HAproxy
Installation
apt-get install haproxy
Un restart du service rsyslog est nécessaire pour qu'il créé la socket /dev/log dans le chroot d'HAproxy.
Configuration de base
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
option log-health-checks
option log-separate-errors
option logasap
option contstats
option abortonclose
option forwardfor
timeout connect 3s
timeout client 60s
timeout server 60s
timeout http-request 5s
timeout check 2s
retries 3
option splice-auto
option tcp-smart-connect
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
# See https://code.google.com/p/chromium/issues/detail?id=377581
#errorfile 408 /etc/haproxy/errors/408.http
errorfile 408 /dev/null
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend www-example-com
bind 1.2.3.4:80
mode http
maxconn 10000
default_backend web-backends
backend web-backends
mode http
balance roundrobin
cookie SERVERID insert indirect nocache
option httpchk GET /is_alive
option redispatch
default-server inter 10000 fastinter 1000 downinter 20000 error-limit 5 on-error mark-down
server web-frontal-01-ha 192.168.1.1:80 cookie c1 weight 100 check observe layer4
server web-frontal-02-ha 192.168.1.2:80 cookie c2 weight 100 check observe layer4