Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > Installing Haproxy For Load Balancing And Protecting Apache
forgot password?



Reply


Old
  Post #1 (permalink)   12-01-2011, 07:46 AM
HD Addict
 
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with today’s hardware. Its mode of operation makes its integration into existing architectures very easy and risk less, while still offering the possibility not to expose fragile web servers to the Net

You can read more here:- http://haproxy.1wt.eu/#desc

Installing HAProxy:-

You can check for the latest version here:- http://haproxy.1wt.eu/#down
At present 1.5 is in development phase 7 and we are going to use that

Note: The configuration file we have used is for single server Protection not for multiple server and made by its owner Willy Tarreau

First:-

wget http://haproxy.1wt.eu/download/1.5/s....5-dev7.tar.gz
tar xvfz haproxy-1.5-dev7.tar.gz
$ cd haproxy-1.5-dev7

Second:-
Now we have to compile the installation file, we are taking example of centost OS

make install

Third:-
Now make a new directory and copy haproxy configuration file there

mkdir /etc/haproxy
cd /etc/haproxy
vi haproxy.cfg

change the ip address below and copy it to haproxy.cfg
—————————————————————–

global
daemon
maxconn 20000 # count about 1 GB per 20000 connections
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600

defaults
mode http
maxconn 19500 # Should be slightly smaller than global.maxconn.
timeout client 60s # Client and server timeout must match the longest
timeout server 60s # time we may wait for a response from the server.
timeout queue 60s # Don’t queue requests too long if saturated.
timeout connect 4s # There’s no reason to change this one.
timeout http-request 5s # A complete request may never take that long.
# Uncomment the following one to protect against nkiller2. But warning!
# some slow clients might sometimes receive truncated data if last
# segment is lost and never retransmitted :
# option nolinger
option http-server-close
option abortonclose
balance roundrobin
option forwardfor # set the client’s IP in X-Forwarded-For.
option tcp-smart-accept
option tcp-smart-connect
retries 2

frontend public
bind 192.168.1.1:80
bind 192.168.1.2:80
bind 192.168.1.3:80
bind 192.168.1.4:80

# table used to store behaviour of source IPs
stick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)

# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutes
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser

# connection rate abuses get blocked
acl conn_rate_abuse sc1_conn_rate gt 30
acl mark_as_abuser sc1_inc_gpc0 gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser

default_backend apache

backend apache
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
stats uri /haproxy?stats
server srv 0.0.0.0:8181 maxconn 254

# Enable the stats page on a dedicated port (8888). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen stats
# Uncomment “disabled” below to disable the stats page :
# disabled
bind :8811
stats uri /

——————————————————————

In the above file replace 192.168.1.1 to 192.168.1.4 with your server ip address.

Fourth:
Change your Apache port to 8181 as in configuration file we are using that server srv 0.0.0.0:8181 maxconn 254.In WHM goto Tweak Settings and find Apache non-SSL IP/port and change it to 8181.

Fifth:
Restart apache

/etc/init.d/apache2 restart

Last:
Start haproxy

haproxy -f /etc/haproxy/haproxy.cfg

Now we have to check if its working. Go to your stats page to see
serverip:8811

Replace serverip with your server ip used in configuration file and you will see full result generated by haproxy

If you are facing any issue then feel free to contact us
 
 


Old
  Post #2 (permalink)   01-03-2012, 10:34 AM
HD Master
 
Join Date: Dec 2011
Location: Florida
Posts: 274
Send a message via Skype™ to SolidShellSecur

Status: SolidShellSecur is offline
We are yet to use HAProxy as we normally first go to nginx or squid. Been meaning to try it out. Anyone else use it yet?
__________________
SolidShellSecurity.com. Providing Quality Support, Secure Hosting and Amazing Services.
STAY ALERT! Sign up for our security mailing list and always know when threats come out.
 
 
 


Old
  Post #3 (permalink)   01-05-2012, 01:05 PM
HD Addict
 
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
Well i would suggest to use it once. Its A very good tool
 
 
 


Old
  Post #4 (permalink)   12-20-2012, 10:19 AM
HD Newbie
 
Join Date: Nov 2012
Location: 127.0.0.1
Posts: 40

Status: H4G-Kushal is offline
Quote:
Originally Posted by SolidShellSecur View Post
We are yet to use HAProxy as we normally first go to nginx or squid. Been meaning to try it out. Anyone else use it yet?
I would second that. NginX and Squid proxy does a very impressive job.
__________________
Host4Geeks LLC - Shared | Semi Dedicated | Reseller | Fully Managed VPS US / UK / India
Host4Geeks India - SSD Shared Hosting | SSD Reseller Hosting | Managed Wordpress Hosting in India
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: