http://www.haproxy.org/ HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms.

Installation

sudo add-apt-repository ppa:vbernat/haproxy-1.6
sudo apt-get update
sudo apt-get install haproxy
sudo service haproxy status

# voir le log de HAproxy
tail -f /var/log/haproxy.log

HAHOST=haproxy
HAHOST=localhost

Open http://localhost/haproxy?stats

Configuration en SSL Pass-throught

TODO

/etc/haproxy/haproxy.cfg

./http_svr.js

./https_svr.js

sudo service haproxy restart
# lancer 3 serveurs express
npm install express
for port in 8081 8082 8083 ; do nodejs http_srv.js $port & done


HOST=localhost
curl $HOST:8081
curl $HOST:8082
curl $HOST:8083
# on peut observer la politique de round-robin
curl $HOST:80
curl $HOST:80
curl $HOST:80
curl $HOST:80
curl -k https://$HOST
curl -k https://$HOST
curl -k https://$HOST
curl -k https://$HOST

Configuration en SSL Terminaison

Le mode SSL Terminaison permet de diriger les requêtes HTTPS des clients vers les backends HTTP

Créer un certificat auto-signé pour le(s) frontend(s) HAProxy (voir)

sudo mkdir /etc/ssl/air
sudo openssl genrsa -out /etc/ssl/air/air.key 1024
sudo openssl req -new -key /etc/ssl/air/air.key -multivalue-rdn -subj "/C=FR/L=GRENOBLE/O=UGA/O=POLYTECH/OU=RICM/CN=AIR/emailAddress=air@imag.fr" -out /etc/ssl/air/air.csr
sudo openssl x509 -req -days 365 -in /etc/ssl/air/air.csr -signkey /etc/ssl/air/air.key -out /etc/ssl/air/air.crt
sudo cat /etc/ssl/air/air.crt /etc/ssl/air/air.key | sudo tee /etc/ssl/air/air.pem

Editer le fichier de configuration /etc/haproxy/haproxy.cfg

TODO

Exécuter les commandes

# verifier si le fichier de configuration est valide (option -c)
sudo haproxy -f /etc/haproxy/haproxy.cfg -c

# Relancer le service
sudo service haproxy restart

# voir le log de HAproxy
sudo tail -f /var/log/haproxy.log

Configuration en SSL Terminaison avec authentification mutuelle

TODO

Failover du ferme de serveurs

• http://blog.haproxy.com/2013/12/23/failover-and-worst-case-management-with-haproxy/

Configuration HA avec Keepalived

• https://www.howtoforge.com/setting-up-a-high-availability-load-balancer-with-haproxy-keepalived-on-debian-lenny
• http://behindtheracks.com/2014/04/redundant-load-balancers-haproxy-and-keepalived/

More

• DDOS http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
• Docker http://blog.haproxy.com/2015/11/17/haproxy-and-container-ip-changes-in-docker/
• How to Monitor HAProxy with the ELK Stack http://logz.io/blog/monitor-haproxy-elk-stack/