
   server tomcat 127.0.0.1:16001
   mode http

backend academia-flow
   server tomcat 127.0.0.1:16001
   mode http

backend academia-policy
   http-request set-path "%[path,regsub(^/services/policy/,/)]"
   server tomcat 127.0.0.1:9002
   mode http

backend academia-quote
   http-request set-path "%[path,regsub(^/services/quote/,/)]"
   server tomcat 127.0.0.1:9001
   mode http

backend academia-audit
   http-request set-path "%[path,regsub(^/services/audit/,/)]"
   server tomcat 127.0.0.1:9003
   mode http

backend academia-tds
   http-request set-path "%[path,regsub(^/services/tds/,/)]"
   server tomcat 127.0.0.1:9000
   mode http

backend academia-admin
   server nodejs 127.0.0.1:3000
   mode http

Validate

haproxy -c -V -f /etc/haproxy/haproxy.cfg

Playground

lxc image info ubuntu:noble --vm|yq .Aliases
lxc image info ubuntu:24.04 --vm|yq .Aliases

lxc image info ubuntu:noble     |yq .Aliases
lxc image info ubuntu:24.04     |yq .Aliases

lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine
lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine

lxc image list ubuntu: os=ubuntu release=noble type=container
lxc image list ubuntu: os=ubuntu release=noble type=container

lxc image list ubuntu:24.04
lxc launch ubuntu:24.04 haproxy
lxc launch ubuntu:40d8df642812 haproxy

lxc list status=running name=haproxy --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=haproxy --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info haproxy|yq '.Resources.["Network usage"][]["IP addresses"].inet'

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd

lxc snapshot haproxy base:2.8.5
lxc publish  haproxy/base:2.8.5 --alias haproxy/base:2.8.5
lxc restore  haproxy base:2.8.5

cat /etc/haproxy/haproxy.cfg
sudo journalctl -xeu haproxy
systemctl status haproxy

apt info -a haproxy
apt search haproxy
haproxy -v

sudo apt-get install -y haproxy
sudo apt-get remove  -y haproxy
sudo apt-get purge   -y haproxy

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=HAProxy&oldid=13988"