On Tue, 04 Oct 2016 11:40:01 +0200, Holger Just <hapr...@meine-er.de> wrote:
> Hi Mariusz, > > Mariusz Gronczewski wrote: > > we've come to the point when we have to start using nbproc > 1 (mostly > > because going SSL-only in coming months) and as I understand I have > > to bind each process to separate admin socket and then repeat every > > command for each process, and in case of stats also sum up the > > counters. > > For statistics, there exists a LUA script you can use in HAProxy which > aggregates the statistics of multiple processes. See > http://www.arpalert.org/haproxy-scripts.html#stats We kinda already do that just on between-server (aggregating all LBs into one for graphing purpose) level. But I guess that solves it in a bit more transparent way and without extra daemons. > > As for socket commands, often you can circumenvent the whole issue by > applying a multi-stage architecture where you have several "dumb" > processes just terminating SSL and forwarding the plain-text traffic to > a single HAProxy processes which performs all of the actual > loadbalancing rules. I assume just doing bind 127.0.0.1:80 process 1 bind 127.0.0.1:443 ssl crt /etc/haproxy/test.pem process 2-5 is not enough and will cause backends to run in all processes ? So it would have to be separate SSL front with backend of unix socket and then other frontend would receive on that socket and do actual processing/splitting to backends ? > > With clever bind-process rules and by using send-proxy-v2 this is pretty > workable. Often, there is then no need for close introspection of the > frontend-processes anymore, nor is there a need to send socket commands > to them since they always send all their traffic to haproy anyway I'd prefer to write tool once instead of complicating the config further. Altho maybe the solution is to template more of it so it isn't a problem Thanks for insights, Mariusz -- Mariusz Gronczewski, Administrator Efigence S. A. ul. WoĊoska 9a, 02-583 Warszawa T: [+48] 22 380 13 13 F: [+48] 22 380 13 14 E: mariusz.gronczew...@efigence.com <mailto:mariusz.gronczew...@efigence.com>
