Haproxy

From HoerupWiki
Revision as of 10:11, 12 November 2010 by 192.168.10.5 (talk) (apache)
Jump to: navigation, search

Haproxy as content switch

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
#	uid 80
#	gid 80
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
	option  forwardfor
        option  dontlognull
        retries 3
        option redispatch
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000


frontend test-1 0.0.0.0:88
    acl glassfish hdr_beg(host) app.t-hoerup.dk
    acl transmission hdr_beg(host) t.t-hoerup.dk
    acl donkey hdr_beg(host) donkey.t-hoerup.dk
    acl glassfish-dev hdr_beg(host) app2.t-hoerup.dk

    use_backend be_donkey if donkey
    use_backend be_transmission if transmission
    use_backend be_glassfish_dev if glassfish-dev
    use_backend be_glassfish if glassfish
    default_backend be_apache
#    use_backend be_apache unless glassfish

#if this was a listener instead of a frontend-section then we could use the dispatch statement instead
#    dispatch 192.168.10.5:9091 if transmission
#    dispatch 192.168.10.5:4080 if donkey
#    dispatch 192.168.10.10:8080 if glassfish-pumba
#    dispatch 192.168.10.5:80

backend be_donkey
    dispatch 192.168.10.5:4080

backend be_transmission
    dispatch 192.168.10.5:9091

backend be_glassfish_dev
    dispatch 192.168.10.10:8080

backend be_glassfish #if you want http-check you must use a loadbalancing setup like this
    option httpchk /
    balance roundrobin     
    server 192.168.10.5:8080 check inter 2000

backend be_apache
    stats enable
    stats uri /haproxy  
    dispatch 192.168.10.5:80


logging

Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults):

        option forwardfor #enable sending the X-Forwarded-For http header to the servers
        option httpclose 

You also need to make the backend servers understand the X-Forwarded-For header:

apache

apache 2.3+ can use mod_remoteip else you can rewrite the LogFormat's and replace "%h" (host) with "%{X-Forwarded-For}i"

glassfish

Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for%