Hi
I'm looking for some advice in comparing haproxy to nginx. I've been happily
using haproxy for all my load balancing needs for the past few years and in my
opinion I think its great.
I've recently been working to deploy it my latest role but am coming up against
resistance from supporters of nginx which granted is already a technology
widely used in the company but not one that I have any experience with.
Below is the configuration I have developed for my requirements with haproxy, I
was hoping that someone that is familiar with both technologies could comment
on anything I will be losing if I indeed give in and use nginx instead.
Comments on improvements to the haproxy configuration also welcomed.
Thanks
Will Lewis
-------------
global
daemon
quiet
maxconn 200000
pidfile /local/haproxy/haproxy.pid
uid 60003
gid 1001
chroot /local/haproxy/run
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
log-tag haproxy
defaults
log global
balance roundrobin
mode http
monitor-uri /haproxy
http-check send-state
retries 3
timeout connect 6000
timeout client 1020000
timeout server 1020000
timeout http-request 6000
option abortonclose
option forwardfor except 127.0.0.1
option http-pretend-keepalive
option http-server-close
option httplog
option log-health-checks
option log-separate-errors
option redispatch
option tcpka
option splice-auto
errorfile 200 /local/haproxy/errorfiles/200.http
errorfile 400 /local/haproxy/errorfiles/400.http
errorfile 403 /local/haproxy/errorfiles/403.http
errorfile 408 /local/haproxy/errorfiles/408.http
errorfile 500 /local/haproxy/errorfiles/500.http
errorfile 502 /local/haproxy/errorfiles/502.http
errorfile 503 /local/haproxy/errorfiles/503.http
listen stats :7000
mode http
stats uri /
frontend external
bind *:8081
bind *:8443 ssl crt /local/haproxy/certs/main.pem crt /local/haproxy/certs/
bind *:8444 ssl crt /local/haproxy/certs/partner.pem crt
/local/haproxy/certs/
acl is_secure dst_port eq 8443 8444
maxconn 200000
# Capture User-Agent and X-Forward-For headers to the log
capture request header User-agent len 45
capture request header X-Forwarded-For len 15
# Capture any 302 redirects to the log
capture response header Location len 20
# Capture content length to the log
capture response header Content-length len 9
compression algo gzip
compression type text/cmd text/css text/csv text/html text/javascript
text/plain text/vcard text/xml application/json
application/x-www-form-urlencoded application/javascript
application/x-javascript
compression offload
# Remove X-Proto header added from any external source
reqidel ^X-Proto:.*
# Presence of X-Proto: SSL header now genuinely indicates we have received
communication on SSL
reqadd X-Proto:\ SSL if is_secure
# We keep track of connection rates and connection numbers
stick-table type ip size 200k expire 2m store conn_rate(3s),conn_cur
# And we do this per source address
tcp-request connection track-sc1 src
acl source_rate_abuser sc1_conn_rate gt 500
acl source_connections_abuser sc1_conn_cur gt 5000
use_backend be_sf-slow if source_rate_abuser || source_connections_abuser
default_backend be_sf
backend be_sf
cookie srv-eu insert domain .example.com
server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 700
server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 700
server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 700
server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 700
server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 700
server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 700
server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 700
server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 700
server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 700
backend be_sf-slow
cookie srv-eu insert domain .example.com
server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 100
server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 100
server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 100
server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 100
server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 100
server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 100
server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 100
server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 100
server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 100
