Configuration en cluster avec HaProxy
Last modified by Julien EYMERY on 2015/09/03 09:42
La mise en cluster s'effectue au travers d'un loadbalancer.
Exemple d'utilisation de HaProxy sous plateforme Linux.
Récupération de la version de HaProxy et compilation avec OpenSsl et Deflate
yum install gcc
yum install openssl
yum install openssl-devel
wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
tar -xzf haproxy-1.5-dev21.tar.gz
cd haproxy-1.5-dev21
make clean
make TARGET=linux26 USE_ZLIB=yes USE_OPENSSL=1
make install
yum install openssl
yum install openssl-devel
wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
tar -xzf haproxy-1.5-dev21.tar.gz
cd haproxy-1.5-dev21
make clean
make TARGET=linux26 USE_ZLIB=yes USE_OPENSSL=1
make install
Fichier de configuration haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
#
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http-in
bind *:80
timeout client 86400000
# begin XSS protection
rspadd X-Frame-Options:\ DENY
# end XSS protection
default_backend ws
backend ws
balance leastconn
compression algo gzip
compression type text/html text/xml text/css text/plain application/json application/javascript
cookie WagonNodeId prefix indirect nocache
timeout server 3600s
server ws1 192.168.136.159:81 check cookie ws1
server ws2 192.168.136.160:81 check cookie ws2
frontend https-in
bind 0.0.0.0:443 ssl crt /etc/ssl/cert.key_pem
timeout client 86400000
reqadd X-Forwarded-Proto:\ https
rspadd X-Frame-Options:\ DENY
default_backend wss
backend wss
balance leastconn
compression algo gzip
compression type text/html text/xml text/css text/plain application/json application/javascript
cookie WagonNodeId prefix indirect nocache
timeout server 3600s
server wss1 192.168.136.159:82 check cookie wss1
server wss2 192.168.136.160:82 check cookie wss2
listen stats :81
compression algo gzip
compression type text/html text/plain
mode http
stats enable
stats hide-version
# stats realm Haproxy\ Statistics
stats uri /
stats refresh 5s
# stats auth Username:Password
# Example configuration for a possible web application. See the
# full configuration options online.
#
#
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http-in
bind *:80
timeout client 86400000
# begin XSS protection
rspadd X-Frame-Options:\ DENY
# end XSS protection
default_backend ws
backend ws
balance leastconn
compression algo gzip
compression type text/html text/xml text/css text/plain application/json application/javascript
cookie WagonNodeId prefix indirect nocache
timeout server 3600s
server ws1 192.168.136.159:81 check cookie ws1
server ws2 192.168.136.160:81 check cookie ws2
frontend https-in
bind 0.0.0.0:443 ssl crt /etc/ssl/cert.key_pem
timeout client 86400000
reqadd X-Forwarded-Proto:\ https
rspadd X-Frame-Options:\ DENY
default_backend wss
backend wss
balance leastconn
compression algo gzip
compression type text/html text/xml text/css text/plain application/json application/javascript
cookie WagonNodeId prefix indirect nocache
timeout server 3600s
server wss1 192.168.136.159:82 check cookie wss1
server wss2 192.168.136.160:82 check cookie wss2
listen stats :81
compression algo gzip
compression type text/html text/plain
mode http
stats enable
stats hide-version
# stats realm Haproxy\ Statistics
stats uri /
stats refresh 5s
# stats auth Username:Password