-
-
Save collimarco/347fa757b1bd1b3f1de536bf1e90f195 to your computer and use it in GitHub Desktop.
HAProxy config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
stats socket /run/haproxy/haproxy.sock mode 660 level admin | |
stats timeout 2m | |
chroot /var/lib/haproxy | |
user haproxy | |
group haproxy | |
daemon | |
maxconn 100000 | |
nbproc 4 | |
cpu-map 1 0 | |
cpu-map 2 1 | |
cpu-map 3 2 | |
cpu-map 4 3 | |
# Default SSL material locations | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# Default ciphers to use on SSL-enabled listening sockets. | |
ssl-default-bind-ciphers ... | |
ssl-default-bind-options no-sslv3 | |
defaults | |
log global | |
mode http | |
option httpchk HEAD /health HTTP/1.1\r\nHost:\ example.com | |
option httplog | |
option dontlognull | |
option forwardfor | |
option http-server-close | |
maxconn 5000 | |
timeout client 30s | |
timeout http-keep-alive 500 | |
timeout http-request 10s | |
timeout server 30s | |
timeout connect 5s | |
errorfile 400 /etc/haproxy/errors/400.http | |
errorfile 403 /etc/haproxy/errors/403.http | |
errorfile 408 /etc/haproxy/errors/408.http | |
errorfile 500 /etc/haproxy/errors/500.http | |
errorfile 502 /etc/haproxy/errors/502.http | |
errorfile 503 /etc/haproxy/errors/503.http | |
errorfile 504 /etc/haproxy/errors/504.http | |
listen stats | |
bind :9000 | |
bind-process 1 | |
mode http | |
stats enable | |
stats hide-version | |
stats realm Haproxy\ Statistics | |
stats uri / | |
stats auth ... | |
frontend www-frontend | |
bind :80 | |
bind :443 ssl crt /etc/ssl/private/example-ev.pem crt-list /etc/haproxy/crtlist | |
default_backend www-backend | |
compression algo gzip | |
compression type text/html text/css text/javascript application/javascript application/json | |
backend www-backend | |
http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] if { hdr_beg(host) -i www. } | |
redirect scheme https if !{ ssl_fc } | |
balance roundrobin | |
default-server inter 10s fall 3 rise 2 | |
server www0 10.129...:80 check | |
server www1 10.129...:80 check | |
server www2 10.129...:80 check | |
server www3 10.129...:80 check | |
server www4 10.129...:80 check | |
server www5 10.129...:80 check | |
server www6 10.129...:80 check | |
server www7 10.129...:80 check | |
server www8 10.129...:80 check | |
server www9 10.129...:80 check | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cat /proc/<PID>/limits | |
Limit Soft Limit Hard Limit Units | |
Max cpu time unlimited unlimited seconds | |
Max file size unlimited unlimited bytes | |
Max data size unlimited unlimited bytes | |
Max stack size 8388608 unlimited bytes | |
Max core file size 0 unlimited bytes | |
Max resident set unlimited unlimited bytes | |
Max processes 31860 31860 processes | |
Max open files 200043 200043 files | |
Max locked memory 65536 65536 bytes | |
Max address space unlimited unlimited bytes | |
Max file locks unlimited unlimited locks | |
Max pending signals 31860 31860 signals | |
Max msgqueue size 819200 819200 bytes | |
Max nice priority 0 0 | |
Max realtime priority 0 0 | |
Max realtime timeout unlimited unlimited us | |
$ sudo nc -U /run/haproxy/haproxy.sock | |
show info | |
Name: HAProxy | |
Version: 1.6.3 | |
Release_date: 2015/12/25 | |
Nbproc: 4 | |
Process_num: 3 | |
Pid: 5400 | |
Uptime: 0d 21h08m40s | |
Uptime_sec: 76120 | |
Memmax_MB: 0 | |
Ulimit-n: 200043 | |
Maxsock: 200043 | |
Maxconn: 100000 | |
Hard_maxconn: 100000 | |
CurrConns: 541 | |
CumConns: 8947429 | |
CumReq: 14122351 | |
MaxSslConns: 0 | |
CurrSslConns: 541 | |
CumSslConns: 8935633 | |
Maxpipes: 0 | |
PipesUsed: 0 | |
PipesFree: 0 | |
ConnRate: 112 | |
ConnRateLimit: 0 | |
MaxConnRate: 416 | |
SessRate: 112 | |
SessRateLimit: 0 | |
MaxSessRate: 416 | |
SslRate: 112 | |
SslRateLimit: 0 | |
MaxSslRate: 416 | |
SslFrontendKeyRate: 50 | |
SslFrontendMaxKeyRate: 380 | |
SslFrontendSessionReuse_pct: 55 | |
SslBackendKeyRate: 0 | |
SslBackendMaxKeyRate: 0 | |
SslCacheLookups: 1826495 | |
SslCacheMisses: 1716050 | |
CompressBpsIn: 12 | |
CompressBpsOut: 120 | |
CompressBpsRateLim: 0 | |
ZlibMemUsage: 0 | |
MaxZlibMemUsage: 0 | |
Tasks: 557 | |
Run_queue: 0 | |
Idle_pct: 75 | |
node: proxy1 | |
description: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* soft nofile 300000 | |
* hard nofile 300000 | |
root soft nofile 300000 | |
root hard nofile 300000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
net.core.somaxconn = 100000 | |
net.core.netdev_max_backlog = 100000 | |
net.ipv4.tcp_max_syn_backlog = 100000 | |
net.ipv4.ip_local_port_range = 1024 65535 | |
net.core.wmem_max = 12582912 | |
net.core.rmem_max = 12582912 | |
net.ipv4.tcp_rmem = 10240 87380 12582912 | |
net.ipv4.tcp_wmem = 10240 87380 12582912 | |
fs.file-max = 500000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment