General advice on HAproxy with Tomcat sought

From: Brett Delle Grazie <brett.dellegrazie#intact-is.com>
Date: Tue, 21 Sep 2010 18:09:18 +0100


Hi,

I'm new to using HAproxy. I've cobbled together a configuration using the documentation and Internet resources.

If anyone could provide any suggestions for improvement or known pitfalls to avoid it would be greatly appreciated. For example I'm not sure exactly what to set maxconn to.

First a bit about my setup.
At present only 2 nodes, both running RHEL5.5 (fully patched). Compiled HAproxy 1.4.8 running on both.
Compiled stunnel 4.15 with forwardfor patch applied running on both, forwarding all SSL traffic to port 81
Port 80/443 from world balanced across both systems by source IP address only.

Tomcat 6.0.29 running on both, listening on ports 10305 (HTTP) and 10306 (simulated HTTPS) using the non-blocking I/O with 200 threads available per port. Tomcat is running in clustered mode with sticky sessions enabled. Tomcat automatically appends a jvmroute (jvm1 and jvm2 in this case but can be changed) to the end of the JSESSIONID cookie value. Unfortunately I can't control the position of this value or I would put it at the beginning so that HAproxy could use it as well. This ID must be present so that Tomcat can determine if its a local session or one from the cluster.

HAproxy configuration follows (only one node is shown, the configuration for the other node is identical except 127.0.0.1 is exchanged where appropriate).

Any suggestions are greatly appreciated.

Thanks,

Best Regards,

Brett

# CfEngine manages this file, DO NOT EDIT # $Id: haproxy.cfg.test 1430 2010-09-21 16:06:52Z brett.dellegrazie $

global 

	maxconn 256


	# daemon (use -D instead)

	# pidfile (use -p instead)


	user haproxy
	group haproxy

	log /dev/log daemon info

	stats socket /var/lib/haproxy/stats user haproxy group haproxy mode
0770 level operator         

defaults 

	mode http
	timeout connect 5000ms
	timeout client 50000ms
	timeout server 50000ms
	
	log global
	
	option abortonclose
	option httpchk
	option http-server-close
	option redispatch
	retries 3

frontend http-in
	bind *:80
	option httplog
	option forwardfor
	default_backend tomcat-http

backend tomcat-http
	option http-pretend-keepalive
	cookie JSESSIONID prefix
	server fmp-dun-tapp1 127.0.0.1:10305 cookie jvm1 id 1 check inter 5000
downinter 30000
	server fmp-dun-tapp2 10.16.2.71:10305 cookie jvm2 id 2 check inter 5000
downinter 30000

frontend https-in 

	bind *:81
	option httplog


	# stunnel already adds forwardfor header

	default_backend tomcat-https
	
backend tomcat-https
	option http-pretend-keepalive
	cookie JSESSIONID prefix
	server fmp-dun-tapp1 127.0.0.1:10306 cookie jvm1 id 1 check inter 5000
downinter 30000
	server fmp-dun-tapp2 10.16.2.71:10306 cookie jvm2 id 2 check inter 5000
downinter 30000

listen stats 

	bind *:82 
	mode http
	stats enable
	stats uri /haproxy


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email
Received on 2010/09/21 19:09

This archive was generated by hypermail 2.2.0 : 2010/09/21 19:15 CEST