HAProxy 配置
haproxy -c -V -f /etc/haproxy/haproxy.cfg # 检测配置
ulimit -n 8036
haproxy -f /etc/haproxy/haproxy.cfg -d # Debug 启动
- http-tunnel
- 处理 HTTP CONNECT
- https://cbonte.github.io/haproxy-dconv
- https://www.haproxy.com/documentation/hapee/latest/onepage
- maxconn
- frontend 接受的最大连接数
- 4096 fd 默认 maxconn ~ 1700
- 10000 连接 ~450MB - ~580MB
- fd ~= maxconn*2 + 1000
- /proc/sys/fs/file-max
Timeout
- HTTP or TCP
- One Shot or Stream
- Latency or Bandwidth
# HTTP 场景
timeout connect 5s # 客户端 connect 上的时间
timeout client 50s # 客户端 idle 时长,一般 5m
timeout server 50s # 服务端响应时长 - 504
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 10m
timeout server 10m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
timeout http-request 10s # 整个请求时长
timeout http-keep-alive 2s
timeout queue 5s # concurrent connections,默认 timeout connect
timeout tunnel 2m # WebSockets,类似 keep-alive
timeout client-fin 1s # dropped client side connections 可能会恢复的时间
timeout server-fin 1s
env
${ENV_NAME-默认值}
- HAPROXY_LOCALPEER
-L
- HAPROXY_CFGFILES
- HAPROXY_HTTP_LOG_FMT
- HAPROXY_HTTPS_LOG_FMT
- HAPROXY_TCP_LOG_FMT
- HAPROXY_MWORKER
- HAPROXY_MASTER_CLI
- HAPROXY_STARTUP_VERSION
- 伪变量
.FILE
.LINE
.SECTION
控制流
.if
,.elif
,.else
,.endif
- 断言
defined(<name>)
feature(<name>)
-haproxy -vv
streq(<str1>,<str2>)
strneq(<str1>,<str2>)
version_atleast(<ver>)
version_before(<ver>)
- .diag "message"
- .notice
- .warning
- .alert
acl
- named acl
acl is_static path -i -m beg /static/
- in-line acl
use_backend be_static if { path -i -m beg /static/ }
- if, unless
- 多个条件默认为 and 关系
http-request deny if { path -i -m beg /api/ } { src 10.0.0.0/16 }
- 支持逻辑: || or && and !
http-request deny if { path -i -m beg /api/ } || !{ src 10.0.0.0/16 }
- fetch - 指匹配的来源信息
- 例如: src, path, hdr 等
- converter - 转换
- 例如: lower, upper, base64, field, bytes, map
- flag - fetch 操作支持通过 flag 修改行为
flag | for |
---|---|
-i | 忽略大小写,匹配后续所有 |
-f | 匹配文件内 patterns |
-m | 指定匹配方式 |
-n |