SlideShare a Scribd company logo

HAProxy scale out using open source

Download as ODP, PDF
Ingo Walz
Ingo Walz

Scaling out on the cloud is easy. Especially, if you have a software provisioning system that helps you to deploy your environment wherever you want. This session will give you an overview of the fantastic new features of HAProxy V 1.5, and how you can integrate it into your environment to build a high available environment, using open source software. Starting with a single-webserver + mysql setup provisioned via chef, we will deploy an HA Proxy Cluster in front and scale out your nginx and mysql database backend.

1 of 51
Scale out using open source
Why HAProxy? High availability Powerful loadbalancer for websites due to its proxy nature Open Source Enterprise ready HAProxy - Scale out using open source | by Ingo Walz 2
HAProxy - Scale out using open source | by Ingo Walz 3 Enterprise options ALOHA HAProxy Loadbalancer Appliance HAProxy Enterprise Edition - HAPEE http://www.haproxy.com/
HAProxy - Scale out using open source | by Ingo Walz 4 Who's using it? http://www.haproxy.org/they-use-it.html
HAProxy - Scale out using open source | by Ingo Walz 5 Featureset Content switching / filtering  Asymetric load balancing  Priority activation  SSL offloading  HTTP compression  TCP buffering  Priority queue / rate shaping  Direct server return (DSR)  http://en.wikipedia.org/wiki/Load_balancing_(computing)#Load_balancer_features
HAProxy - Scale out using open source | by Ingo Walz 6 Looks familiar?
HAProxy - Scale out using open source | by Ingo Walz 7 Fix your Single-Server Environment Congratulation, your whole environment is one Single Point Of Failure!
HAProxy - Scale out using open source | by Ingo Walz 8 Fix your Single-Server Environment Always try to follow the principle: One function per component Not anymore because it scales the best, more because it's the cleanest way to manage them. Configure Services, not Servers
HAProxy - Scale out using open source | by Ingo Walz 9 Make your application cluster capable You need to deploy to a various number of different machines Do not use something like NFS to workaround A CI will help you Session clustering Avoid to work on the filesystem to save data / user input Use central technologies to save your data (e.g. databases)
Installation HAProxy - Scale out using open source | by Ingo Walz 10
HAProxy - Scale out using open source | by Ingo Walz 11 Known procedure $ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.6.tar.gz $ tar xvzf haproxy-1.5.6.tar.gz $ cd haproxy-1.5.6 $ ./configure USE_OPENSSL=1 USE_PCRE=1 $ make $ sudo make install http://www.haproxy.org/#down
Configuration HAProxy - Scale out using open source | by Ingo Walz 12
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 13 Configuration sections global # process wide and eventually OS specific # some have CLI equivalents [ .. ] defaults # set default parameters for all following sections [ .. ] frontend # describes a set of listening sockets accepting client connections [ .. ] backend # describes a set of servers to which the proxy will connect # to forward incoming connections [ .. ] listen # defines a complete proxy with its frontend and backend parts combined in one section. # It is generally useful for TCP-only traffic [ .. ]
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 14 TCP vs HTTP loadbalancing defaults mode tcp # Can balance everything, the default defaults mode http # But you want that! Layer 7 loadbalancing advantages ● Request inspection ● Content switching ● Header manipulation ● Cookie persistence ● Advanced health checks
HAProxy - Scale out using open source | by Ingo Walz 15 Loadbalance your nginx
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 16 Loadbalance your nginx global maxconn 4096 daemon defaults mode http timeout connect 5000 timeout client 50000 timeout server 50000 frontend www_fe bind :80 # Close connection to server but keep open for client option http-server-close default_backend www backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check
HAProxy - Scale out using open source | by Ingo Walz 17 Still a single point of failure
HAProxy - Scale out using open source | by Ingo Walz 18 HA with HAProxy & keepalived
HAProxy - Scale out using open source | by Ingo Walz 19 HA with HAProxy & keepalived vrrp_script chk_haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance VIRTUAL { interface eth0 virtual_router_id 10 state MASTER #state BACKUP priority 100 #priority 101 advert_int 1 virtual_ipaddress { 10.0.0.30 } track_script { chk_haproxy } } /etc/keepalived/keepalived.conf
HAProxy - Scale out using open source | by Ingo Walz 20 HA with public IPs
HAProxy - Scale out using open source | by Ingo Walz 21 HA with public IPs - failover
The final step HAProxy - Scale out using open source | by Ingo Walz 22
HAProxy - Scale out using open source | by Ingo Walz 23 Loadbalance MySQL - TCP
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 24 Loadbalance MySQL - TCP frontend mysql_fe bind :3306 mode tcp default_backend mysql_be backend mysql_be mode tcp option mysql-check user haproxy server mysql1 10.0.0.40:3306 check server mysql2 10.0.0.45:3306 check backup mysql~> INSERT INTO mysql.user (Host,USER) VALUES ('10.0.0.20','haproxy'); FLUSH PRIVILEGES; mysql~> INSERT INTO mysql.user (Host,USER) VALUES ('10.0.0.25','haproxy'); FLUSH PRIVILEGES;
HAProxy - Scale out using open source | by Ingo Walz 25 Loadbalance MySQL - TCP
HAProxy - Scale out using open source | by Ingo Walz 26 Loadbalance MySQL - TCP
All about SSL HAProxy - Scale out using open source | by Ingo Walz 27
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 28 Setup SSL Pass-Through frontend www_fe bind :80 bind :443 mode tcp default_backend www_be backend www_be mode tcp server nginx1 10.0.0.10:443 check server nginx2 10.0.0.15:443 check No HTTP mode possible – how to inspect encrypted headers?
HAProxy - Scale out using open source | by Ingo Walz 29 SSL Termination – why you should offload Single configuration point for all certificates Certificates not widely spread across the infrastructure Offload the decryption load Typically, your HAProxy will have a bit of CPU left You need to decrypt to inspect the request information
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 30 Setup SSL offloading frontend www_fe bind :80 bind :443 ssl crt /etc/haproxy/sample.pem # Close connection to server but keep open for client option http-server-close default_backend www_be backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/sample.key -out ssl/sample.crt $ cat ssl/sample.key ssl/sample.crt > ssl/sample.pem
HAProxy - Scale out using open source | by Ingo Walz 31 SNI – How it works ● Multiple certificates per IP / frontend profile ● Client and server need to support it
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 32 Setup SNI frontend www_fe bind :80 # sample.pem as default, other pem's based on host header bind :443 ssl crt /etc/haproxy/sample.pem crt /etc/haproxy/certs/ # Content switch based on certificate (and based on host) use_backend sample1 if { ssl_fc_sni sample1 } use_backend sample2 if { ssl_fc_sni sample2 } default_backend www_be backend sample1 server nginx1 10.0.0.10:80 check backend sample2 server nginx2 10.0.0.15:80 check backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check
Secure your entry point HAProxy - Scale out using open source | by Ingo Walz 33
HAProxy - Scale out using open source | by Ingo Walz 34 Protect against syn flooding # Consider this amount of clients as valid $ sysctl -w net.ipv4.tcp_max_syn_backlog=”4096” # Once net.ipv4.tcp_max_syn_backlog is reached, enable syn cookies $ sysctl -w net.ipv4.tcp_syncookies=1 # Enable reverse path filtering, is the source routable through the incoming interface? $ sysctl -w net.ipv4.conf.all.rp_filter=1
HAProxy - Scale out using open source | by Ingo Walz 35 Basic iptables $ cat iptables.sh #!/bin/bash iptables -F # Drop current table # Drop incoming traffic (eth0 is the public available interface) iptables -i eth0 -P INPUT DROP iptables -i eth0 -P FORWARD DROP # Allow outgoing traffic iptables -P OUTPUT ACCEPT # Allow ping iptables -i eth0 -A INPUT -p ICMP -j ACCEPT # Allow SSH (this should be avoided, SSH to haproxy via internal interface / through VPN) iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 22 # Allow HTTP iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 80 # Allow HTTPS iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 443 # Allow connections from localhost on every port iptables -i eth0 -A INPUT -j ACCEPT -s 127.0.0.1 # Already opened connections are accepted on every port (required for some daemons) iptables -i eth0 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 36 Use HAProxy to secure your environment frontend www_fe bind :80 bind :443 ssl crt /usr/local/etc/haproxy/sample.pem option http-server-close #detect and reject shellshock requests reqdeny ^[^:]+:s*(s*)s+{ reqdeny ^[^:]+:s+.*?(<<[^<;]+){5,} #This rule to display SSLv3 error message acl sslv3 ssl_fc_protocol SSLv3 http-request allow if sslv3 use_backend backend_sslv3 if sslv3 default_backend www_be backend backend_sslv3 mode http errorfile 503 /usr/local/etc/haproxy/pages/poodle.http
HAProxy - Scale out using open source | by Ingo Walz 37 Check SSLv3 error message $ openssl s_client -connect 10.0.0.30:443 -ssl3 [ … ] SSL-Session: Protocol : SSLv3 --- GET / [ … ] <html> <head> <title>SSLv3 detected</title> </head> [ … ] </html>
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 38 Persistent HTTP loadbalancing backend www_be cookie PHPSESSID prefix server nginx1 10.0.0.10:80 cookie nginx1 minconn 10 maxconn 20 check server nginx2 10.0.0.15:80 cookie nginx2 minconn 10 maxconn 20 check # Set-Cookie:PHPSESSID=nginx1~7cmjd41klupaderap0q7tve357; path=/ Persistence only if PHPSESSID cookie is set! backend www_be cookie server insert indirect nocache server nginx1 10.0.0.10:80 cookie nginx1 minconn 10 maxconn 20 check server nginx2 10.0.0.15:80 cookie nginx2 minconn 10 maxconn 20 check # Set-Cookie:server=nginx1; path=/
HAProxy - Scale out using open source | by Ingo Walz 39 ACL Extract data from request / response stream Perform content switching Conditional request handling Can help you to secure your environment E.g. display an error message for SSLv3
HAProxy - Scale out using open source | by Ingo Walz 40 Loadbalancing algorithms (most useful) roundrobin leastconn Suggested if you have very long sessions source Only useful in TCP environments Other methods available http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-balance
/usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 41 “Reverse proxy” usage frontend www_fe bind :80 bind :443 [ … ] use_backend nginx1_backend if { path_beg /nginx1 } use_backend nginx2_backend if { path_beg /nginx2 } backend nginx1_backend reqrep ^([^ :]*) /nginx1(/.*) 1 /2 server nginx1 10.0.0.10:80 cookie nginx1 check backend nginx2_backend reqrep ^([^ :]*) /nginx2(/.*) 1 /2 server nginx2 10.0.0.15:80 cookie nginx1 check You need to cut nginx1/2 from the request
HAProxy - Scale out using open source | by Ingo Walz 42 Statistics
Run the example HAProxy - Scale out using open source | by Ingo Walz 43
HAProxy - Scale out using open source | by Ingo Walz 44 Reminder
HAProxy - Scale out using open source | by Ingo Walz 45 Used technologies Vagrant >= 1.5.2 ChefDK >= 0.2.0 Berkshelf
https://github.com/iwalz/zendcon-haproxy HAProxy - Scale out using open source | by Ingo Walz 46
HAProxy - Scale out using open source | by Ingo Walz 47 Project structure
HAProxy - Scale out using open source | by Ingo Walz 48 Vagrant $ vagrant plugin install vagrant-omnibus $ vagrant plugin install vagrant-berkshelf Omnibus for chef solo support Berkshelf to manage cookbook dependencies
HAProxy - Scale out using open source | by Ingo Walz 49 Vagrant up $ git clone https://github.com/iwalz/zendcon-haproxy $ cd zendcon-haproxy $ vagrant up haproxy1 $ vagrant up haproxy2 $ vagrant up nginx1 $ vagrant up nginx2 $ vagrant up mysql1 $ vagrant up mysql2 Don't simply use `vagrant up`, the Berkshelf Dependencies will be messed up
HAProxy - Scale out using open source | by Ingo Walz 50 How to continue Architecture documentation (outdated, but still useful) http://www.haproxy.org/download/1.3/doc/architecture.txt Official documentation http://cbonte.github.io/haproxy-dconv/configuration-1.5.html Haproxy.com Blog http://blog.haproxy.com/
Questions? HAProxy - Scale out using open source | by Ingo Walz 51

Recommended

Apache Camel Introduction
Apache Camel IntroductionApache Camel Introduction
Apache Camel Introduction
Claus Ibsen
 
Tasklet vs work queues (Deferrable functions in linux)
Tasklet vs work queues (Deferrable functions in linux)Tasklet vs work queues (Deferrable functions in linux)
Tasklet vs work queues (Deferrable functions in linux)
RajKumar Rampelli
 
Lessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationLessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting Replication
Sveta Smirnova
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
Cumulus Networks
 
HAProxy
HAProxy HAProxy
HAProxy
Arindam Nayak
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
Brendan Jennings
 
Deep dive into PostgreSQL statistics.
Deep dive into PostgreSQL statistics.Deep dive into PostgreSQL statistics.
Deep dive into PostgreSQL statistics.
Alexey Lesovsky
 

Recommended

Apache Camel Introduction
Apache Camel IntroductionApache Camel Introduction
Apache Camel Introduction
Claus Ibsen
 
Tasklet vs work queues (Deferrable functions in linux)
Tasklet vs work queues (Deferrable functions in linux)Tasklet vs work queues (Deferrable functions in linux)
Tasklet vs work queues (Deferrable functions in linux)
RajKumar Rampelli
 
Lessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationLessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting Replication
Sveta Smirnova
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
Cumulus Networks
 
HAProxy
HAProxy HAProxy
HAProxy
Arindam Nayak
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
Brendan Jennings
 
Deep dive into PostgreSQL statistics.
Deep dive into PostgreSQL statistics.Deep dive into PostgreSQL statistics.
Deep dive into PostgreSQL statistics.
Alexey Lesovsky
 
우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈
용근 권
 
ProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQLProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQL
René Cannaò
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
Zalando Technology
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera ClusterAbdul Manaf
 
Php ppt
Php pptPhp ppt
Php pptSanmuga Nathan
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to Haproxy
Shaopeng He
 
Ceph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud worldCeph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud world
Sage Weil
 
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Brian Brazil
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
Ricardo Santos
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performance
PostgreSQL-Consulting
 
Ansible
AnsibleAnsible
Ansible
Raul Leite
 
08. networking
08. networking08. networking
08. networking
Muhammad Ahad
 
Patroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easyPatroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easy
Alexander Kukushkin
 
Backup and-recovery2
Backup and-recovery2Backup and-recovery2
Backup and-recovery2Command Prompt., Inc
 
Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2
Osamu Masutani
 
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
幸智 Yukinori 黒田 Kuroda
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?
Mydbops
 
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Sandesh Rao
 
MySQL Performance for DevOps
MySQL Performance for DevOpsMySQL Performance for DevOps
MySQL Performance for DevOps
Sveta Smirnova
 
Web Server Load Balancer
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
MobME Technical
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud
 

More Related Content

What's hot

우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈
용근 권
 
ProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQLProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQL
René Cannaò
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
Zalando Technology
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera ClusterAbdul Manaf
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to Haproxy
Shaopeng He
 
Ceph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud worldCeph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud world
Sage Weil
 
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Brian Brazil
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
Ricardo Santos
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performance
PostgreSQL-Consulting
 
Ansible
AnsibleAnsible
Ansible
Raul Leite
 
08. networking
08. networking08. networking
08. networking
Muhammad Ahad
 
Patroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easyPatroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easy
Alexander Kukushkin
 
Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2
Osamu Masutani
 
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
幸智 Yukinori 黒田 Kuroda
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?
Mydbops
 
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Sandesh Rao
 
MySQL Performance for DevOps
MySQL Performance for DevOpsMySQL Performance for DevOps
MySQL Performance for DevOps
Sveta Smirnova
 

What's hot (20)

우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈우아한테크세미나-우아한멀티모듈
우아한테크세미나-우아한멀티모듈
 
ProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQLProxySQL - High Performance and HA Proxy for MySQL
ProxySQL - High Performance and HA Proxy for MySQL
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
 
Php ppt
Php pptPhp ppt
Php ppt
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to Haproxy
 
Ceph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud worldCeph data services in a multi- and hybrid cloud world
Ceph data services in a multi- and hybrid cloud world
 
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performance
 
Ansible
AnsibleAnsible
Ansible
 
08. networking
08. networking08. networking
08. networking
 
Patroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easyPatroni - HA PostgreSQL made easy
Patroni - HA PostgreSQL made easy
 
Backup and-recovery2
Backup and-recovery2Backup and-recovery2
Backup and-recovery2
 
Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2Windows HPC Server 講習会 第1回 導入編 1/2
Windows HPC Server 講習会 第1回 導入編 1/2
 
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
20130601わんくま「序hpcクラスターを作ろう!まずはオンプレで」公開用
 
What is new in PostgreSQL 14?
What is new in PostgreSQL 14?What is new in PostgreSQL 14?
What is new in PostgreSQL 14?
 
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
 
MySQL Performance for DevOps
MySQL Performance for DevOpsMySQL Performance for DevOps
MySQL Performance for DevOps
 

Viewers also liked

Web Server Load Balancer
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
MobME Technical
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud
 
HAProxy tech talk
HAProxy tech talkHAProxy tech talk
HAProxy tech talkicebourg
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
 
Meetup Elasticsearch 13 novembre 2014
Meetup Elasticsearch 13 novembre 2014Meetup Elasticsearch 13 novembre 2014
Meetup Elasticsearch 13 novembre 2014
Jean-Pierre Paris
 
Bespoke service discovery with HAProxy and Marathon on Mesos
Bespoke service discovery with HAProxy and Marathon on MesosBespoke service discovery with HAProxy and Marathon on Mesos
Bespoke service discovery with HAProxy and Marathon on Mesos
Bart Spaans
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse
 
The moment my site got hacked
The moment my site got hackedThe moment my site got hacked
The moment my site got hacked
Marko Heijnen
 
VarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
VarnaConf - Blue/Green Deployments with Docker, haproxy and ConsulVarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
VarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
zeridon
 
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursorHow we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
Oleg Tokarev
 
Aniki - The ORM as our great brother.
Aniki - The ORM as our great brother.Aniki - The ORM as our great brother.
Aniki - The ORM as our great brother.
karupanerura
 
Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
Bradley Holt
 
What's New in HAProxy
What's New in HAProxyWhat's New in HAProxy
What's New in HAProxy
HAProxy Technologies
 
HA Proxy logs - The Art of Logging
HA Proxy logs - The Art of LoggingHA Proxy logs - The Art of Logging
HA Proxy logs - The Art of Logging
logmatic.io
 
Lessons from Highly Scalable Architectures at Social Networking Sites
Lessons from Highly Scalable Architectures at Social Networking SitesLessons from Highly Scalable Architectures at Social Networking Sites
Lessons from Highly Scalable Architectures at Social Networking Sites
Patrick Senti
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and Kibana
Avinash Ramineni
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Giuseppe Paterno'
 
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
inovex GmbH
 
ElasticSearch in Production: lessons learned
ElasticSearch in Production: lessons learnedElasticSearch in Production: lessons learned
ElasticSearch in Production: lessons learned
BeyondTrees
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
Danny Yuan
 

Viewers also liked (20)

Web Server Load Balancer
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
 
HAProxy tech talk
HAProxy tech talkHAProxy tech talk
HAProxy tech talk
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 
Meetup Elasticsearch 13 novembre 2014
Meetup Elasticsearch 13 novembre 2014Meetup Elasticsearch 13 novembre 2014
Meetup Elasticsearch 13 novembre 2014
 
Bespoke service discovery with HAProxy and Marathon on Mesos
Bespoke service discovery with HAProxy and Marathon on MesosBespoke service discovery with HAProxy and Marathon on Mesos
Bespoke service discovery with HAProxy and Marathon on Mesos
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
The moment my site got hacked
The moment my site got hackedThe moment my site got hacked
The moment my site got hacked
 
VarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
VarnaConf - Blue/Green Deployments with Docker, haproxy and ConsulVarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
VarnaConf - Blue/Green Deployments with Docker, haproxy and Consul
 
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursorHow we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
How we cooked Elasticsearch, Consul, HAproxy and DNS-recursor
 
Aniki - The ORM as our great brother.
Aniki - The ORM as our great brother.Aniki - The ORM as our great brother.
Aniki - The ORM as our great brother.
 
Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
 
What's New in HAProxy
What's New in HAProxyWhat's New in HAProxy
What's New in HAProxy
 
HA Proxy logs - The Art of Logging
HA Proxy logs - The Art of LoggingHA Proxy logs - The Art of Logging
HA Proxy logs - The Art of Logging
 
Lessons from Highly Scalable Architectures at Social Networking Sites
Lessons from Highly Scalable Architectures at Social Networking SitesLessons from Highly Scalable Architectures at Social Networking Sites
Lessons from Highly Scalable Architectures at Social Networking Sites
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and Kibana
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2
 
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
Keepalived & HA-Proxy as an alternative to commercial loadbalancer - August 2014
 
ElasticSearch in Production: lessons learned
ElasticSearch in Production: lessons learnedElasticSearch in Production: lessons learned
ElasticSearch in Production: lessons learned
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
 

Similar to HAProxy scale out using open source

NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
Davide Cioccia
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
HARRY CHAN PUTRA
 
PHP Project development with Vagrant
PHP Project development with VagrantPHP Project development with Vagrant
PHP Project development with Vagrant
Bahattin Çiniç
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with Nginx
Bud Siddhisena
 
apache.ppt
apache.pptapache.ppt
apache.ppt
gowriganesh
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usage
videos
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
Ben Hall
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
Ortus Solutions, Corp
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 
PHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the CloudPHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the Cloud
Salesforce Developers
 
Professional deployment
Professional deploymentProfessional deployment
Professional deployment
Ivelina Dimova
 
Nginx as a Revers Proxy for Apache on Ubuntu
Nginx as a Revers Proxy for Apache on UbuntuNginx as a Revers Proxy for Apache on Ubuntu
Nginx as a Revers Proxy for Apache on Ubuntu
abdullah roomi
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Dropsolid
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHP
Wataru OKAMOTO
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
LumoSpark
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOps
Raul Leite
 
Caching with Varnish
Caching with VarnishCaching with Varnish
Caching with Varnishschoefmax
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
OVHcloud
 

Similar to HAProxy scale out using open source (20)

NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
 
PHP Project development with Vagrant
PHP Project development with VagrantPHP Project development with Vagrant
PHP Project development with Vagrant
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with Nginx
 
apache.ppt
apache.pptapache.ppt
apache.ppt
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usage
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
 
PHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the CloudPHP on Heroku: Deploying and Scaling Apps in the Cloud
PHP on Heroku: Deploying and Scaling Apps in the Cloud
 
Professional deployment
Professional deploymentProfessional deployment
Professional deployment
 
Nginx as a Revers Proxy for Apache on Ubuntu
Nginx as a Revers Proxy for Apache on UbuntuNginx as a Revers Proxy for Apache on Ubuntu
Nginx as a Revers Proxy for Apache on Ubuntu
 
Pound Varnish
Pound VarnishPound Varnish
Pound Varnish
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Nginx + PHP
Nginx + PHPNginx + PHP
Nginx + PHP
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOps
 
Caching with Varnish
Caching with VarnishCaching with Varnish
Caching with Varnish
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
 

Recently uploaded

Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 

Recently uploaded (20)

Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 

HAProxy scale out using open source

  • 1. Scale out using open source
  • 2. Why HAProxy? High availability Powerful loadbalancer for websites due to its proxy nature Open Source Enterprise ready HAProxy - Scale out using open source | by Ingo Walz 2
  • 3. HAProxy - Scale out using open source | by Ingo Walz 3 Enterprise options ALOHA HAProxy Loadbalancer Appliance HAProxy Enterprise Edition - HAPEE http://www.haproxy.com/
  • 4. HAProxy - Scale out using open source | by Ingo Walz 4 Who's using it? http://www.haproxy.org/they-use-it.html
  • 5. HAProxy - Scale out using open source | by Ingo Walz 5 Featureset Content switching / filtering  Asymetric load balancing  Priority activation  SSL offloading  HTTP compression  TCP buffering  Priority queue / rate shaping  Direct server return (DSR)  http://en.wikipedia.org/wiki/Load_balancing_(computing)#Load_balancer_features
  • 6. HAProxy - Scale out using open source | by Ingo Walz 6 Looks familiar?
  • 7. HAProxy - Scale out using open source | by Ingo Walz 7 Fix your Single-Server Environment Congratulation, your whole environment is one Single Point Of Failure!
  • 8. HAProxy - Scale out using open source | by Ingo Walz 8 Fix your Single-Server Environment Always try to follow the principle: One function per component Not anymore because it scales the best, more because it's the cleanest way to manage them. Configure Services, not Servers
  • 9. HAProxy - Scale out using open source | by Ingo Walz 9 Make your application cluster capable You need to deploy to a various number of different machines Do not use something like NFS to workaround A CI will help you Session clustering Avoid to work on the filesystem to save data / user input Use central technologies to save your data (e.g. databases)
  • 10. Installation HAProxy - Scale out using open source | by Ingo Walz 10
  • 11. HAProxy - Scale out using open source | by Ingo Walz 11 Known procedure $ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.6.tar.gz $ tar xvzf haproxy-1.5.6.tar.gz $ cd haproxy-1.5.6 $ ./configure USE_OPENSSL=1 USE_PCRE=1 $ make $ sudo make install http://www.haproxy.org/#down
  • 12. Configuration HAProxy - Scale out using open source | by Ingo Walz 12
  • 13. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 13 Configuration sections global # process wide and eventually OS specific # some have CLI equivalents [ .. ] defaults # set default parameters for all following sections [ .. ] frontend # describes a set of listening sockets accepting client connections [ .. ] backend # describes a set of servers to which the proxy will connect # to forward incoming connections [ .. ] listen # defines a complete proxy with its frontend and backend parts combined in one section. # It is generally useful for TCP-only traffic [ .. ]
  • 14. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 14 TCP vs HTTP loadbalancing defaults mode tcp # Can balance everything, the default defaults mode http # But you want that! Layer 7 loadbalancing advantages ● Request inspection ● Content switching ● Header manipulation ● Cookie persistence ● Advanced health checks
  • 15. HAProxy - Scale out using open source | by Ingo Walz 15 Loadbalance your nginx
  • 16. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 16 Loadbalance your nginx global maxconn 4096 daemon defaults mode http timeout connect 5000 timeout client 50000 timeout server 50000 frontend www_fe bind :80 # Close connection to server but keep open for client option http-server-close default_backend www backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check
  • 17. HAProxy - Scale out using open source | by Ingo Walz 17 Still a single point of failure
  • 18. HAProxy - Scale out using open source | by Ingo Walz 18 HA with HAProxy & keepalived
  • 19. HAProxy - Scale out using open source | by Ingo Walz 19 HA with HAProxy & keepalived vrrp_script chk_haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance VIRTUAL { interface eth0 virtual_router_id 10 state MASTER #state BACKUP priority 100 #priority 101 advert_int 1 virtual_ipaddress { 10.0.0.30 } track_script { chk_haproxy } } /etc/keepalived/keepalived.conf
  • 20. HAProxy - Scale out using open source | by Ingo Walz 20 HA with public IPs
  • 21. HAProxy - Scale out using open source | by Ingo Walz 21 HA with public IPs - failover
  • 22. The final step HAProxy - Scale out using open source | by Ingo Walz 22
  • 23. HAProxy - Scale out using open source | by Ingo Walz 23 Loadbalance MySQL - TCP
  • 24. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 24 Loadbalance MySQL - TCP frontend mysql_fe bind :3306 mode tcp default_backend mysql_be backend mysql_be mode tcp option mysql-check user haproxy server mysql1 10.0.0.40:3306 check server mysql2 10.0.0.45:3306 check backup mysql~> INSERT INTO mysql.user (Host,USER) VALUES ('10.0.0.20','haproxy'); FLUSH PRIVILEGES; mysql~> INSERT INTO mysql.user (Host,USER) VALUES ('10.0.0.25','haproxy'); FLUSH PRIVILEGES;
  • 25. HAProxy - Scale out using open source | by Ingo Walz 25 Loadbalance MySQL - TCP
  • 26. HAProxy - Scale out using open source | by Ingo Walz 26 Loadbalance MySQL - TCP
  • 27. All about SSL HAProxy - Scale out using open source | by Ingo Walz 27
  • 28. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 28 Setup SSL Pass-Through frontend www_fe bind :80 bind :443 mode tcp default_backend www_be backend www_be mode tcp server nginx1 10.0.0.10:443 check server nginx2 10.0.0.15:443 check No HTTP mode possible – how to inspect encrypted headers?
  • 29. HAProxy - Scale out using open source | by Ingo Walz 29 SSL Termination – why you should offload Single configuration point for all certificates Certificates not widely spread across the infrastructure Offload the decryption load Typically, your HAProxy will have a bit of CPU left You need to decrypt to inspect the request information
  • 30. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 30 Setup SSL offloading frontend www_fe bind :80 bind :443 ssl crt /etc/haproxy/sample.pem # Close connection to server but keep open for client option http-server-close default_backend www_be backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/sample.key -out ssl/sample.crt $ cat ssl/sample.key ssl/sample.crt > ssl/sample.pem
  • 31. HAProxy - Scale out using open source | by Ingo Walz 31 SNI – How it works ● Multiple certificates per IP / frontend profile ● Client and server need to support it
  • 32. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 32 Setup SNI frontend www_fe bind :80 # sample.pem as default, other pem's based on host header bind :443 ssl crt /etc/haproxy/sample.pem crt /etc/haproxy/certs/ # Content switch based on certificate (and based on host) use_backend sample1 if { ssl_fc_sni sample1 } use_backend sample2 if { ssl_fc_sni sample2 } default_backend www_be backend sample1 server nginx1 10.0.0.10:80 check backend sample2 server nginx2 10.0.0.15:80 check backend www_be server nginx1 10.0.0.10:80 check server nginx2 10.0.0.15:80 check
  • 33. Secure your entry point HAProxy - Scale out using open source | by Ingo Walz 33
  • 34. HAProxy - Scale out using open source | by Ingo Walz 34 Protect against syn flooding # Consider this amount of clients as valid $ sysctl -w net.ipv4.tcp_max_syn_backlog=”4096” # Once net.ipv4.tcp_max_syn_backlog is reached, enable syn cookies $ sysctl -w net.ipv4.tcp_syncookies=1 # Enable reverse path filtering, is the source routable through the incoming interface? $ sysctl -w net.ipv4.conf.all.rp_filter=1
  • 35. HAProxy - Scale out using open source | by Ingo Walz 35 Basic iptables $ cat iptables.sh #!/bin/bash iptables -F # Drop current table # Drop incoming traffic (eth0 is the public available interface) iptables -i eth0 -P INPUT DROP iptables -i eth0 -P FORWARD DROP # Allow outgoing traffic iptables -P OUTPUT ACCEPT # Allow ping iptables -i eth0 -A INPUT -p ICMP -j ACCEPT # Allow SSH (this should be avoided, SSH to haproxy via internal interface / through VPN) iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 22 # Allow HTTP iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 80 # Allow HTTPS iptables -i eth0 -A INPUT -j ACCEPT -p tcp --dport 443 # Allow connections from localhost on every port iptables -i eth0 -A INPUT -j ACCEPT -s 127.0.0.1 # Already opened connections are accepted on every port (required for some daemons) iptables -i eth0 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  • 36. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 36 Use HAProxy to secure your environment frontend www_fe bind :80 bind :443 ssl crt /usr/local/etc/haproxy/sample.pem option http-server-close #detect and reject shellshock requests reqdeny ^[^:]+:s*(s*)s+{ reqdeny ^[^:]+:s+.*?(<<[^<;]+){5,} #This rule to display SSLv3 error message acl sslv3 ssl_fc_protocol SSLv3 http-request allow if sslv3 use_backend backend_sslv3 if sslv3 default_backend www_be backend backend_sslv3 mode http errorfile 503 /usr/local/etc/haproxy/pages/poodle.http
  • 37. HAProxy - Scale out using open source | by Ingo Walz 37 Check SSLv3 error message $ openssl s_client -connect 10.0.0.30:443 -ssl3 [ … ] SSL-Session: Protocol : SSLv3 --- GET / [ … ] <html> <head> <title>SSLv3 detected</title> </head> [ … ] </html>
  • 38. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 38 Persistent HTTP loadbalancing backend www_be cookie PHPSESSID prefix server nginx1 10.0.0.10:80 cookie nginx1 minconn 10 maxconn 20 check server nginx2 10.0.0.15:80 cookie nginx2 minconn 10 maxconn 20 check # Set-Cookie:PHPSESSID=nginx1~7cmjd41klupaderap0q7tve357; path=/ Persistence only if PHPSESSID cookie is set! backend www_be cookie server insert indirect nocache server nginx1 10.0.0.10:80 cookie nginx1 minconn 10 maxconn 20 check server nginx2 10.0.0.15:80 cookie nginx2 minconn 10 maxconn 20 check # Set-Cookie:server=nginx1; path=/
  • 39. HAProxy - Scale out using open source | by Ingo Walz 39 ACL Extract data from request / response stream Perform content switching Conditional request handling Can help you to secure your environment E.g. display an error message for SSLv3
  • 40. HAProxy - Scale out using open source | by Ingo Walz 40 Loadbalancing algorithms (most useful) roundrobin leastconn Suggested if you have very long sessions source Only useful in TCP environments Other methods available http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-balance
  • 41. /usr/local/etc/haproxy/haproxy.cfg HAProxy - Scale out using open source | by Ingo Walz 41 “Reverse proxy” usage frontend www_fe bind :80 bind :443 [ … ] use_backend nginx1_backend if { path_beg /nginx1 } use_backend nginx2_backend if { path_beg /nginx2 } backend nginx1_backend reqrep ^([^ :]*) /nginx1(/.*) 1 /2 server nginx1 10.0.0.10:80 cookie nginx1 check backend nginx2_backend reqrep ^([^ :]*) /nginx2(/.*) 1 /2 server nginx2 10.0.0.15:80 cookie nginx1 check You need to cut nginx1/2 from the request
  • 42. HAProxy - Scale out using open source | by Ingo Walz 42 Statistics
  • 43. Run the example HAProxy - Scale out using open source | by Ingo Walz 43
  • 44. HAProxy - Scale out using open source | by Ingo Walz 44 Reminder
  • 45. HAProxy - Scale out using open source | by Ingo Walz 45 Used technologies Vagrant >= 1.5.2 ChefDK >= 0.2.0 Berkshelf
  • 46. https://github.com/iwalz/zendcon-haproxy HAProxy - Scale out using open source | by Ingo Walz 46
  • 47. HAProxy - Scale out using open source | by Ingo Walz 47 Project structure
  • 48. HAProxy - Scale out using open source | by Ingo Walz 48 Vagrant $ vagrant plugin install vagrant-omnibus $ vagrant plugin install vagrant-berkshelf Omnibus for chef solo support Berkshelf to manage cookbook dependencies
  • 49. HAProxy - Scale out using open source | by Ingo Walz 49 Vagrant up $ git clone https://github.com/iwalz/zendcon-haproxy $ cd zendcon-haproxy $ vagrant up haproxy1 $ vagrant up haproxy2 $ vagrant up nginx1 $ vagrant up nginx2 $ vagrant up mysql1 $ vagrant up mysql2 Don't simply use `vagrant up`, the Berkshelf Dependencies will be messed up
  • 50. HAProxy - Scale out using open source | by Ingo Walz 50 How to continue Architecture documentation (outdated, but still useful) http://www.haproxy.org/download/1.3/doc/architecture.txt Official documentation http://cbonte.github.io/haproxy-dconv/configuration-1.5.html Haproxy.com Blog http://blog.haproxy.com/
  • 51. Questions? HAProxy - Scale out using open source | by Ingo Walz 51