tokollo ea ho leka-lekanya mojaro , e leng se u lumellang ho aba sephethephethe sa HTTP le likōpo tse sa lumellaneng tsa TCP pakeng tsa sehlopha sa li-server, ho nahanela lintlha tse ngata (mohlala, ho hlahloba ho fumaneha ha li-server, ho lekola boemo ba mojaro, ho na le mekhoa ea ho thibela DDoS) le ho etsa ts'ebetso ea data ea mantlha ( mohlala, o ka hlalosa lihlooho tsa HTTP, li-parameter tsa lipotso tse sa nepahalang tsa sefa, thibela SQL le XSS substitution, hokela li-content processing agents). HAProxy le eona e ka ho hokahanya tšebelisano ea likarolo lits'ebetsong tse ipapisitseng le meralo ea li-microservices. Khoutu ea morero e ngotsoe ka C le e nang le laesense tlasa GPLv2. Morero o sebelisoa libakeng tse ngata tse kholo, ho kenyelletsa Airbnb, Alibaba, GitHub, Imgur, Instagram, Reddit, StackOverflow, Tumblr, Twitter le Vimeo.
Likarolo tsa bohlokoa tsa tokollo:
- API e ncha e hlahisitsoe , e u lumellang hore u tsamaise litlhophiso tsa HAProxy ha u fofa ka REST Web API. Ho kenyeletsoa, o ka eketsa le ho tlosa li-backends le li-server ka matla, oa theha li-ACL, u fetola likopo tsa ho fetola, ho fetola lihokela ho IP;
- E kentse taelo ea nbthread, e u lumellang hore u lokise palo ea likhoele tse sebelisoang ho HAProxy ho ntlafatsa ts'ebetso ho li-CPU tse ngata. Ka nako e sa lekanyetsoang, palo ea likhoele tsa basebetsi e khethoa ho latela li-cores tsa CPU tse fumanehang tikolohong ea hajoale, 'me libakeng tsa maru ntho ea kamehla ke khoele e le' ngoe. Ho beha meeli e thata, likhetho tsa kopano MAX_THREADS le MAX_PROCS li kentsoe, ho fokotsa moeli o kaholimo ho palo ea likhoele le lits'ebetso;
- Ts'ebeliso ea taelo ea ho tlamella liaterese tsa marang-rang e nolofalitsoe. Ha u theha, ha ho sa hlokahala ho hlalosa mekhoa ea ts'ebetso - ka ho sa feleng, likhokahano li tla ajoa har'a likhoele ho latela palo ea likhokahano tse sebetsang.
- Ho theha li-log ha o sebetsa ka har'a lijana tse ka thoko ho nolofalitsoe - log e ka romelloa hona joale ho stdout le stderr, hammoho le tlhaloso efe kapa efe e teng ea faele (mohlala, "log fd@1 local0");
- Tšehetso bakeng sa HTX (Native HTTP Representation) e nolofalloa ka ho sa feleng, ho lumella ho leka-lekanya ha ho sebelisoa likarolo tse tsoetseng pele tse kang ho qetela ho ea ho qetela HTTP/2, Layer 7 Retries le gRPC. HTX ha e nkele lihlooho sebakeng, empa e fokotsa ts'ebetso ea ho fetola ho tlosa le ho eketsa hlooho e ncha qetellong ea lenane, e leng se u lumellang hore u sebelise mefuta e meng e atolositsoeng ea protocol ea HTTP, ho boloka li-semantics tsa lihlooho le ho u lumella. ho finyella tshebetso e phahameng ha o fetolela HTTP/2 ho HTTP/1.1 le ka tsela e fapaneng;
- Ts'ehetso ea molao e ekelitsoeng bakeng sa mokhoa oa End-to-End HTTP/2 (ts'ebetso ea mekhahlelo eohle ho HTTP/2, ho kenyelletsa le mehala ho backend, eseng feela tšebelisano lipakeng tsa proxy le moreki);
- Ts'ehetso e felletseng ea proxy ea bidirectional ea protocol ea gRPC e kentsoe ts'ebetsong ka bokhoni ba ho fetisa melapo ea gRPC, ho totobatsa melaetsa e le 'ngoe, ho bonts'a sephethephethe sa gRPC ho log le ho sefa melaetsa ka li-ACL. gRPC e u lumella ho hlophisa mosebetsi oa li-microservices ka lipuo tse fapaneng tsa lenaneo tse sebelisanang ka API ea bokahohleng. Puisano ea marang-rang ho gRPC e kengoa tšebetsong ka holim'a HTTP/2 protocol 'me e ipapisitse le ts'ebeliso ea Protocol Buffers bakeng sa ho hlophisa lintlha.
- Ts'ehetso e ekelitsoeng bakeng sa "Layer 7 Retries" mode, e u lumellang hore u romele likopo tse pheta-phetoang tsa HTTP ha ho ka ba le liphoso tsa software tse sa amaneng le mathata a ho theha khokahano ea marang-rang (mohlala, haeba ho se karabo kapa karabo e se nang letho ho POST kopo). Ho tima mokhoa ona, folakha ea "disable-l7-retry" e kenyelelitsoe ho khetho ea "http-request", 'me khetho ea "retry-on" e kenyelitsoe bakeng sa ho lokisa hantle likarolong tse sa feleng, ho mamela le ho khutlela morao. Matshwao a latelang a teng bakeng sa ho romellwa hape: diphoso tsohle-tse lekang hape, ha di na, conn-falure, empty-response, junk-response, response-timeout, 0rtt-rejected, hammoho le ho tlamella ho khutlisa dikhoutu tsa maemo (404, jj.) ;
- Tsamaiso e ncha ea ts'ebetso e kentsoe ts'ebetsong, e leng se u lumellang hore u lokisetse ho letsetsa lifaele tsa ka ntle tse sebetsang ka li-haProxy.
Ka mohlala, API ea Data Plan (/ usr/sbin/dataplaneapi), hammoho le lienjineri tse fapaneng tsa ho sebetsa tsa Offload, li kengoa ts'ebetsong ka mokhoa oa mohlokomeli ea joalo oa kantle; - Litlamo li kenyelitsoe bakeng sa .NET Core, Go, Lua le Python bakeng sa ho ntlafatsa SPOE (Stream Processing Offload Engine) le SPOP (Stream Processing Offload Protocol). Nakong e fetileng, ntlafatso ea katoloso e ne e tšehetsoa feela ho C;
- E kentse sesebelisoa sa ka ntle sa spoa-mirror (/usr/sbin/spoa-mirror) bakeng sa likopo tsa seipone ho seva se arohaneng (mohlala, bakeng sa ho kopitsa karolo ea sephethephethe sa tlhahiso bakeng sa ho hlahloba tikoloho ea liteko tlas'a mojaro oa sebele);
- Tsebisoa ho netefatsa kopano le sethala sa Kubernetes;
- Ts'ehetso e kentsoeng bakeng sa ho romela lipalo-palo ho sistimi ea ho beha leihlo ;
- Protocol ea Peers, e sebelisetsoang ho fapanyetsana tlhahisoleseding le li-node tse ling tse tsamaisang HAProxy, e atolositsoe. Ho kenyelletsa tšehetso e eketsehileng bakeng sa Heartbeat le phetiso ea data e patiloeng;
- "Sample" parameter e kenyelelitsoe ho taelo ea "log", e leng se u lumellang hore u lahlele karolo feela ea likōpo ka har'a log, mohlala 1 ho 10, ho etsa sampuli ea tlhahlobo;
- E kenyellelitsoe mokhoa oa ho iketsetsa profiling (taelo ea profiling.tasks, e ka nkang boleng ka bohona, ho tima le ho tima). Ho etsa profaele ka boits'oaro hoa lumelloa haeba karolelano ea latency e feta 1000 ms. Ho sheba lintlha tsa profiling, taelo ea "show profiling" e kentsoe ho Runtime API kapa hoa khoneha ho tsosolosa lipalo-palo ho log;
- Ts'ehetso e ekelitsoeng bakeng sa ho fihlella li-server tsa backend ho sebelisa protocol ea SOCKS4;
- Ts'ehetso e kenyellelitsoeng ea ho qetela bakeng sa mochini oa ho bula likhokahano tsa TCP kapele (TFO - TCP Fast Open, RFC 7413), e u lumellang ho fokotsa palo ea mehato ea ho seta ea khokahano ka ho kopanya ea pele ho kopo e le 'ngoe le mohato oa bobeli. mokhoa oa khale oa puisano oa mehato e 3 'me o etsa hore ho khonehe ho romela lintlha boemong ba pele ba ho theha khokahanyo;
- Liketso tse ncha li kentsoe:
- "http-request replace-uri" ho fetola URL ho sebelisa polelo e tloaelehileng;
- “tcp-request content do-resolve” le “http-request do-resolve” bakeng sa ho rarolla lebitso la moamoheli;
- "tcp-request content set-dst" le "tcp-request content set-dst-port" ho nkela aterese ea IP le boema-kepe.
- E kentse li-module tse ncha tsa phetoho:
- aes_gcm_dev bakeng sa ho hlakola melapo ho sebelisa li-algorithms tsa AES128-GCM, AES192-GCM le AES256-GCM;
- protobuf ho ntša masimo ho tsoa melaetsa ea Protocol Buffers;
- ungrpc ho ntša masimo ho tsoa melaetsa ea gRPC.
Source: opennet.ru