HAproxy

HAproxy SSL Segfault with 1.5-dev17

爱⌒轻易说出口 提交于 2019-12-10 09:45:28
问题 Getting a segfault when trying to enable ssl on 1.5-dev17 Ubuntu Server 12.04 Tried almost every variation I could think of with private key and CA bundle concatenated and used as a single crt, also tried split crt with private key and ca-file as CA bundle. /etc/haproxy/haproxy.cfg global maxconn 4096 daemon defaults mode http contimeout 5000 clitimeout 50000 srvtimeout 50000 option forwardfor retries 3 option redispatch option http-server-close frontend http bind *:80 reqadd X-Forwarded

LVS DR模式搭建,keepalive与 lvs

a 夏天 提交于 2019-12-10 06:28:19
DR模式搭建 - 准备工作 在生产环境中,使用较多的是DR模式,网站服务器在10台之内的可以使用NAT模式,好处在于节省公网IP资源。DR模式可以搭建内部的LVS,全部使用内网,只使用一个公网IP,做一个端口映射即可(公网的IP 的80端口映射到内网vip上的80端口。 准备三个机器,都需要有“公网”IP 第一台机器分发器:也叫调度器(简写为dir) IP:192.168.159.128 然后是两台rs ,rs1 IP: 192.168.159.130 。 rs2 IP :192.168.159.10 设置vip(虚拟IP): 192.168.159.254 在分发器(dir)上编辑一个shell脚本 vim /usr/local/sbin/lvs_dr.sh 内容如下 vim /usr/local/sbin/lvs_dr.sh //写入一下内容 #! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward //打开端口转发 ipv=/usr/sbin/ipvsadm vip=192.168.159.254 rs1=192.168.159.130 rs2=192.168.159.10 #注意这里的网卡名字 ifdown ens33 ifup ens33 ifconfig ens33:2 $vip broadcast $vip netmask

下一代云计算平台Apache Mesos定制自己的PaaS(应用发布+负载均衡+服务发现)

白昼怎懂夜的黑 提交于 2019-12-09 23:17:25
书接上文《 下一代云计算平台Apache Mesos之使用marathon发布应用 》 作为一个简单的PaaS(平台即服务),应该具备发布应用,调整应用个数,重启应用,暂停应用(marathon提供)以及负载均衡和服务发现的功能。本文主要演示负载均衡和服务发现。 1 发布docker程序到marathon 1.1 发布docker镜像到marathon平台 1.1.1 编写Docker.json { "container": { "type": "DOCKER", "docker": { "image": "192.168.1.103:5000/tomcat", "network": "BRIDGE", "portMappings": [ { "containerPort": 8080, "hostPort": 0, "protocol": "tcp" } ] } }, "id": "tomcat", "instances": 3, "cpus": 0.5, "mem": 512, "uris": [], "cmd":"/opt/tomcat/bin/deploy-and-run.sh" } 1.1.2 通过marathon api发布 curl -X POST -H "Content-Type: application/json" http://192.168.1.110

使用Haproxy搭建Web群集

无人久伴 提交于 2019-12-09 17:22:49
一.概述 HAProxy 是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的代理软件,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。 Haproxy是一个开源的高性能的反向代理或者说是负载均衡服务软件之一,它支持双机热备、虚拟主机、基于TCP和HTTP应用代理等功能。其配置简单,维护方便,而且拥有很好的对服务器节点的健康检查功能(相当于keepalived健康检查),当其代理的后端服务器出现故障时,Haproxy会自动的将该故障服务器摘除,当服务器的故障恢复后,Haproxy还会自动将该RS服务器加入进来提供服务。 Haproxy特别适用于那些高负载、访问量很大。但又需要会话保持或七层应用代理的业务。Haproxy运行在普通的服务器硬件上,几乎不需要进行更多的优化就可以支 持数以万计的并发连接。并且它的运行模式使得它可以很简单、安全的整合到各种网站的架构中,同时,haproxy的代理模式,可以使得应用服务器不会暴露到网络中。 haproxy和nginx的区别 Nginx特点 1.支持Http协议,工作在网络7层 2.支持通过端口健康检测 3.支持强大的正则匹配规则 4.支持WebSocket协议 5.支持Http Cache Haproxy特点 1.支持TCP与Http协议,工作在网络4层和7层 2.支持Session共享、Cookies引导 3

Nginx、HAProxy、LVS三者的优缺点

三世轮回 提交于 2019-12-09 16:00:46
一、Nginx优点: 1、工作在网络7层之上,可针对http应用做一些分流的策略,如针对域名、目录结构,它的正规规则比HAProxy更为强大和灵活,所以,目前为止广泛流行。 2、Nginx对网络稳定性的依赖非常小,理论上能ping通就能进行负载功能。 3、Nginx安装与配置比较简单,测试也比较方便,基本能把错误日志打印出来。 4、可以承担高负载压力且稳定,硬件不差的情况下一般能支撑几万次的并发量,负载度比LVS小。 5、Nginx可以通过端口检测到服务器内部的故障,如根据服务器处理网页返回的状态码、超时等,并会把返回错误的请求重新提交到另一个节点。 6、不仅仅是优秀的负载均衡器/反向代理软件,同时也是强大的Web应用服务器。LNMP也是近些年非常流行的Web架构,在高流量环境中稳定性也很好。 7、可作为中层反向代理使用。 8、可作为静态网页和图片服务器。 9、Nginx社区活跃,第三方模块非常多,相关的资料在网上比比皆是。 Nginx常规的和HTTP请求和相应流程图: Nginx缺点: 1、适应范围较小,仅能支持http、https、Email协议。 2、对后端服务器的健康检查,只支持通过端口检测,不支持url来检测。比如用户正在上传一个文件,而处理该上传的节点刚好在上传过程中出现故障,Nginx会把上传切到另一台服务器重新处理,而LVS就直接断掉了

OAuth token validation from HAProxy or Apache mod_proxy

本小妞迷上赌 提交于 2019-12-09 12:48:47
问题 I have a microservice deployed on 3 nodes sitting behind a HAProxy load balancer all inside internal network. The services are protected using OAuth2 APIS authorization server. Now, I want to move the HAProxy to DMZ. And I want to reject requests that do not have auth token in the header and also validate the auth token by calling OAuth REST API. In HAProxy I couldn't find a way to do this. There is an option httpchk which can be used for healthcheck. I'm looking for a similar feature that

Can't connect to cassandra container via haproxy

不羁岁月 提交于 2019-12-08 19:43:33
I am trying to connect an external app to Cassandra which is running dockerized on a mesos cluster. These are the the apps I have running on mesos: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 137760ce852a cassandra:latest "/docker-entrypoint.s" 15 minutes ago Up 15 minutes 7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:31634->9042/tcp mesos-1b65f33a-3d36-4bf4-8a77-32077d8d234a-S1.0db174cc-2e0c-4790-9cd7-1f142d08c6e2 fec5fc93ccfd cassandra:latest "/docker-entrypoint.s" 22 minutes ago Up 22 minutes 7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:31551->9042/tcp mesos-1b65f33a-3d36-4bf4-8a77

HAproxy with multiple https sites

被刻印的时光 ゝ 提交于 2019-12-08 15:59:34
问题 We have couple of http sites running behind load balancer ( with failover capability using hearbeat) and one https site. Everything is running fine but now i want to add another https site. I couldn't find any references for hosting multiple https sites. Has anyone hosted multiple https sites using HAproxy ? Can you please tell me how can i achieve this ? pls help me with your inputs. Thanks, Santhosh 回答1: You have to write rules to pick the backend either based on the frontend (IP address),

HAProxy path_beg not redirecting

眉间皱痕 提交于 2019-12-08 04:09:00
问题 I'm testing a simple haproxy rule to make http://localhost/haproxy-dconv take me to http://cbonte.github.io/haproxy-dconv but it isn't working. 404 response seems to be from the site but the path isn't resolving. frontend HTTP mode http bind *:80 acl url_dconv path_beg /haproxy-dconv use_backend dconv-backend if url_dconv backend dconv-backend mode http server dconv cbonte.github.io 回答1: Try this - frontend HTTP mode http bind *:80 use_backend dconv-backend if { path_beg /haproxy-dconv/ }

Haproxy remove port number from URL

我的梦境 提交于 2019-12-08 04:05:48
问题 I have a backend trying to route traffic to a specific IP address and a port. The first hit on the url doesn't contain the port number. But the subsequesnt requests from within the website is not redirected properly. Example: http://test.com has server 123.45.67.89:9080 When I try the URL http://test.com/login --> It is redirected correctly and I get the login page. But once I give the login details and press OK. It is redirected to http://test.com:9080/loginSuccess. The page is available
订阅 HAproxy