Hi Samuel,
I've just quickly read your mail, to be honnest.
On Wed, Jul 30, 2008 at 10:57:58AM +0200, Samuel Vogel wrote:
> 2008/7/29 <haproxy.20.micorreo#spamgourmet.com>
>
> > Look at haproxy configuration example, it looks like your requirement,
> > at least, selecting backends based on regex
>
>
> This is what I looked up in your documentation. My question just is, if this
> really is feasible solution?
> To Start with there would be 5 servers, everyone serving up about a 100
> different websites. So the regexp for every server would be pretty long. If
> every domain has 10 characters, that would be more than a 1000 character
> regexp. I don't know how haproxy would deal and also scale witth that.
Don't do that. Large regexes are unmaintainable and a major source of typos and long downtimes on all sites which heavily rely on them.
If you want to have a list of sites, you'd better use a multi-match ACL. One solution is the following (preferred) :
acl site_on_back1 hdr(host) -i www.site1.com acl site_on_back1 hdr(host) -i www.site2.com acl site_on_back1 hdr(host) -i www.site3.com acl site_on_back1 hdr(host) -i www.site4.com acl site_on_back1 hdr(host) -i www.site5.com use_backend back1 if site_on_back1
It *will* be faster than an awful regex, and fully maintainable. Later it will be possible to load ACLs from a file. The "-f" flag is already supported, but ignored right now. It will then be perfectly suited for such a usage.
The second solution is adapted so small lists, it consists in building as many ACLs as you have sites :
acl site1 hdr(host) -i www.site1.com acl site2 hdr(host) -i www.site2.com acl site3 hdr(host) -i www.site3.com acl site4 hdr(host) -i www.site4.com acl site5 hdr(host) -i www.site5.com use_backend back1 if site1 or site2 or site3 or site4 or site5
But there's a limit on the number of words per line (256 I believe) and it will be slightly slower and harder to maintain.
> Also: Can you manipulate the ACLs at runtime without have to take haproxy
> down?
Not right now either, you have to reload the configuration. One thing which still needs thinking before properly implementing file-based ACLs is a way to reliably reload them in all processes (for people running multiple processes). Also, there's still a problem with chroots that needs to be fixed. Perhaps immediately going for an unchrooted side process responsible for such file access would make sense.
Regards,
Willy
Received on 2008/07/30 22:44
This archive was generated by hypermail 2.2.0 : 2008/07/30 23:00 CEST