sampleconf.xml (8043B)
1 <?xml version="1.0" encoding="UTF-8"> 2 3 <configuration> 4 5 <!-- General system configuration section --> 6 7 <system> 8 <!-- Path where the "xr" binary is searched, and zippers as "gzip" 9 and "bzip2", and the "ps" command. Default is that xrctl 10 uses $PATH. --> 11 <path>/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin</path> 12 <!-- "ps" command that shows the PID and command. On Solaris, use 13 /usr/bin/ps -ef "pid comm" and on Linux/MacOSX use 14 /bin/ps -ax -o pid,command. Default is that xrctl guesses 15 the right command. Example: 16 <pscmd>/bin/ps ax -o pid,command</pscmd> --> 17 <!-- Use "logger" to add output to syslog or not? Logger will be 18 used if the binary can be found, and if uselogger is true. --> 19 <uselogger>true</uselogger> 20 <!-- The default logger is the program "logger". Redefine here if 21 you like, for example to a piping logrotate program. Example: 22 <logger>clpipe /var/log/xr.clog</logger> 23 The default <logger> command is: logger -t xr.{service} --> 24 <!-- If logger is NOT used, xrctl will manage log output. In that 25 case, specify the following: 26 - Where do logs get written? 27 <logdir>/var/log</logdir> 28 - How big may the logs become? Manipulated during "xrctl rotate". 29 <maxlogsize>100000</maxlogsize> 30 - How many history logs to keep? 31 <loghistory>10</loghistory> --> 32 </system> 33 34 <!-- Service descriptions: This section defines all balancing 35 services that you want to start. Each service will lead to one 36 invocation of "xr". --> 37 38 <!-- Very simple TCP service that dispatches SSH connections on 39 port 20.000 to three back ends. Most options are left to 40 their defaults. --> 41 <service> 42 <!-- Service name, must be unique --> 43 <name>ssh</name> 44 <server> 45 <!-- Type (tcp/http, here: tcp), and IP-address/port to bind 46 to. Use "0" for IP-address to bind to all interfaces. --> 47 <type>tcp</type> 48 <address>0:20000</address> 49 <!-- The web interface will listen to localhost, port 20.001. The 50 (optional) display title at the web interface is "SSH 51 Balancer". It requires basic authentication, username "admin", 52 password "secret". --> 53 <webinterface>0:20001</webinterface> 54 <webinterfacename>SSH Balancer</webinterfacename> 55 <webinterfaceauth>admin:secret</webinterfaceauth> 56 <!-- Clients may be idle for 30 minutes, then they are logged 57 out. --> 58 <clienttimeout>1800</clienttimeout> 59 </server> 60 61 <!-- Back ends for the service. --> 62 <backend> 63 <!-- IP:port to dispatch to. --> 64 <address>server1:22</address> 65 </backend> 66 <backend> 67 <address>server2:22</address> 68 </backend> 69 <backend> 70 <address>server2:22</address> 71 </backend> 72 </service> 73 74 <!-- Here is an HTTP service for web balancing. It shows more 75 advanced features. --> 76 <service> 77 <name>webone</name> 78 79 <!-- Balancer server description --> 80 <server> 81 <!-- Server binding. XR will listen to any IP interface, on port 82 20.010. It'll be an HTTP balancer. The web interface will 83 be on port 20.011. There will be no display name on the web 84 interface, and no required authentication. --> 85 <address>0:20010</address> 86 <type>http</type> 87 <webinterface>127.0.0.1:20011</webinterface> 88 89 <!-- A non-default dispatch mode, here: by client IP.--> 90 <dispatchmode>lax-hashed-ip</dispatchmode> 91 92 <!-- Checks. Dead back ends are checked each 3 seconds. There is 93 no checking of dead and live back ends (checkupinterval 0). --> 94 <checks> 95 <wakeupinterval>3</wakeupinterval> 96 <checkupinterval>0</checkupinterval> 97 </checks> 98 99 <debugging> 100 <!-- Let's go with full messaging: verbose, debug, and logging 101 of transmitted messages. --> 102 <verbose>yes</verbose> 103 <debug>yes</debug> 104 <logtrafficdir>/tmp</logtrafficdir> 105 </debugging> 106 107 <!-- If the balancer runs out of sockets because too many 108 closing connections are in TIME_WAIT state, use: --> 109 <closesocketsfast>yes</closesocketsfast> 110 111 <!-- Access restrictions: we allow from two IP ranges, and deny 112 from one IP address. The overall results:will be: 113 - Access will be allowed from 10.*.*.* 114 - And allowed from 192.168.1.*, but not from 192.168.1.100 --> 115 <acl> 116 <allowfrom>10.255.255.255</allowfrom> 117 <allowfrom>192.168.1.255</allowfrom> 118 <denyfrom>192.168.1.100</denyfrom> 119 </acl> 120 121 <dosprotection> 122 <!-- Here is some basic DOS protection. Connections from IP's 123 are counted over timeinterval seconds (here: 2 sec). When a 124 client exceeds the hard limit hardmaxconnrate (here: 200), 125 then it is denied access. When it exceeds the soft limit 126 softmaxconnrate (here: 150), then each connection is 127 delayed for defertime microsecs (here: 1.000.000, one 128 sec). 129 Finally, the entire balancer will be allowed to serve up 130 to 400 simultaneous connections. 131 --> 132 <timeinterval>2</timeinterval> 133 <hardmaxconnrate>200</hardmaxconnrate> 134 <softmaxconnrate>150</softmaxconnrate> 135 <defertime>1000000</defertime> 136 <maxconnections>400</maxconnections> 137 138 <!-- Let's add some more protection. When a user exceeds their 139 hard maxconn rate, "/path/to/program" will be invoked 140 with the IP as argument. That program may eg. call 141 iptables to block the client. There is also a tag 142 softmaxconnexcess (not shown here). --> 143 <hardmaxconnexcess>/path/to/program</hardmaxconnexcess> 144 145 </dosprotection> 146 147 <http> 148 <!-- Since this is an HTTP balancer, let's add some goodies: 149 - no header for the XR version, 150 - a header X-Forwarded-For: client-ip 151 - no sticky http sessions 152 - modification of the Host: header to the back end server name 153 two serverheaders to insert --> 154 <addxrversion>off</addxrversion> 155 <addxforwardedfor>on</addxforwardedfor> 156 <stickyhttp>off</stickyhttp> 157 <replacehostheader>on</replacehostheader> 158 <serverheaders> 159 <header>MyFirstHeader: Whatever</header> 160 <header>MySecondHeader: WhateverElse</header> 161 </serverheaders> 162 </http> 163 </server> 164 165 <!-- Back end definitions --> 166 <backend> 167 <!-- Backend lives on server1:80 and is very big (weight 2). 168 XR will forward up to 300 connections to it. The back end 169 checking is left to the default, which is: connect to the 170 IP and port of the back end. Requests for host 171 www.mysite.org will be serviced here. --> 172 <address>server1:80</address> 173 <weight>2</weight> 174 <maxconnections>300</maxconnections> 175 <hostmatch>www.mysite.org</hostmatch> 176 </backend> 177 <backend> 178 <!-- Backend lives on server2:80, has the default weight 1. 179 XR will forward up to 100 connections to it. The back end 180 checking is done by connecting to an alternative port 81. 181 This back end will be eligible for requests for the site 182 www.myothersite.org. --> 183 <address>server2:80</address> 184 <maxconnections>100</maxconnections> 185 <backendcheck>connect::81</backendcheck> 186 <hostmatch>www.myothersite.org</hostmatch> 187 </backend> 188 <backend> 189 <!-- Backend lives on server3:80, has the standard weight and no 190 limitations for the max nr. of connections. Back end 191 checking is done by retrieving /healthcheck.cgi from the 192 server. The back end is eligible for www.myothersite.org. --> 193 <address>server3:80</address> 194 <backendcheck>get:server3:80/healthcheck.cgi</backendcheck> 195 <hostmatch>(www.myothersite.org)|(www.yetanothersite.org)</hostmatch> 196 </backend> 197 </service> 198 199 </configuration>