Skip to content

Instantly share code, notes, and snippets.

@haproxytechblog
Last active March 27, 2024 20:59
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save haproxytechblog/5f38382fc7d9c9b44814ecb68d2bfca3 to your computer and use it in GitHub Desktop.
Save haproxytechblog/5f38382fc7d9c9b44814ecb68d2bfca3 to your computer and use it in GitHub Desktop.
HAProxy and Docker Swarm
$ apt update
$ apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ apt update
$ apt install docker-ce docker-ce-cli containerd.io
$ sudo docker swarm init --advertise-addr 10.64.137.201
Swarm initialized: current node (xvkdic6akgbx0k1odao9ce2yt) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-67rcacnzj6ihnew1nd50gvhdsm087d4a2qgvgulxu62b7xbwep-37l1kvmfe309bp3fzvcaa4rq0 10.64.137.201:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
$ sudo docker swarm join --token [YOUR-SWARM-TOKEN] 10.64.137.201:2377
This node joined a swarm as a worker.
$ sudo docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
xvkdic6akgbx0k1odao9ce2yt * dock1 Ready Active Leader 19.03.1
xaj6gfj9xkks3ybtjvsr44emh dock2 Ready Active 19.03.1
q3wdfk3l8vinh227jwo99y3n7 dock3 Ready Active 19.03.1
$ sudo docker node promote $(sudo docker node ls --filter role=worker --quiet)
Node xaj6gfj9xkks3ybtjvsr44emh promoted to a manager in the swarm.
Node q3wdfk3l8vinh227jwo99y3n7 promoted to a manager in the swarm.
$ sudo docker network create --attachable --driver overlay apache-network
$ sudo docker service create \
--mode replicated \
--replicas 0 \
--name apache-Service \
--network apache-network \
--endpoint-mode dnsrr \
httpd:2.4
global
log fd@2 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
stats socket /var/lib/haproxy/stats expose-fd listeners
master-worker
resolvers docker
nameserver dns1 127.0.0.11:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 10s
hold refused 10s
hold nx 10s
hold timeout 10s
hold valid 10s
hold obsolete 10s
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
mode http
option httplog
frontend fe_web
bind *:80
use_backend stat if { path -i /my-stats }
default_backend be_apache_service
backend be_apache_service
balance roundrobin
server-template apache- 6 apache-Service:80 check resolvers docker init-addr libc,none
backend be_apache_service_wrong_case
balance roundrobin
server-template apache- 6 apache-service:80 check resolvers docker init-addr libc,none
backend stat
stats enable
stats uri /my-stats
stats refresh 15s
stats show-legends
stats show-node
$ sudo docker service create \
--mode replicated \
--replicas 1 \
--name haproxy-service \
--network apache-network \
--publish published=80,target=80,protocol=tcp,mode=ingress \
--publish published=443,target=443,protocol=tcp,mode=ingress \
--mount type=bind,src=/etc/haproxy/,dst=/etc/haproxy/,ro=true \
--dns=127.0.0.11 \
haproxytech/haproxy-debian:2.0
$ sudo docker service logs --tail 20 haproxy-service
$ sudo docker service rm haproxy-service
$ sudo docker service create \
--mode replicated \
--replicas 1 \
--name haproxy-service \
--network apache-network \
--publish published=80,target=80,protocol=tcp,mode=host \
--publish published=443,target=443,protocol=tcp,mode=host \
--mount type=bind,src=/etc/haproxy/,dst=/etc/haproxy/,ro=true \
--dns=127.0.0.11 \
haproxytech/haproxy-debian:2.0
$ sudo apt install keepalived
vrrp_script haproxy_container {
script "/usr/bin/docker container ls --filter name=haproxy-service | /bin/grep haproxy-service"
interval 5
weight -20
fall 2
rise 2
}
vrrp_instance VI_1 {
interface ens192
state BACKUP
virtual_router_id 205
priority 100
virtual_ipaddress {
10.64.137.205/32
}
track_script {
haproxy_container
}
}
$ sudo docker service logs --tail 20 haproxy-service
$ sudo docker service rm haproxy-service
$ sudo docker service create \
--mode global \
--name haproxy-service \
--network apache-network \
--publish published=80,target=80,protocol=tcp,mode=host \
--publish published=443,target=443,protocol=tcp,mode=host \
--mount type=bind,src=/etc/haproxy/,dst=/etc/haproxy/,ro=true \
--dns=127.0.0.11 \
haproxytech/haproxy-debian:2.0
$ sudo docker node update --label-add LB-NODE=yes dock2
$ sudo docker node update --label-add LB-NODE=yes dock3
$ sudo docker service create \
--mode global \
--name haproxy-service \
--network apache-network \
--publish published=80,target=80,protocol=tcp,mode=host \
--publish published=443,target=443,protocol=tcp,mode=host \
--mount type=bind,src=/etc/haproxy/,dst=/etc/haproxy/,ro=false \
--dns=127.0.0.11 \
--constraint node.labels.LB-NODE==yes \
haproxytech/haproxy-debian:2.0 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -L local_haproxy
$ docker service update --constraint-add node.labels.LB-NODE==yes haproxy-service
$ sudo docker service scale apache-Service=1
$ sudo docker service scale apache-Service=6
$ sudo docker kill --signal USR2 $(docker container ls --filter name=haproxy-service --quiet)
peers mypeers
peer local_haproxy 127.0.0.1:1024
stick-table type ip size 1k expire 1h store http_req_cnt,http_req_rate(1m) peers mypeers
http-request track-sc0 src
$ sudo docker service create \
--mode replicated \
--replicas 1 \
--name haproxy-service \
--network apache-network \
--publish published=80,target=80,protocol=tcp,mode=host \
--publish published=443,target=443,protocol=tcp,mode=host \
--mount type=bind,src=/etc/haproxy/,dst=/etc/haproxy/,ro=false \
--dns=127.0.0.11 \
haproxytech/haproxy-debian:2.0 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -L local_haproxy
global
log fd@2 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
stats socket /var/lib/haproxy/stats expose-fd listeners
master-worker
resolvers docker
nameserver dns1 127.0.0.11:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 10s
hold refused 10s
hold nx 10s
hold timeout 10s
hold valid 10s
hold obsolete 10s
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
mode http
option httplog
frontend fe_web
bind *:80
use_backend stat if { path -i /my-stats }
default_backend be_apache_service
backend be_apache_service
balance roundrobin
server-template apache- 6 apache-Service:80 check resolvers docker init-addr libc,none
backend be_apache_service_wrong_case
balance roundrobin
server-template apache- 6 apache-service:80 check resolvers docker init-addr libc,none
backend stat
stats enable
stats uri /my-stats
stats refresh 15s
stats show-legends
stats show-node
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment