The writing of this small manual was preceded by several weeks of torment with attempts to work on projects, when it was necessary to launch a container with a site for work, containers with test assemblies so that testers could safely test new system features for basic data, as well as builds for technical support to study work with the system in conditions close to "combat".

In addition, a service web interface for members of my development team was supposed to work. In this case, some of the systems should work on one version of php , some on another. At the same time, there are differences in the environment in which the sites work, starting with the operating system and the http-server that processes requests, and ending with the installed php modules .

It seems to be nothing complicated, lift the containers and forward the ports outside. But for each container, you need to specify your own external ports that you need to remember, and then pass them, for example, to an accountant (this is also a tester) so that he checks the improvements in the system he uses. Sometimes I myself could not understand why the scripts I just fixed did not work as expected, or why the site did not open at all.

HAPRoxy , 80 443, .

docker

docker , .

docker . HAProxy ip- , - .

docker network create develop --subnet=172.20.0.0/16

ip docker-compose.yml :

networks:
  default:
    external:
      name: develop

, HAProxy, ip-.

    networks:
      default:
        ipv4_address: 172.20.1.1

https

HAProxy https .

, HAProxy.

1. (key)

sudo openssl genrsa -out site.key 2048

1. Certificate Signing Request (csr)

sudo openssl req -new -key site.key -out site.csr

1. (crt)

sudo openssl x509 -req -days 365 -in site.csr -signkey site.key -out site.crt

1. (pem)

sudo bash -c 'cat site.key site.crt >> site.pem'

HAProxy.

, HAProxy Docker.

haproxy.cfg docker-compose.yml.

, . , HAProxy docker-compose.

HAPRoxy

HAProxy 80 443, , , 80 . https.

443 .

HAProxy frontend , .



frontend , backend.



Backend, , .



defaults .



docker HAProxy /usr/local/etc/haproxy/haproxy.cfg

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
frontend http_frontend
    bind *:80
    redirect scheme https if !{ ssl_fc }
frontend https_frontend
    bind *:443 ssl crt /etc/ssl/certs/site.pem
    acl is_microbase hdr_end(host) -i microbase.localhost
    use_backend microbase if is_microbase
    acl is_coordinator hdr_end(host) -i coordinator.localhost
    use_backend coordinator if is_coordinator
backend microbase
    server microbase 172.20.1.1:80 check
backend coordinator
    server coordinator 172.20.1.2:80 check

docker-compose.yml

docker docker-compose, yml .

microbase.localhost coordinator.localhost HAProxy.

c HAProxy .

docker-compose docker-compose.yml .



-f.



docker-compose -f. , .

version: "3"
services:
  microbase:
    image: "inblank/php7.4-apache"
    volumes:
      - ./microbase:/var/www
    networks:
      default:
        ipv4_address: 172.20.1.1
  coordinator:
    image: "inblank/php7.4-apache"
    volumes:
      - ./coordinator:/var/www
    networks:
      default:
        ipv4_address: 172.20.1.2
  haproxy:
    image: "haproxy:2.2-alpine"
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
      - ./cert.pem:/etc/ssl/certs/site.pem
networks:
  default:
    external:
      name: develop

siege 25 . 1- .

siege coordinator.localhost -t 1m

php :

<?php
echo "Hello World!";

apache 2.4 php .

Intel Core i5-8250U 1.60GHz, 8 SSD . Linux Mint 20 Cinnamon

.

• 80
  
  

  HAProxy

  ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 258084 hits Availability: 100.00 % Elapsed time: 59.39 secs Data transferred: 2.95 MB Response time: 0.01 secs Transaction rate: 4345.58 trans/sec Throughput: 0.05 MB/sec Concurrency: 24.72 Successful transactions: 258084 Failed transactions: 0 Longest transaction: 0.04 Shortest transaction: 0.00

  ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 314572 hits Availability: 100.00 % Elapsed time: 59.18 secs Data transferred: 3.60 MB Response time: 0.00 secs Transaction rate: 5315.51 trans/sec Throughput: 0.06 MB/sec Concurrency: 24.64 Successful transactions: 314572 Failed transactions: 0 Longest transaction: 0.11 Shortest transaction: 0.00

~18%.

• 80 443
  
  

  HAProxy

  ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 114804 hits Availability: 100.00 % Elapsed time: 59.44 secs Data transferred: 0.66 MB Response time: 0.01 secs Transaction rate: 1931.43 trans/sec Throughput: 0.01 MB/sec Concurrency: 24.78 Successful transactions: 114824 Failed transactions: 0 Longest transaction: 1.03 Shortest transaction: 0.00

  ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 134364 hits Availability: 100.00 % Elapsed time: 59.80 secs Data transferred: 19.99 MB Response time: 0.01 secs Transaction rate: 2246.89 trans/sec Throughput: 0.33 MB/sec Concurrency: 24.74 Successful transactions: 134374 Failed transactions: 0 Longest transaction: 0.08 Shortest transaction: 0.00

~14.5%.

As expected, there is a performance drop when using a solution with HAProxy , but it is not critical for using this configuration in the process of developing sites and providing access to test assemblies.

Links

HAProxy

1. HSProxy official website
2. HAProxy Documentation
3. The Four Essential Sections of an HAProxy Configuration
4. Official Docker image of HAProxy

Docker

1. Docker Official Site
2. Docker-compose official page
3. Docker Compose file version 3 reference