63 lines
3.3 KiB
Markdown
63 lines
3.3 KiB
Markdown
# What is HAProxy?
|
|
|
|
HAProxy is a free, open source high availability solution, providing load balancing and proxying for TCP and HTTP-based applications by spreading requests across multiple servers. It is written in C and has a reputation for being fast and efficient (in terms of processor and memory usage).
|
|
|
|
> [wikipedia.org/wiki/HAProxy](https://en.wikipedia.org/wiki/HAProxy)
|
|
|
|
%%LOGO%%
|
|
|
|
# How to use this image
|
|
|
|
Since no two users of HAProxy are likely to configure it exactly alike, this image does not come with any default configuration.
|
|
|
|
Please refer to [upstream's excellent (and comprehensive) documentation](https://cbonte.github.io/haproxy-dconv/) on the subject of configuring HAProxy for your needs.
|
|
|
|
It is also worth checking out the [`examples/` directory from upstream](http://git.haproxy.org/?p=haproxy-2.3.git;a=tree;f=examples).
|
|
|
|
## Create a `Dockerfile`
|
|
|
|
```dockerfile
|
|
FROM %%IMAGE%%:2.3
|
|
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
|
```
|
|
|
|
## Build the container
|
|
|
|
```console
|
|
$ docker build -t my-haproxy .
|
|
```
|
|
|
|
## Test the configuration file
|
|
|
|
```console
|
|
$ docker run -it --rm --name haproxy-syntax-check my-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
|
|
```
|
|
|
|
## Run the container
|
|
|
|
```console
|
|
$ docker run -d --name my-running-haproxy --sysctl net.ipv4.ip_unprivileged_port_start=0 my-haproxy
|
|
```
|
|
|
|
You will need a kernel at [version 4.11 or newer](https://github.com/moby/moby/issues/8460#issuecomment-312459310) to use `--sysctl net.ipv4.ip_unprivileged_port_start=0` , you may need to publish the ports your HAProxy is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free.
|
|
|
|
**Note:** the 2.4+ versions of the container will run as `USER haproxy` by default (hence the `--sysctl net.ipv4.ip_unprivileged_port_start=0` above), but older versions still default to `root` for compatibility reasons; use `--user haproxy` (or any other UID) if you want to run as non-root in older versions.
|
|
|
|
## Directly via bind mount
|
|
|
|
```console
|
|
$ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 %%IMAGE%%:2.3
|
|
```
|
|
|
|
Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg`. If this configuration file refers to any other files within that folder then you should ensure that they also exist (e.g. template files such as `400.http`, `404.http`, and so forth). However, many minimal configurations do not require any supporting files.
|
|
|
|
### Reloading config
|
|
|
|
If you used a bind mount for the config and have edited your `haproxy.cfg` file, you can use HAProxy's graceful reload feature by sending a `SIGHUP` to the container:
|
|
|
|
```console
|
|
$ docker kill -s HUP my-running-haproxy
|
|
```
|
|
|
|
The entrypoint script in the image checks for running the command `haproxy` and replaces it with `haproxy-systemd-wrapper` from HAProxy upstream which takes care of signal handling to do the graceful reload. Under the hood this uses the `-sf` option of `haproxy` so "there are two small windows of a few milliseconds each where it is possible that a few connection failures will be noticed during high loads" (see [Stopping and restarting HAProxy](http://www.haproxy.org/download/2.3/doc/management.txt)).
|