I couldn't agree more, but I'm really in need of more concrete reasons for pushing back against this.
On Feb 1, 2013, at 12:40 PM, shouldbe q931 <[email protected]> wrote: > On Fri, Feb 1, 2013 at 11:22 AM, William Lewis <[email protected]> wrote: > Hi Steve, > > Its not a question of replacing nginx with haproxy. > The existing solution was dns round robin directly to application servers, > that then proxy on to a different node if they didn't hold the required state > (which is horrible) > > I've deployed haproxy in front of this setup but I'm now being asked to > replace it again with nginx to harmonize with other infrastructure in the > company, and I'm trying to understand what I might lose (other than my time > and sanity) in doing that. > > > Thanks > > Will > > On Feb 1, 2013, at 11:15 AM, Steven Acreman <[email protected]> > wrote: > >> Hi William, >> >> I'm not sure I'd change anything that wasn't causing me pain. If nginx is >> working nicely then there are probably other things that aren't that are >> more rewarding of attention. >> >> Are there any pain points that you currently have? Maybe haproxy could >> improve some of those. >> >> Thanks, >> >> Steven >> >> On 1 February 2013 11:09, William Lewis <[email protected]> wrote: >> Hi >> >> I'm looking for some advice in comparing haproxy to nginx. I've been happily >> using haproxy for all my load balancing needs for the past few years and in >> my opinion I think its great. >> >> I've recently been working to deploy it my latest role but am coming up >> against resistance from supporters of nginx which granted is already a >> technology widely used in the company but not one that I have any experience >> with. >> >> Below is the configuration I have developed for my requirements with >> haproxy, I was hoping that someone that is familiar with both technologies >> could comment on anything I will be losing if I indeed give in and use nginx >> instead. >> Comments on improvements to the haproxy configuration also welcomed. >> >> >> Thanks >> >> Will Lewis >> >> ------------- >> >> global >> daemon >> quiet >> maxconn 200000 >> pidfile /local/haproxy/haproxy.pid >> uid 60003 >> gid 1001 >> chroot /local/haproxy/run >> log 127.0.0.1 local0 >> log 127.0.0.1 local1 notice >> log-tag haproxy >> >> >> defaults >> log global >> >> balance roundrobin >> mode http >> monitor-uri /haproxy >> http-check send-state >> >> retries 3 >> >> timeout connect 6000 >> timeout client 1020000 >> timeout server 1020000 >> timeout http-request 6000 >> >> option abortonclose >> option forwardfor except 127.0.0.1 >> option http-pretend-keepalive >> option http-server-close >> option httplog >> option log-health-checks >> option log-separate-errors >> option redispatch >> option tcpka >> option splice-auto >> >> errorfile 200 /local/haproxy/errorfiles/200.http >> errorfile 400 /local/haproxy/errorfiles/400.http >> errorfile 403 /local/haproxy/errorfiles/403.http >> errorfile 408 /local/haproxy/errorfiles/408.http >> errorfile 500 /local/haproxy/errorfiles/500.http >> errorfile 502 /local/haproxy/errorfiles/502.http >> errorfile 503 /local/haproxy/errorfiles/503.http >> >> >> listen stats :7000 >> mode http >> stats uri / >> >> frontend external >> bind *:8081 >> bind *:8443 ssl crt /local/haproxy/certs/main.pem crt >> /local/haproxy/certs/ >> bind *:8444 ssl crt /local/haproxy/certs/partner.pem crt >> /local/haproxy/certs/ >> >> acl is_secure dst_port eq 8443 8444 >> >> maxconn 200000 >> >> # Capture User-Agent and X-Forward-For headers to the log >> capture request header User-agent len 45 >> capture request header X-Forwarded-For len 15 >> # Capture any 302 redirects to the log >> capture response header Location len 20 >> # Capture content length to the log >> capture response header Content-length len 9 >> >> compression algo gzip >> compression type text/cmd text/css text/csv text/html text/javascript >> text/plain text/vcard text/xml application/json >> application/x-www-form-urlencoded application/javascript >> application/x-javascript >> compression offload >> >> # Remove X-Proto header added from any external source >> reqidel ^X-Proto:.* >> # Presence of X-Proto: SSL header now genuinely indicates we have >> received communication on SSL >> reqadd X-Proto:\ SSL if is_secure >> >> # We keep track of connection rates and connection numbers >> stick-table type ip size 200k expire 2m store conn_rate(3s),conn_cur >> # And we do this per source address >> tcp-request connection track-sc1 src >> >> acl source_rate_abuser sc1_conn_rate gt 500 >> acl source_connections_abuser sc1_conn_cur gt 5000 >> >> use_backend be_sf-slow if source_rate_abuser || source_connections_abuser >> >> default_backend be_sf >> >> >> backend be_sf >> >> cookie srv-eu insert domain .example.com >> server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 700 >> server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 700 >> server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 700 >> server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 700 >> server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 700 >> server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 700 >> server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 700 >> server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 700 >> server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 700 >> >> backend be_sf-slow >> >> cookie srv-eu insert domain .example.com >> server srv_1 10.0.0.1:9081 cookie b802 check inter 5000 maxconn 100 >> server srv_2 10.0.0.2:9081 cookie b803 check inter 5000 maxconn 100 >> server srv_3 10.0.0.3:9081 cookie b804 check inter 5000 maxconn 100 >> server srv_4 10.0.0.4:9081 cookie b805 check inter 5000 maxconn 100 >> server srv_5 10.0.0.5:9081 cookie b806 check inter 5000 maxconn 100 >> server srv_6 10.0.0.6:9081 cookie b807 check inter 5000 maxconn 100 >> server srv_7 10.0.0.7:9081 cookie b808 check inter 5000 maxconn 100 >> server srv_8 10.0.0.8:9081 cookie b809 check inter 5000 maxconn 100 >> server srv_9 10.0.0.9:9081 cookie b80a check inter 5000 maxconn 100 >> >> > > > > I'd be very wary of "to harmonize with other infrastructure in the company" > as to me that just sounds like "not used/invented here" syndrome. > > nginx, really good web server with reverse proxy HTTP capabilities and basic > HTTP load balancing capabilities > haproxy really good reverse proxy for, really good load balancer (for much > more than just HTTP(S), also has built in stats engine and hot management of > backends. > > I use nginx for several websites, most of them have HAProxy running in front > of them (as a HA pair...)
