Message icon
フッターコンテンツにスキップ
  1. IronSecureDoc
  2. IronSecureDocブログ
  3. IronSecureDocを使用する
  4. Haproxy Docker Compose
IRONSECUREDOCを使用する

Haproxy Docker Compose (開発者向けの仕組み)

Curtis Chau
Curtis Chau
更新日:

A load balancer is part of crucial modern IT infrastructure designed to distribute network traffic efficiently across multiple servers or resources. This improves the system's scalability and performance by preventing any single server from getting overloaded. The load balancer, which sits between the clients and the servers on the back end, minimizes response time while using the available resources.

Load balancers carry out these basic tasks, which include fault tolerance, traffic distribution, and session persistence. A load balancer can be a primary software program, physical product, or cloud-based service provided by AWS or Azure. Some of the most commonly used algorithms for traffic allocation are Round Robin, Least Connections, and IP Hash.

What is HAProxy Docker?

HAProxy Docker refers to placing the HAProxy load balancer in a Docker container. The power of the traffic management capabilities of HAProxy can now be combined with the flexibility and portability of Docker. HAProxy is a popular, widely-used, open-source load balancer for web applications and microservices environments offering high availability and reverse proxying. The advantages of running HAProxy in a Docker container host include easy deployment, isolation, scalability, and platform independence. HAProxy Docker can distribute traffic across multiple backend services efficiently, monitor the health of containers, and dynamically adjust routing based on container availability.

It supports features such as SSL/TLS termination, session persistence, and multiple load-balancing algorithms, including Round Robin and Least Connections. This makes HAProxy Docker an excellent way to manage containerized traffic since it can even integrate well with orchestration tools like Kubernetes or Docker Swarm to provide dynamic scaling and automated service discovery. This ensures that modern applications have robust, high-performance, and secure traffic management without any file issues.

Features of HAProxy Docker

Load Balancing

HAProxy excels at spreading the load of network traffic over many backend servers. Its many load-balancing algorithms include Round Robin, Least Connections, and IP Hash, so that customers may adapt the traffic flow according to their applications' special needs. This allows HAProxy to accept traffic on both Layer 4 (TCP) and Layer 7 (HTTP/HTTPS) supported architectures, which puts it at a high-performance range from simple TCP routing applications to complex application-layer load balancing.

High Availability

The central feature, high availability, means keeping the service up and always running. HAProxy sends traffic away from servers proven unhealthy or failed due to backend servers' health statuses. Failover prevents too much downtime in cases where a server is not alive or unexpectedly fails.

SSL/TLS support

HAProxy fully supports SSL/TLS, ensuring secure communication from the client to the servers. In addition, HAProxy can terminate SSL/TLS connections to offload encryption and decryption tasks away from backend servers, improving the former's performance. If end-to-end encryption is required, HAProxy can forward the encrypted traffic to the services behind it.

Reverse Proxying

HAProxy is one of the best reverse proxies for sending all client request traffic to the related services on the backend side. It supports features such as altering headers, redirects from URLs, or even some specialized routing based on specific user conditions that can be set against specific rules. Thus, HAProxy can also be considered one of the viable candidates for multi-service architecture, along with microservices.

Security Enhancement

HAProxy is full of security features such as rate limiting, DDoS protection, and ACLs. All these are used to filter incoming traffic, which means that malicious requests that might otherwise reach your back-end servers will be blocked, keeping your applications stable.

Scalability

HAProxy is highly scalable. It can easily support millions of concurrent connections without latency being associated with the use and scale up without having latency problems. This environment supports container orchestration environments like Kubernetes and Docker Swarm, with their containerized workloads providing the advantages of dynamic scaling and service discovery.

Logging and Monitoring

HAProxy possesses fine-grained logging that can help to make sense of flows, troubleshoot issues, and analyze performance. It interoperates seamlessly with Prometheus' monitoring tool, Grafana, and Datadog among others representing real-time data regarding servers' healthiness, network traffic flow, and resource utilization.

HAProxy supports easy flexibility in configuration

HAProxy offers a very flexible and powerful configuration capability. Utilizing it, users can define rather sophisticated routing rules like routing conditionally on headers or cookies. URL rewriting as well as session persistence is supported, even multi-tenancy, whereby one instance of HAProxy can service multiple domains or applications.

Installing HAProxy with Docker

Installing and running HAProxy using Docker is a fairly simple process. Below are the steps taken one step at a time.

Docker Installation

Ensure that Docker is installed on your system. To verify installation, you can run the command below:

docker --version
docker --version
SHELL

If Docker is not installed on the system, visit the Docker link here to download and install it from the official website.

Pull the HAProxy Docker Image

Pull the official HAProxy image from Docker Hub. The command below will download the most recent stable version:

docker pull haproxy:latest
docker pull haproxy:latest
SHELL

Create an HAProxy Configuration File

HAProxy needs a configuration file that defines its behavior. Create a file called haproxy.cfg with the following content:

global
    log stdout format raw local0
defaults
    log     global
    mode    http
    timeout connect 5s
    timeout client  50s
    timeout server  50s
frontend http_front
    bind *:80
    default_backend http_back
backend http_back
    server app1 host.docker.internal:32769 check

This HAProxy config defines:

  • Frontend: Listens on port 80 and routes traffic to the backend.
  • Backend: Points to app1 hosted at host.docker.internal:32769.

Run HAProxy Docker Container

Run the HAProxy Docker container, mounting the configuration file and exposing the necessary ports:

docker run -d --network haproxy --name haproxy-container -p 80:80 -v $(pwd)/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy:latest
docker run -d --network haproxy --name haproxy-container -p 80:80 -v $(pwd)/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy:latest
SHELL
  • -d: Runs the container in detached mode.
  • --name haproxy-container: Names the container.
  • -p 80:80: Maps port 80 on the host to port 80 in the container.
  • -v $(pwd)/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro: Mounts the local configuration file into the container.

Access HAProxy

Open a web browser and navigate to http://localhost:80 or your server's IP address to test traffic routing.

What is IronSecureDoc?

IronSecureDoc is a utility for document management and security that relies on strong encryption, advanced PDF manipulation, and digital signing. It provides document confidentiality and integrity to companies and developers with smooth access, making the processing of PDF documents easier without direct or indirect dependencies.

In addition, IronPDF is a PDF API that facilitates creating a PDF from any data input and adding or editing content using parameters such as text, images, and metadata. This includes features such as merging several PDFs, splitting documents, and adding comments, highlights, or watermarks for annotations.

It provides password protection, AES encryption, and certificate-based access controls to lock all your sensitive information and data. Moreover, it enables digital signing to authenticate your documents and ensure non-repudiation—a very important feature in the financial, medical, and legal industries. Its audit trail functionality allows monitoring of all activities executed on the documents for compliance and accountability.

Install and Run IronSecureDoc

Pull the Docker image of IronSecureDoc using the following command in the Command Prompt or an open terminal window:

docker pull ironsoftwareofficial/ironsecuredoc
docker pull ironsoftwareofficial/ironsecuredoc
SHELL

Run the IronSecureDoc container:

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest
docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest
SHELL

This command starts a container instance of IronSecureDoc. You can now access IronSecureDoc on port http://localhost:8080/swagger/index.html.

Integrate IronSecureDoc with HAProxy

Prepare a haproxy.cfg file to define your frontend and backend configurations. Below is a simple example configuration:

global
    log stdout format raw local0
defaults
    log     global
    mode    http
    option  httplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms
frontend http_front
    bind *:4500
    acl body_has_data req.hdr_val(Content-Length) gt 0
    http-request set-method POST if METH_GET body_has_data
    use_backend ironsecuredoc if { path /ironsecuredoc } || { path_beg /ironsecuredoc/ }
    use_backend ironsecuredoc_ping if { path /ping } || { path_beg /ping/ }
    use_backend ironsecuredoc_encrypt if { path /encrypt } || { path_beg /encrypt/ }
backend ironsecuredoc
    balance roundrobin
    http-request set-path /swagger/index.html
    server ironsecuredoc_server host.docker.internal:8080 check
backend ironsecuredoc_encrypt
    balance roundrobin
    http-request set-path /v1/document-services/pdfs/encrypt
    server ironsecuredoc_server host.docker.internal:8080 check
backend ironsecuredoc_ping
    balance roundrobin
    http-request set-path /v1/document-services/ping
    server ironsecuredoc_server host.docker.internal:8080 check

This HAProxy configuration handles HTTP traffic for multiple IronSecureDoc services. It defines global raw log output and sets default HTTP mode with detailed logging. The frontend listens on port 4500 and routes requests based on the path. The acl body_has_data checks for the presence of data and converts GET requests to POST if needed. The backend uses the Round Robin algorithm for load balancing, ensuring requests are forwarded appropriately with health checks to ensure server availability.

To send a simple encrypt request using cURL:

curl -X 'POST' \
  'http://localhost:4500/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
curl -X 'POST' \
  'http://localhost:4500/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
SHELL

This request to the IronSecureDoc API applies user password encryption to a PDF document, and the output file is safely sent and downloaded.

Conclusion

The integration of HAProxy with the IronSecureDoc software ensures a reliable and scalable solution for managing document security services with optimized traffic routing and load balancing. HAProxy efficiently distributes traffic across multiple instances of IronSecureDoc, ensuring high availability through health checks and custom routing rules.

This configuration allows for flexible handling of complex workflows like encryption and health monitoring. HAProxy and IronSecureDoc complement each other in a containerized environment, enhancing the deployment's resilience and performance.

Using the IronSecureDoc REST API, developers can seamlessly integrate safe document handling and effective PDF management into their web, mobile, and corporate applications. For more information about IronSecureDoc licensing, visit the licensing page. To explore more about Iron Software's products, visit the library suite page.

よくある質問

Docker Composeを使用してHAProxyをデプロイするにはどうすればよいですか?

Docker Composeを使用してHAProxyをデプロイするには、必要な設定を載せたHAProxyサービスを指定するdocker-compose.ymlファイルを作成する必要があります。このセットアップにより、HAProxyを他のサービスと一緒に管理でき、シームレスなトラフィック管理と高可用性を確保します。

マイクロサービスにDockerでHAProxyを使用する利点は何ですか?

マイクロサービスにDockerでHAProxyを使用すると、動的スケーリング、自動サービス発見、効率的なトラフィック分配を享受できます。HAProxyのSSL/TLS終端およびさまざまな負荷分散アルゴリズムのサポートにより、マイクロサービスアーキテクチャにおけるセキュリティとパフォーマンスが向上します。

DockerでSSL/TLS終端のためにHAProxyをどのように設定できますか?

HAProxyは、HAProxy設定ファイルで適切なfrontendおよびbackend設定を設定することでSSL/TLS終端のために設定できます。これにより、バックエンドサーバーから暗号化タスクをオフロードし、パフォーマンスとセキュリティを最適化します。

コンテナ化された環境でのセキュリティ強化のためにHAProxyが果たす役割は何ですか?

HAProxyは、DDoS保護、レート制限、アクセス制御リスト(ACL)などの機能を通じて、コンテナ化された環境でのセキュリティを強化します。これらのセキュリティ対策により、悪意のあるトラフィックがバックエンドサービスに到達するのを防ぎ、セキュアなアプリケーションデプロイメントを確保します。

開発者はIronSecureDocを使用してどのようにアプリケーションにドキュメントのセキュリティ機能を統合できますか?

開発者はIronSecureDocのREST APIを使用して、ドキュメントのセキュリティ機能を統合できます。これにより、ドキュメントの暗号化、PDFの操作、デジタル署名のアプリケーション内でのシームレスな実装が可能になり、ドキュメントの管理とセキュリティを向上させます。

HAProxyはKubernetesのようなオーケストレーションツールとどのように統合を容易にしますか?

HAProxyは、動的スケーリングおよび自動サービス発見のサポートにより、Kubernetesのようなオーケストレーションツールと統合を容易にします。これにより、コンテナ化されたデプロイメントで効率的なトラフィック管理と高可用性が確保され、リソース利用とシステムの回復力が最適化されます。

高可用性をサポートするHAProxyの主要な機能は何ですか?

HAProxyは、ヘルスチェック、フェイルオーバーメカニズム、セッション持続性などの機能を通じて高可用性をサポートしています。これらの機能により、トラフィックは障害が発生したサーバーから転送され、ダウンタイムが最小限に抑えられ、連続的なサービス運用が維持されます。

ドキュメント管理のためにHAProxyとIronSecureDocを統合するプロセスは何ですか?

ドキュメント管理のためにHAProxyとIronSecureDocを統合するプロセスは、HAProxyを設定してIronSecureDocサービスへのトラフィックを効率的にルーティングすることを含みます。このセットアップにより、最適化されたトラフィックルーティングと負荷分散を活用して、コンテナ化された環境でのドキュメントセキュリティが強化されます。

Curtis Chau
Curtis Chau
  今すぐエンジニアリングチームとチャット
テクニカルライター

Curtis Chauは、カールトン大学でコンピュータサイエンスの学士号を取得し、Node.js、TypeScript、JavaScript、およびReactに精通したフロントエンド開発を専門としています。直感的で美しいユーザーインターフェースを作成することに情熱を持ち、Curtisは現代のフレームワークを用いた開発や、構造の良い視覚的に魅力的なマニュアルの作成を楽しんでいます。

開発以外にも、CurtisはIoT(Internet of Things)への強い関心を持ち、ハードウェアとソフトウェアの統合方法を模索しています。余暇には、ゲームをしたりDiscordボットを作成したりして、技術に対する愛情と創造性を組み合わせています。

関連する記事

30日間の無料体験 → 完全な製品。制限なし。クレジットカード不要。 無料トライアルを開始