ibu balancer ntọhapụ , nke na-enye gị ohere ikesa okporo ụzọ HTTP na arịrịọ TCP na-ezighị ezi n'etiti otu sava, na-eburu n'uche ọtụtụ ihe (dịka ọmụmaatụ, ọ na-enyocha nnweta nke sava, na-enyocha ọkwa ibu, nwere DDoS countermeasures) ma na-arụ ọrụ nzacha data mbụ ( dịka ọmụmaatụ, ị nwere ike ịtụgharị isi okwu HTTP, nzacha nnyefe na-ezighi ezi, igbochi SQL na XSS nnọchi, jikọọ ndị na-ahazi ọdịnaya). HAProxy nwekwara ike iji chịkọta mmekọrịta nke akụrụngwa na sistemụ dabere na ụkpụrụ ụlọ ọrụ microservices. Edere koodu oru ngo na C na ikike n'okpuru GPLv2. A na-eji ọrụ ahụ n'ọtụtụ nnukwu saịtị, gụnyere Airbnb, Alibaba, GitHub, Imgur, Instagram, Reddit, StackOverflow, Tumblr, Twitter na Vimeo.
Atụmatụ mwepụta ndị bụ isi:
- API ọhụrụ ewebata , nke na-enye gị ohere ijikwa ntọala HAProxy na ofufe site na REST Web API. Gụnyere, ị nwere ike ịgbakwunye ma wepụ backends na sava, mepụta ACL, gbanwee arịrịọ ntụgharị, gbanwee njide njikwa na IP;
- Agbakwunyere ntuziaka nbthread, nke na-enye gị ohere ịhazi ọnụọgụ nke eri eji na HAProxy iji kwalite arụmọrụ na CPUs multi-core. Site na ndabara, a na-ahọrọ ọnụọgụ nke eriri ndị ọrụ dabere na cores CPU dị na gburugburu ugbu a, na gburugburu igwe ojii ndabara bụ otu eri. Iji tọọ oke ike, agbakwunyere nhọrọ mgbakọ MAX_THREADS na MAX_PROCS, na-amachi oke oke na ọnụọgụ eri na usoro;
- Eji ntuziaka nkede maka ijikọ ndị na-ahụ maka adresị netwọkụ ka emechara ka ọ dị mfe. Mgbe ị na-edozi, ọ dịghịzi mkpa ịkọwapụta usoro usoro - site na ndabara, a ga-ekesa njikọ n'etiti eri dabere na ọnụọgụ nke njikọ na-arụ ọrụ.
- Ịmepụta ndekọ mgbe ị na-agba ọsọ n'ime akpa dịpụrụ adịpụ - enwere ike iziga log ahụ na stdout na stderr, yana onye ọ bụla na-akọwa faịlụ dị (dịka ọmụmaatụ, "log fd@1 local0");
- A na-akwado nkwado HTX (Nnọchite anya HTTP Ala) site na ndabara, na-enye ohere maka ịhazi mgbe ị na-eji atụmatụ dị elu dị ka HTTP/2 njedebe ruo ọgwụgwụ, Layer 7 Retries na gRPC. HTX anaghị edochi ndị nkụnye eji isi mee n'ọnọdụ, mana ọ na-ebelata ọrụ mgbanwe iji wepụ na ịgbakwunye nkụnye eji isi mee ọhụrụ na njedebe nke ndepụta ahụ, nke na-enye gị ohere ijikwa ụdị ọ bụla dị iche iche nke protocol HTTP, na-echekwa semantics mbụ nke ndị nkụnye eji isi mee ma na-enye gị ohere. iji nweta arụmọrụ dị elu mgbe ị na-atụgharị HTTP / 2 na HTTP / 1.1 na ọzọ;
- Nkwado gọọmentị agbakwunyere maka ọnọdụ HTTP/2 njedebe na njedebe (nhazi usoro niile na HTTP/2, gụnyere oku na azụ azụ, ọ bụghị naanị mmekọrịta n'etiti proxy na onye ahịa);
- E mejuputara nkwado zuru oke maka proxying bidirectional nke protocol gRPC site n'ikike ikpochapụ iyi gRPC, na-akọwapụta ozi onye ọ bụla, na-egosipụta okporo ụzọ gRPC na log na nzacha ozi site na iji ACL. gRPC na-enye gị ohere ịhazi ọrụ nke microservices n'asụsụ mmemme dị iche iche nke na-eji API zuru ụwa ọnụ na-emekọrịta ihe. A na-emejuputa nzikọrịta ozi netwọkụ na gRPC n'elu protocol HTTP/2 ma dabere na iji Protocol Buffers maka nhazi data.
- Nkwado agbakwunyere maka ọnọdụ “Layer 7 Retries” nke na-enye gị ohere izipu arịrịọ HTTP ugboro ugboro ma ọ bụrụ na ọdịda ngwanrọ na-emetụtaghị nsogbu na-ewepụta njikọ netwọkụ (dịka ọmụmaatụ, ọ bụrụ na enweghị nzaghachi ma ọ bụ nzaghachi efu na a. Arịrịọ POST). Iji gbanyụọ ụdịdị ahụ, agbakwunyere ọkọlọtọ “disable-l7-retry” na nhọrọ “http-request”, yana nhọrọ “retry-on” agbakwunyere maka imezigharị nke ọma na ngalaba ndabara, gee ntị na azụ azụ. Ihe ịrịba ama ndị a dị maka nzigharị: mmejọ-mmegharị niile, ọ dịghị nke ọ bụla, conn-ọdịda, nzaghachi efu, nzaghachi junk, oge nzaghachi, 0rtt-ajụ, yana njide iweghachi koodu ọkwa (404, wdg.) ;
- Emejuputala onye njikwa usoro ọhụrụ, nke na-enye gị ohere ịhazi oku nke faịlụ ndị nwere ike ime n'èzí na ndị njikwa maka HAProxy.
Dịka ọmụmaatụ, API Data Plan (/usr/sbin/dataplaneapi), yana igwe dị iche iche na-arụ ọrụ Offload iyi, na-emejuputa atumatu n'ụdị onye na-ahụ maka mpụga; - Agbakwunyela njikọ maka .NET Core, Go, Lua na Python maka ịmepụta SPOE (Stream Processing Offload Engine) na SPOP (Stream Processing Offload Protocol). Na mbụ, a kwadoro mmepe ndọtị naanị na C;
- Agbakwunyere onye na-ahụ maka spoa-mirror mpụga (/ usr / sbin / spoa-mirror) maka ịrịọ arịrịọ maka ihe nkesa dị iche (dịka ọmụmaatụ, maka iṅomi akụkụ nke okporo ụzọ mmepụta maka ịnwale ebe nnwale n'okpuru ezigbo ibu);
- Ewebata iji hụ na njikọta na ikpo okwu Kubernetes;
- Nkwado arụnyere n'ime maka mbupụ ọnụ ọgụgụ na sistemụ nleba anya ;
- Protocol ndị ọgbọ, nke ejiri na ọnụ ụzọ ndị ọzọ na-agba HAProxy gbanwere ozi, agbatịla. Gụnyere nkwado agbakwunyere maka Heartbeat na nnyefe data ezoro ezo;
- Agbakwunyela oke “sample” na ntuziaka “log”, nke na-enye gị ohere ịkwanye naanị akụkụ nke arịrịọ n'ime log, dịka ọmụmaatụ 1 n'ime 10, iji mepụta nlele nyocha;
- Agbakwunyere ọnọdụ profaịlụ akpaka (profiling.tasks ntuziaka, nke nwere ike were ụkpụrụ na-akpaghị aka, gbanye na gbanyụọ). Agbanyere profaịlụ akpaaka ma ọ bụrụ na nkezi latency gafere 1000 ms. Iji lelee data profaịlụ, agbakwunyere iwu “profiling show” na API Runtime ma ọ bụ ọ ga-ekwe omume ịtọgharịa ọnụ ọgụgụ na ndekọ;
- Nkwado agbakwunyere maka ịnweta sava azụ azụ site na iji usoro SOCKS4;
- Nkwado njedebe na njedebe maka usoro maka imeghe njikọ TCP ngwa ngwa (TFO - TCP Fast Open, RFC 7413), nke na-enye gị ohere ibelata ọnụ ọgụgụ nke usoro nhazi njikọ site na ijikọta nke mbụ n'ime otu arịrịọ na nzọụkwụ nke abụọ. usoro mkparita uka nke njikọ 3-nzọụkwụ kpochapụwo ma mee ka o kwe omume izipu data na mmalite mmalite nke ịmepụta njikọ;
- Agbakwunyere omume ọhụrụ:
- "http-request replace-uri" iji dochie URL ahụ site na iji okwu mgbe niile;
- "Tcp-request ọdịnaya do-resolve" na "http-request do-resolve" maka idozi aha nnabata;
- “tcp-request ọdịnaya set-dst” na “tcp-request ọdịnaya set-dst-port” iji dochie adreesị IP na ọdụ ụgbọ mmiri ebumnuche.
- Modul ntụgharị ọhụrụ agbakwunyere:
- aes_gcm_dev maka decrypting iyi site na iji AES128-GCM, AES192-GCM na AES256-GCM algọridim;
- protobuf iji wepụ ubi na ozi Protocol Buffers;
- ungrpc wepụ ubi na ozi gRPC.
isi: opennet.ru