Hi,
I'm new to using HAproxy. I've cobbled together a configuration using the documentation and Internet resources.
If anyone could provide any suggestions for improvement or known pitfalls to avoid it would be greatly appreciated. For example I'm not sure exactly what to set maxconn to.
First a bit about my setup.
At present only 2 nodes, both running RHEL5.5 (fully patched).
Compiled HAproxy 1.4.8 running on both.
Compiled stunnel 4.15 with forwardfor patch applied running on both,
forwarding all SSL traffic to port 81
Port 80/443 from world balanced across both systems by source IP address
only.
Tomcat 6.0.29 running on both, listening on ports 10305 (HTTP) and 10306 (simulated HTTPS) using the non-blocking I/O with 200 threads available per port. Tomcat is running in clustered mode with sticky sessions enabled. Tomcat automatically appends a jvmroute (jvm1 and jvm2 in this case but can be changed) to the end of the JSESSIONID cookie value. Unfortunately I can't control the position of this value or I would put it at the beginning so that HAproxy could use it as well. This ID must be present so that Tomcat can determine if its a local session or one from the cluster.
HAproxy configuration follows (only one node is shown, the configuration for the other node is identical except 127.0.0.1 is exchanged where appropriate).
Any suggestions are greatly appreciated.
Thanks,
Best Regards,
Brett
# CfEngine manages this file, DO NOT EDIT # $Id: haproxy.cfg.test 1430 2010-09-21 16:06:52Z brett.dellegrazie $
global
maxconn 2560770 level operator
# daemon (use -D instead)
# pidfile (use -p instead)
user haproxy group haproxy log /dev/log daemon info stats socket /var/lib/haproxy/stats user haproxy group haproxy mode
defaults
mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms log global option abortonclose option httpchk option http-server-close option redispatch retries 3 frontend http-in bind *:80 option httplog option forwardfor default_backend tomcat-http backend tomcat-http option http-pretend-keepalive cookie JSESSIONID prefix server fmp-dun-tapp1 127.0.0.1:10305 cookie jvm1 id 1 check inter 5000 downinter 30000 server fmp-dun-tapp2 10.16.2.71:10305 cookie jvm2 id 2 check inter 5000downinter 30000
frontend https-in
bind *:81 option httplogdowninter 30000
# stunnel already adds forwardfor header
default_backend tomcat-https backend tomcat-https option http-pretend-keepalive cookie JSESSIONID prefix server fmp-dun-tapp1 127.0.0.1:10306 cookie jvm1 id 1 check inter 5000 downinter 30000 server fmp-dun-tapp2 10.16.2.71:10306 cookie jvm2 id 2 check inter 5000
listen stats
bind *:82 mode http stats enable stats uri /haproxy ______________________________________________________________________This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email
This archive was generated by hypermail 2.2.0 : 2010/09/21 19:15 CEST