Hi William, I'm not sure I'd change anything that wasn't causing me pain. If nginx is working nicely then there are probably other things that aren't that are more rewarding of attention.
Are there any pain points that you currently have? Maybe haproxy could improve some of those. Thanks, Steven On 1 February 2013 11:09, William Lewis <m...@wlewis.co.uk> wrote: > Hi > > I'm looking for some advice in comparing haproxy to nginx. I've been > happily using haproxy for all my load balancing needs for the past few > years and in my opinion I think its great. > > I've recently been working to deploy it my latest role but am coming up > against resistance from supporters of nginx which granted is already a > technology widely used in the company but not one that I have any > experience with. > > Below is the configuration I have developed for my requirements with > haproxy, I was hoping that someone that is familiar with both technologies > could comment on anything I will be losing if I indeed give in and use > nginx instead. > Comments on improvements to the haproxy configuration also welcomed. > > > Thanks > > Will Lewis > > ------------- > > global > daemon > quiet > maxconn 200000 > pidfile /local/haproxy/haproxy.pid > uid 60003 > gid 1001 > chroot /local/haproxy/run > log 127.0.0.1 local0 > log 127.0.0.1 local1 notice > log-tag haproxy > > > defaults > log global > > balance roundrobin > mode http > monitor-uri /haproxy > http-check send-state > > retries 3 > > timeout connect 6000 > timeout client 1020000 > timeout server 1020000 > timeout http-request 6000 > > option abortonclose > option forwardfor except 127.0.0.1 > option http-pretend-keepalive > option http-server-close > option httplog > option log-health-checks > option log-separate-errors > option redispatch > option tcpka > option splice-auto > > errorfile 200 /local/haproxy/errorfiles/200.http > errorfile 400 /local/haproxy/errorfiles/400.http > errorfile 403 /local/haproxy/errorfiles/403.http > errorfile 408 /local/haproxy/errorfiles/408.http > errorfile 500 /local/haproxy/errorfiles/500.http > errorfile 502 /local/haproxy/errorfiles/502.http > errorfile 503 /local/haproxy/errorfiles/503.http > > > listen stats :7000 > mode http > stats uri / > > frontend external > bind *:8081 > bind *:8443 ssl crt /local/haproxy/certs/main.pem crt > /local/haproxy/certs/ > bind *:8444 ssl crt /local/haproxy/certs/partner.pem crt > /local/haproxy/certs/ > > acl is_secure dst_port eq 8443 8444 > > maxconn 200000 > > # Capture User-Agent and X-Forward-For headers to the log > capture request header User-agent len 45 > capture request header X-Forwarded-For len 15 > # Capture any 302 redirects to the log > capture response header Location len 20 > # Capture content length to the log > capture response header Content-length len 9 > > compression algo gzip > compression type text/cmd text/css text/csv text/html text/javascript > text/plain text/vcard text/xml application/json > application/x-www-form-urlencoded application/javascript > application/x-javascript > compression offload > > # Remove X-Proto header added from any external source > reqidel ^X-Proto:.* > # Presence of X-Proto: SSL header now genuinely indicates we have > received communication on SSL > reqadd X-Proto:\ SSL if is_secure > > # We keep track of connection rates and connection numbers > stick-table type ip size 200k expire 2m store conn_rate(3s),conn_cur > # And we do this per source address > tcp-request connection track-sc1 src > > acl source_rate_abuser sc1_conn_rate gt 500 > acl source_connections_abuser sc1_conn_cur gt 5000 > > use_backend be_sf-slow if source_rate_abuser || > source_connections_abuser > > default_backend be_sf > > > backend be_sf > > cookie srv-eu insert domain .example.com > server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 700 > server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 700 > server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 700 > server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 700 > server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 700 > server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 700 > server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 700 > server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 700 > server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 700 > > backend be_sf-slow > > cookie srv-eu insert domain .example.com > server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 100 > server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 100 > server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 100 > server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 100 > server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 100 > server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 100 > server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 100 > server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 100 > server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 100 > >
