Hello everyone !
I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like all
toolbox, to use it at 100%, you need good examples.
HAProxy blog is a great start. There are some code snippets in
documentation too. But a long time ago (in a galaxy not so far away), there
was a dedicated guide on this matter, that has been forgotten : The
architecture guide. Yes, here:
http://www.haproxy.org/download/1.3/doc/architecture.txt
It gives many examples that are great to start with, but :
- it was written 10 years ago !
- absolutely not up to date (regarding keep-alive for example)
- real word has changed since
- it is not compatible with HTML doc
With 1.6 now out, it is now time to rewrite this guide from scratch. The
first features I could think of are:
- having general details on how a good config should be organized (I was
personnaly confused by backend, frontend, listen, bind ...)
- examples compatible with latest version, with workarounds if not backward
compatible)
- keep good ol' txt format, but make it HTML compatible, so that tools like
haproxy-dconv can make it readable (and nice)
- avoid paraphrasing the official doc. We really want to focus on real
world examples that can be applied immediately and easily, and point to the
documentation on keywords.
I volunteer to provide a generic plan, and I'm sure many people around will
be glad to provide some really good examples. We all have different
experiences of HAProxy and different use, so we really want to show that
many things are possible (and sometimes, there are different ways to solve
one problem too. It can be great to show this with pros and cons for each
!).
To avoid any long and non-productive discussion, here is my plan to success
:
* let's agree on a very generic plan
* then, use one mailing-list thread for each part. People that feel at ease
with one part can help without being burried through dozens of emails
Here is draft 0.1 :
1) Introduction
a) Introduction on HAProxy config file
how it is organized (sections)
99% backward compatible through 1.x branch
b) How to check a config file
focus on check mode, how to read warnings, ...
c) Efficient reloading of HAProxy (hot reload)
2) Simple HTTP load balancing
a) Simple HTTP Load balancing
round robin
cookies
source balancing
3) Adding High-Availability
a) With keepalived
b) wih another L4 load balancer (Alteon ?)
c) other implementations ?
4) HTTPS examples
a) Generic HTTP/HTTPS config
5) Load balancing other protocols
a) Generic TCP protocols
b) Exchange load balancing real world example
6) Security hardening
a) chroot
b) protecting stats block
7) DDOS fighting
a) Level 4 limits
b) Level 7 limits
8) Using HAProxy command line
maintenance mode, manipulating backends, ssl-related commands ...
9) Multi-site load-balancing with local pref
(see example in current architecture.txt)
10) Advanced tuning
a) client-side
b) server-side
c) OS tuning
d) Hardware tuning
All constructive comments are of course welcome. I'm aware this is quite a
large task, but I'm sure it can be done :)
Olivier
I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like all
toolbox, to use it at 100%, you need good examples.
HAProxy blog is a great start. There are some code snippets in
documentation too. But a long time ago (in a galaxy not so far away), there
was a dedicated guide on this matter, that has been forgotten : The
architecture guide. Yes, here:
http://www.haproxy.org/download/1.3/doc/architecture.txt
It gives many examples that are great to start with, but :
- it was written 10 years ago !
- absolutely not up to date (regarding keep-alive for example)
- real word has changed since
- it is not compatible with HTML doc
With 1.6 now out, it is now time to rewrite this guide from scratch. The
first features I could think of are:
- having general details on how a good config should be organized (I was
personnaly confused by backend, frontend, listen, bind ...)
- examples compatible with latest version, with workarounds if not backward
compatible)
- keep good ol' txt format, but make it HTML compatible, so that tools like
haproxy-dconv can make it readable (and nice)
- avoid paraphrasing the official doc. We really want to focus on real
world examples that can be applied immediately and easily, and point to the
documentation on keywords.
I volunteer to provide a generic plan, and I'm sure many people around will
be glad to provide some really good examples. We all have different
experiences of HAProxy and different use, so we really want to show that
many things are possible (and sometimes, there are different ways to solve
one problem too. It can be great to show this with pros and cons for each
!).
To avoid any long and non-productive discussion, here is my plan to success
:
* let's agree on a very generic plan
* then, use one mailing-list thread for each part. People that feel at ease
with one part can help without being burried through dozens of emails
Here is draft 0.1 :
1) Introduction
a) Introduction on HAProxy config file
how it is organized (sections)
99% backward compatible through 1.x branch
b) How to check a config file
focus on check mode, how to read warnings, ...
c) Efficient reloading of HAProxy (hot reload)
2) Simple HTTP load balancing
a) Simple HTTP Load balancing
round robin
cookies
source balancing
3) Adding High-Availability
a) With keepalived
b) wih another L4 load balancer (Alteon ?)
c) other implementations ?
4) HTTPS examples
a) Generic HTTP/HTTPS config
5) Load balancing other protocols
a) Generic TCP protocols
b) Exchange load balancing real world example
6) Security hardening
a) chroot
b) protecting stats block
7) DDOS fighting
a) Level 4 limits
b) Level 7 limits
8) Using HAProxy command line
maintenance mode, manipulating backends, ssl-related commands ...
9) Multi-site load-balancing with local pref
(see example in current architecture.txt)
10) Advanced tuning
a) client-side
b) server-side
c) OS tuning
d) Hardware tuning
All constructive comments are of course welcome. I'm aware this is quite a
large task, but I'm sure it can be done :)
Olivier