Table des matières

HAproxy

Installation

apt-get install haproxy
Un restart du service rsyslog est nécessaire pour qu'il créé la socket /dev/log dans le chroot d'HAproxy.

Configuration de base

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL).
        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  log-health-checks
        option  log-separate-errors
        option  logasap
        option  contstats
        option  abortonclose
        option  forwardfor

        timeout connect 3s
        timeout client  60s
        timeout server  60s
        timeout http-request 5s
        timeout check 2s

        retries 3

        option splice-auto
        option tcp-smart-connect


        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        # See https://code.google.com/p/chromium/issues/detail?id=377581
        #errorfile 408 /etc/haproxy/errors/408.http
        errorfile 408 /dev/null
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend www-example-com
        bind 1.2.3.4:80
        mode http
        maxconn 10000
        default_backend web-backends

backend web-backends
        mode http
        balance roundrobin
        cookie SERVERID insert indirect nocache
        option httpchk GET /is_alive
        option redispatch
        
        default-server inter 10000 fastinter 1000 downinter 20000 error-limit 5 on-error mark-down
        server web-frontal-01-ha 192.168.1.1:80 cookie c1 weight 100 check observe layer4
        server web-frontal-02-ha 192.168.1.2:80 cookie c2 weight 100 check observe layer4