Dear Olivier
Am 27-11-2015 17:18, schrieb Olivier:
Hello everyone !
I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like
all
toolbox, to use it at 100%, you need good examples.
HAProxy blog is a great start. There are some code snippets in
documentation too. But a long time ago (in a galaxy not so far away),
there was a dedicated guide on this matter, that has been forgotten :
The architecture guide. Yes, here:
http://www.haproxy.org/download/1.3/doc/architecture.txt
It gives many examples that are great to start with, but :
- it was written 10 years ago !
- absolutely not up to date (regarding keep-alive for example)
- real word has changed since
- it is not compatible with HTML doc
Full ack.
With 1.6 now out, it is now time to rewrite this guide from scratch.
The
first features I could think of are:
- having general details on how a good config should be organized (I
was
personnaly confused by backend, frontend, listen, bind ...)
- examples compatible with latest version, with workarounds if not
backward compatible)
- keep good ol' txt format, but make it HTML compatible, so that tools
like haproxy-dconv can make it readable (and nice)
- avoid paraphrasing the official doc. We really want to focus on real
world examples that can be applied immediately and easily, and point to
the documentation on keywords.
I volunteer to provide a generic plan, and I'm sure many people around
will be glad to provide some really good examples. We all have
different
experiences of HAProxy and different use, so we really want to show
that
many things are possible (and sometimes, there are different ways to
solve one problem too. It can be great to show this with pros and cons
for each !).
To avoid any long and non-productive discussion, here is my plan to
success :
* let's agree on a very generic plan
* then, use one mailing-list thread for each part. People that feel at
ease with one part can help without being burried through dozens of
emails
Sounds good.
Here is draft 0.1 :
1) Introduction
a) Introduction on HAProxy config file
how it is organized (sections)
99% backward compatible through 1.x branch
b) How to check a config file
focus on check mode, how to read warnings, ...
c) Efficient reloading of HAProxy (hot reload)
2) Simple HTTP load balancing
a) Simple HTTP Load balancing
round robin
cookies
source balancing
b) session stickiness
.) L4
.) L? (ssl which layer is SSL?!)
.) L7
.) with peers
3) Adding High-Availability
a) With keepalived
b) wih another L4 load balancer (Alteon ?)
c) other implementations ?
d) distributed ssl load example
4) HTTPS examples
a) Generic HTTP/HTTPS config
b) Secure recommendations (pfs, ecc, ...)
5) Load balancing other protocols
a) Generic TCP protocols
b) Exchange load balancing real world example
6) Security hardening
a) chroot
b) protecting stats block
c) conatinering (docker, ...)
7) DDOS fighting
a) Level 4 limits
b) Level 7 limits
8) Using HAProxy command line
maintenance mode, manipulating backends, ssl-related commands ...
9) Multi-site load-balancing with local pref
(see example in current architecture.txt)
10) Advanced tuning
a) client-side
b) server-side
c) OS tuning
d) Hardware tuning
All constructive comments are of course welcome. I'm aware this is
quite
a large task, but I'm sure it can be done :)
Cheers
aleks
