HAProxy Concepts: Difference between revisions
(9 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* [[HAProxy#Subjects|HAProxy]] | * [[HAProxy#Subjects|HAProxy]] | ||
=Proxy Mode= | |||
Two major proxy modes are supported: "tcp", also known as layer 4 and "http" known as layer 7. | |||
=="tcp" Proxy Mode== | |||
In "tcp" mode, HAProxy forwards bidirectional traffic between two sides. | |||
=="http" Proxy Mode== | |||
In "http" mode, HAProxy analyzes the protocol and can interact with it by allowing, blocking, switching, adding, modifying or removing arbitrary contents in requests or responses. | |||
=Logging= | |||
{{External|http://cbonte.github.io/haproxy-dconv/1.8/management.html#8}} | |||
HAProxy does not write log information on disk, but it forwards it to the syslog server, over UDP, by default on port 514. | |||
{{Internal|HAProxy_Configuration#Logging_Configuration|HAProxy Logging Configuration}} | |||
=Connection Health Check= | |||
{{External|https://www.haproxy.com/doc/aloha/7.0/haproxy/healthchecks.html#}} | |||
=SSL Support= | =SSL Support= | ||
Line 7: | Line 31: | ||
{{External|https://serversforhackers.com/using-ssl-certificates-with-haproxy}} | {{External|https://serversforhackers.com/using-ssl-certificates-with-haproxy}} | ||
HAProxy can be configured to terminate the SSL connection or to pass it through the backend server. | HAProxy can be configured to [[#SSL_Termination|terminate the SSL connection]] or to [[#SSL_Pass-Through|pass it through the backend server]]. | ||
===SSL Termination=== | ===SSL Termination=== | ||
Line 13: | Line 37: | ||
===SSL Pass-Through=== | ===SSL Pass-Through=== | ||
{{Internal|HAProxy SSL Pass-Through Configuration|HAProxy SSL Pass-Through Configuration}} | When HAProxy is configured with ''SSL pass-through'', the backend servers handle the SSL connection, rather than the load balancer. The load balancer will just simply proxy the request off to its backend server. The connection will remain encrypted, and the load balancer cannot see what it contains. The frontend will have to be configured in "tcp" [[HAProxy_Configuration#mode|mode]]. For more details on configuration, see: {{Internal|HAProxy SSL Pass-Through Configuration|HAProxy SSL Pass-Through Configuration}} |
Latest revision as of 08:40, 21 January 2018
Internal
Proxy Mode
Two major proxy modes are supported: "tcp", also known as layer 4 and "http" known as layer 7.
"tcp" Proxy Mode
In "tcp" mode, HAProxy forwards bidirectional traffic between two sides.
"http" Proxy Mode
In "http" mode, HAProxy analyzes the protocol and can interact with it by allowing, blocking, switching, adding, modifying or removing arbitrary contents in requests or responses.
Logging
HAProxy does not write log information on disk, but it forwards it to the syslog server, over UDP, by default on port 514.
Connection Health Check
SSL Support
HAProxy can be configured to terminate the SSL connection or to pass it through the backend server.
SSL Termination
SSL Pass-Through
When HAProxy is configured with SSL pass-through, the backend servers handle the SSL connection, rather than the load balancer. The load balancer will just simply proxy the request off to its backend server. The connection will remain encrypted, and the load balancer cannot see what it contains. The frontend will have to be configured in "tcp" mode. For more details on configuration, see: