ãªãªãŒã¹ã®äž»ãªç¹åŸŽ:
- æ°ãã API ãå°å
¥ãããŸãã
ããŒã¿ãã©ã³ ã䜿çšãããšãREST Web API ãä»ã㊠HAProxy èšå®ããªã³ã¶ãã©ã€ã§ç®¡çã§ããŸãã ããã«ã¯ãããã¯ãšã³ããšãµãŒããŒã®åçè¿œå ãšåé€ãACL ã®äœæããªã¯ãšã¹ã ã«ãŒãã£ã³ã°ã®å€æŽãIP ãžã®ãã³ãã©ãŒ ãã€ã³ãã£ã³ã°ã®å€æŽãå«ãŸããŸãã - nbthread ãã£ã¬ã¯ãã£ããè¿œå ãããŸãããããã«ãããHAProxy ã§äœ¿çšãããã¹ã¬ããã®æ°ãæ§æããŠãã«ãã³ã¢ CPU ã®ããã©ãŒãã³ã¹ãæé©åã§ããããã«ãªããŸãã ããã©ã«ãã§ã¯ãã¯ãŒã«ãŒ ã¹ã¬ããã®æ°ã¯çŸåšã®ç°å¢ã§å©çšå¯èœãª CPU ã³ã¢ã«å¿ããŠéžæãããã¯ã©ãŠãç°å¢ã§ã¯ããã©ã«ã㯠XNUMX ã¹ã¬ããã§ãã ããŒã ãªããããèšå®ããããã«ãã¢ã»ã³ã㪠ãªãã·ã§ã³ MAX_THREADS ããã³ MAX_PROCS ãè¿œå ãããã¹ã¬ãããšããã»ã¹ã®æ°ã®äžéãå¶éãããŸãã
- ãã³ãã©ãŒããããã¯ãŒã¯ ã¢ãã¬ã¹ã«ãã€ã³ãããããã®ãã€ã³ã ãã£ã¬ã¯ãã£ãã®äœ¿çšãç°¡çŽ åãããŸããã ã»ããã¢ããæã«ãããã»ã¹ ãã©ã¡ãŒã¿ãå®çŸ©ããå¿ èŠã¯ãªããªããŸãããããã©ã«ãã§ã¯ãæ¥ç¶ã¯ã¢ã¯ãã£ããªæ¥ç¶ã®æ°ã«å¿ããŠã¹ã¬ããéã§åæ£ãããŸãã
- åé¢ãããã³ã³ãããŒã§å®è¡ããå Žåã®ãã°ã®ã»ããã¢ãããç°¡çŽ åããããã°ã stdout ããã³ stderr ã«å ããŠãæ¢åã®ãã¡ã€ã«èšè¿°å (ããšãã°ããlog fd@1 local0ã) ã«éä¿¡ã§ããããã«ãªããŸããã
- HTX (ãã€ãã£ã HTTP è¡šçŸ) ã®ãµããŒãã¯ããã©ã«ãã§æå¹ã«ãªã£ãŠããããšã³ãããŒãšã³ã HTTP/2ãã¬ã€ã€ãŒ 7 åè©Šè¡ãgRPC ãªã©ã®é«åºŠãªæ©èœã䜿çšãããšãã«ãã©ã³ã¹ããšãããšãã§ããŸãã HTX ã¯ããããŒããã®å Žã§çœ®ãæããã®ã§ã¯ãªããå€æŽæäœãåé€ããŠãªã¹ãã®æåŸã«æ°ããããããŒãè¿œå ããã ãã§æžããããHTTP ãããã³ã«ã®æ¡åŒµããªã¢ã³ããæäœã§ããããã«ãªããããããŒã®å ã®ã»ãã³ãã£ã¯ã¹ãç¶æããã次ã®ããšãå¯èœã«ãªããŸãã HTTP/2 ãã HTTP/1.1 ãžããŸãã¯ãã®éã«å€æããéã«ãããé«ãããã©ãŒãã³ã¹ãå®çŸããŸãã
- ãšã³ãããŒãšã³ã HTTP/2 ã¢ãŒã (ãããã·ãšã¯ã©ã€ã¢ã³ãéã®å¯Ÿè©±ã ãã§ãªãããââãã¯ãšã³ããžã®åŒã³åºããå«ã HTTP/2 ã®ãã¹ãŠã®æ®µéã®åŠç) ã®å ¬åŒãµããŒããè¿œå ããŸããã
- gRPC ãããã³ã«ã®åæ¹åãããã·ã®å®å šãµããŒããå®è£ ãããŠãããgRPC ã¹ããªãŒã ã®è§£æãåã ã®ã¡ãã»ãŒãžã®åŒ·èª¿è¡šç€ºããã°å ã® gRPC ãã©ãã£ãã¯ã®åæ ãACL ã䜿çšããã¡ãã»ãŒãžã®ãã£ã«ã¿ãªã³ã°ãå¯èœã§ãã gRPC ã䜿çšãããšããŠãããŒãµã« API ã䜿çšããŠçžäºã«å¯Ÿè©±ããããŸããŸãªããã°ã©ãã³ã°èšèªã§ãã€ã¯ããµãŒãã¹ã®äœæ¥ãæŽçã§ããŸãã gRPC ã®ãããã¯ãŒã¯é信㯠HTTP/2 ãããã³ã«ã®äžã«å®è£ ãããããŒã¿ã®ã·ãªã¢ã«åã®ããã®ãããã³ã« ãããã¡ãŒã®äœ¿çšã«åºã¥ããŠããŸãã
- ãã¬ã€ã€ãŒ 7 åè©Šè¡ãã¢ãŒãã®ãµããŒããè¿œå ãããŸãããããã«ããããããã¯ãŒã¯æ¥ç¶ã®ç¢ºç«ã®åé¡ãšã¯é¢ä¿ã®ãªããœãããŠã§ã¢é害ãçºçããå Žå (ããšãã°ãå¿çããªãå Žåãå¿çã空ã®å Žåãªã©)ãHTTP ãªã¯ãšã¹ããç¹°ãè¿ãéä¿¡ã§ããããã«ãªããŸãã POST ãªã¯ãšã¹ã)ã ãã®ã¢ãŒããç¡å¹ã«ããããã«ããdisable-l7-retryããã©ã°ããhttp-requestããªãã·ã§ã³ã«è¿œå ãããããã©ã«ãããªãã¹ã³ãããã³ããã¯ãšã³ãã®ã»ã¯ã·ã§ã³ã§åŸ®èª¿æŽããããã®ãretry-onããªãã·ã§ã³ãè¿œå ãããŸããã 次ã®ãµã€ã³ã¯åéä¿¡ã«å©çšã§ããŸã: all-retryable-errorsãnoneãconn-failureãempty-responseãjunk-responseãresponse-timeoutã0rtt-rejectedãããã³æ»ãã¹ããŒã¿ã¹ ã³ãŒã (404 ãªã©) ãžã®ãã€ã³ãã ;
- æ°ããããã»ã¹ ãããŒãžã£ãŒãå®è£
ãããHAProxy ã®ãã³ãã©ãŒã䜿çšããŠå€éšå®è¡å¯èœãã¡ã€ã«ã®åŒã³åºããæ§æã§ããããã«ãªããŸããã
ããšãã°ãããŒã¿ ãã©ã³ API (/usr/sbin/dataplaneapi) ããã³ããŸããŸãªãªãããŒã ã¹ããªãŒã åŠçãšã³ãžã³ã¯ããã®ãããªå€éšãã³ãã©ãŒã®åœ¢åŒã§å®è£ ãããŸãã - SPOE (ã¹ããªãŒã åŠçãªãããŒã ãšã³ãžã³) ããã³ SPOP (ã¹ããªãŒã åŠçãªãããŒã ãããã³ã«) æ¡åŒµæ©èœãéçºããããã® .NET CoreãGoãLuaãPython ã®ãã€ã³ãã£ã³ã°ãè¿œå ãããŸããã 以åã¯ãæ¡åŒµæ©èœã®éçºã¯ C ã§ã®ã¿ãµããŒããããŠããŸããã
- ãªã¯ãšã¹ããå¥ã®ãµãŒããŒã«ãã©ãŒãªã³ã°ããããã®å€éš spoa-mirror ãã³ãã©ãŒ (/usr/sbin/spoa-mirror) ãè¿œå ããŸãã (ããšãã°ãå®éã®è² è·ã®äžã§å®éšç°å¢ããã¹ãããããã«éçšãã©ãã£ãã¯ã®äžéšãã³ããŒãããã)ã
- ããæåºããã
HAProxy Kubernetes Ingress ã³ã³ãããŒã©ãŒ Kubernetes ãã©ãããã©ãŒã ãšã®çµ±åã確å®ã«ããããã - çµ±èšãç£èŠã·ã¹ãã ã«ãšã¯ã¹ããŒãããããã®çµã¿èŸŒã¿ãµããŒããè¿œå ããŸãã
ããã¡ããŠã¹ ; - HAProxy ãå®è¡ããŠããä»ã®ããŒããšæ å ±ã亀æããããã«äœ¿çšãããã㢠ãããã³ã«ãæ¡åŒµãããŸããã ããŒãããŒããšæå·åãããããŒã¿éä¿¡ã®è¿œå ãµããŒããå«ãŸããŸãã
- ãsampleããã©ã¡ãŒã¿ããlogããã£ã¬ã¯ãã£ãã«è¿œå ãããŸãããããã«ããããªã¯ãšã¹ãã®äžéšã®ã¿ïŒããšãã° 1 ä»¶äž 10 件ïŒããã°ã«ãã³ãããŠãåæãµã³ãã«ã圢æã§ããŸãã
- èªåãããã¡ã€ãªã³ã° ã¢ãŒããè¿œå ããŸãã (profiling.tasks ãã£ã¬ã¯ãã£ããautoãonãoff ã®å€ãåãããšãã§ããŸã)ã å¹³åé 延ã 1000 ããªç§ãè¶ ããå Žåãèªåãããã¡ã€ãªã³ã°ãæå¹ã«ãªããŸãã ãããã¡ã€ãªã³ã° ããŒã¿ã衚瀺ããã«ã¯ããshow profilingãã³ãã³ããã©ã³ã¿ã€ã API ã«è¿œå ãããŠããããçµ±èšããã°ã«ãªã»ããããããšãã§ããŸãã
- SOCKS4 ãããã³ã«ã䜿çšããŠããã¯ãšã³ã ãµãŒããŒã«ã¢ã¯ã»ã¹ããããã®ãµããŒããè¿œå ãããŸããã
- TCP æ¥ç¶ãè¿ éã«éãããã®ã¡ã«ããºã (TFO - TCP Fast OpenãRFC 7413) ã«å¯Ÿãããšã³ãããŒãšã³ãã®ãµããŒããè¿œå ãããŸãããããã«ãããæåã®ã¹ãããã 3 ã€ã®ãªã¯ãšã¹ãã«çµåããXNUMX çªç®ã®ã¹ãããã XNUMX ã€ã®ãªã¯ãšã¹ãã«çµã¿åãããããšã§ãæ¥ç¶ã»ããã¢ããã®ã¹ãããæ°ãåæžã§ããŸããå€å žç㪠XNUMX ã¹ãããã®æ¥ç¶ããŽã·ãšãŒã·ã§ã³ ããã»ã¹ã«ãããæ¥ç¶ç¢ºç«ã®åæ段éã§ããŒã¿ãéä¿¡ã§ããããã«ãªããŸãã
- æ°ããã¢ã¯ã·ã§ã³ãè¿œå ãããŸãã:
- ãhttp-request replace-uriãã¯æ£èŠè¡šçŸã䜿çšã㊠URL ã眮ãæããŸãã
- ãã¹ãåã解決ããããã®ãtcp-request content do-resolveãããã³ãhttp-request do-resolveãã
- ãtcp-request content set-dstãããã³ãtcp-request content set-dst-portããã¿ãŒã²ããã® IP ã¢ãã¬ã¹ãšããŒãã«çœ®ãæããŸãã
- æ°ããå€æã¢ãžã¥ãŒã«ãè¿œå ãããŸãã:
- aes_gcm_dev: AES128-GCMãAES192-GCMãããã³ AES256-GCM ã¢ã«ãŽãªãºã ã䜿çšããŠã¹ããªãŒã ã埩å·åããŸãã
- protobuf ã¯ãããã³ã« ãããã¡ãŒ ã¡ãã»ãŒãžãããã£ãŒã«ããæœåºããŸãã
- ungrpc ã䜿çšã㊠gRPC ã¡ãã»ãŒãžãããã£ãŒã«ããæœåºããŸãã
åºæïŒ ãªãŒãã³ããã.ru