Anyone have any experience with HAproxy?


(AstonJ) #1

I’ve installed Docker on my server and it seems to be working fine, however I already have several sites on this Apache server and I read that we should avoid mod_proxy and use HAproxy instead - but I am unsure how to proceed.

Is it possible to have HAproxy direct all traffic for a specific domain (the Discourse docker container) to a specific port, then everything else as normal?

Any help in getting this configured would be appreciated :- )

(Mac Smith) #2

You want to filter for that domain on the defined front end, and then ensure it routes to whatever port you want to use on the back end. HAproxy is (in my opinion) completely awesome and deserves a deeper dive because it can be useful for so much more than just web services.

This should give you a solid starting point:—route-by-domain-name

(AstonJ) #3

Thanks @macsmith71

Does the config below look ok to you? Am I right in thinking that if something doesn’t match the acl, it will default to the default_backend?

    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #    local2.*                       /var/log/haproxy.log
    log local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/
    maxconn     4000
    user        haproxy
    group       haproxy

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend http-in
        bind *:80
        default_backend main-apache-sites
        # Define hosts
        acl host_discourse hdr(host) -i

        # figure out which one to use
        use_backend discourse_docker if host_discourse

backend main-apache-sites
    server server1 cookie A check

backend discourse_docker
    server server1 cookie A check

(Mac Smith) #4

Sorry, didn’t see this until now.
The site stuff looks ok, but if you want to chroot you need to set the pid
and log to write into the chroot. Or comment out the chroot line. I will go
over it more closely when I get home later this afternoon.

(AstonJ) #5

Thanks Mac.

Do you think I should just use the config as per the link you posted? (I just thought that as the post is a couple of years old the default config with the install might have been better/newer.)

(Mac Smith) #6

They go really slow as far as major version releases. Its entirely possible
that a config doesn’t have formatting or variable changes for a couple of
years. Are you playing with 1.5 or 1.6? I would keep your config, just
maybe comment out the chroot directive to make sure the site stuff works,
then double back to dial in the chroot pathing until that also works.
Shouldn’t be too bad.

(AstonJ) #7

Good news and bad news.

Good news is that Discourse seems to be working fine. Bad news is that all my other sites are broken. (Seems to be an issue with Virtualmin), I’ve reverted for now, will look more into it and try again tomorrow. Any ideas in the meantime would be appreciated!