Hi,
2015-11-29 10:30 GMT+01:00 Aleksandar Lazic <[email protected]>: > Dear Olivier > > Am 27-11-2015 17:18, schrieb Olivier: > >> Hello everyone ! >> >> I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like all >> toolbox, to use it at 100%, you need good examples. >> HAProxy blog is a great start. There are some code snippets in >> documentation too. But a long time ago (in a galaxy not so far away), >> there was a dedicated guide on this matter, that has been forgotten : >> The architecture guide. Yes, here: >> http://www.haproxy.org/download/1.3/doc/architecture.txt >> >> It gives many examples that are great to start with, but : >> - it was written 10 years ago ! >> - absolutely not up to date (regarding keep-alive for example) >> - real word has changed since >> - it is not compatible with HTML doc >> > > Full ack. > > With 1.6 now out, it is now time to rewrite this guide from scratch. The >> first features I could think of are: >> - having general details on how a good config should be organized (I was >> personnaly confused by backend, frontend, listen, bind ...) >> - examples compatible with latest version, with workarounds if not >> backward compatible) >> - keep good ol' txt format, but make it HTML compatible, so that tools >> like haproxy-dconv can make it readable (and nice) >> - avoid paraphrasing the official doc. We really want to focus on real >> world examples that can be applied immediately and easily, and point to >> the documentation on keywords. >> >> I volunteer to provide a generic plan, and I'm sure many people around >> will be glad to provide some really good examples. We all have different >> experiences of HAProxy and different use, so we really want to show that >> many things are possible (and sometimes, there are different ways to >> solve one problem too. It can be great to show this with pros and cons >> for each !). >> >> To avoid any long and non-productive discussion, here is my plan to >> success : >> * let's agree on a very generic plan >> * then, use one mailing-list thread for each part. People that feel at >> ease with one part can help without being burried through dozens of >> emails >> > > Sounds good. > > Here is draft 0.1 : >> >> 1) Introduction >> a) Introduction on HAProxy config file >> how it is organized (sections) >> 99% backward compatible through 1.x branch >> b) How to check a config file >> focus on check mode, how to read warnings, ... >> c) Efficient reloading of HAProxy (hot reload) >> >> 2) Simple HTTP load balancing >> a) Simple HTTP Load balancing >> round robin >> cookies >> source balancing >> > b) session stickiness > .) L4 > .) L? (ssl which layer is SSL?!) > .) L7 > .) with peers > > 3) Adding High-Availability >> a) With keepalived >> b) wih another L4 load balancer (Alteon ?) >> c) other implementations ? >> > d) distributed ssl load example > > 4) HTTPS examples >> a) Generic HTTP/HTTPS config >> > b) Secure recommendations (pfs, ecc, ...) > > >> 5) Load balancing other protocols >> a) Generic TCP protocols >> b) Exchange load balancing real world example >> >> 6) Security hardening >> a) chroot >> b) protecting stats block >> > c) conatinering (docker, ...) > > 7) DDOS fighting >> a) Level 4 limits >> b) Level 7 limits >> >> 8) Using HAProxy command line >> maintenance mode, manipulating backends, ssl-related commands ... >> >> 9) Multi-site load-balancing with local pref >> (see example in current architecture.txt) >> >> 10) Advanced tuning >> a) client-side >> b) server-side >> c) OS tuning >> d) Hardware tuning >> >> All constructive comments are of course welcome. I'm aware this is quite >> a large task, but I'm sure it can be done :) >> > > Cheers > aleks > Thanks for your feedback. I also want to focus on how to write a config file with nbproc > 1 and points to focus on. I'll see where I can put this in my plan. Do you have any more feedback ? Anyone ? I'll have some time to start working on it tomorrow, so if you want to share your point of view, now is the time. Olivier
