Haproxy
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net.
1. Preperation
For configuring haproxy you need the following setups. Here I used ACL.
1.1. Using ACL
The use of Access Control Lists (ACL) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status. The principle is simple
1.2. Load Balancer
Hostname: lb.example.com
IP: 192.168.0.110
1.3 Web Server 1
Hostname: http1.example.com
IP: 192.168.0.111
1.4. Web Server 2
Hostname: http2.example.com
IP: 192.168.0.112
1.5. First download and install haproxy
To get latest version click here
$ wget http://haproxy.1wt.eu/download/1.2/src/haproxy-1.2.18.tar.gz $ tar -xzvf haproxy-1.2.18.tar.gz $ cd haproxy-1.2.18 $ sudo make TARGET=linux24
1.6. Configuring Load Balancer System IP : 192.168.0.110
set ENABLED to 1 in /etc/default/haproxy
$ sudo vim /etc/default/haproxy
# Set ENABLED to 1 if you want the init script to start haproxy. ENABLED=1 # Add extra flags here. #EXTRAOPTS="-de -m 16"
We back up the original /etc/haproxy.cfg and create a new one like this
cp /etc/haproxy.cfg /etc/haproxy.cfg_orig cat /dev/null > /etc/haproxy.cfg vi /etc/haproxy.cfg
Sample haproxy configuration file /etc/haproxy.cfg which uses ACL. In the below example if you use the domain example.com haproxy always uses web server 1,if you use loadbalancer.com
global
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
pidfile /var/run/haproxy.pid
daemon
# debug # If you want to start haproxy in debugging mode uncomment this line and comment the above line.
nbproc 4 # Number of processing cores. Dual Dual-core Opteron i s 4 cores for example.
defaults
log global
mode http
option httplog
option httpchk
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 50000
clitimeout 500000
srvtimeout 500000
backend back_std
balance roundrobin
option redispatch
cookie JSESSIONID prefix
option httpclose
option forwardfor
option httpchk HEAD /check.txt HTTP/1.0
server ws4 192.168.0.111:82 weight 1 check
# stats uri /status # Custom status URI
stats auth username:password
stats enable
stats refresh 10
backend back_lb
balance roundrobin
option redispatch
cookie JSESSIONID prefix nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
server ws1 192.168.0.111:81 cookie ws1 weight 1 check
server ws2 192.168.0.112:81 cookie ws2 weight 1 check
option httpclose
option forwardfor
stats enable
stats refresh 10
frontend http-in
bind :80
acl hosts_std hdr_end(host) -i example1..com # Which is not load balanced
acl hosts_std hdr_end(host) -i example1.com:80
acl hosts_lb hdr_end(host) -i loadbalancer.com # Which is load balanced
acl hosts_lb hdr_end(host) -i loadbalancer.com:80
use_backend back_std if hosts_std # If requests comes to the domain which is in host_std then that URL will use back_std
use_backend back_lb if hosts_lb # If requests comes to the domain which is in host_lb then that URL will use back_lb
To allow HAProxy to bind to the shared IP address, we add the following line to /etc/sysctl.conf:
$ sudo vim /etc/sysctl.conf
[...] net.ipv4.ip_nonlocal_bind=1 [...]
and run
$ sudo sysctl -p
1.7 Start haproxy
$ sudo /etc/init.d/haproxy start
1.8. Configuring Web Server 1 & Web Server2
We will configure HAProxy as a transparent proxy, i.e., it will pass on the original user’s IP address in a field called X-Forwarded-For to the backend web servers. Of course, the backend web servers should log the original user’s IP address in their access logs instead of the IP addresses of our load balancers. Therefore we must modify the LogFormat line in /etc/apache2/apache2.conf and replace %h with %{X-Forwarded-For}i:
$ sudo vim /etc/apache2/apache2.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#LogFormat "%h %l %u %t \"%r\" %>s %b" common
#LogFormat "%{Referer}i -> %U" referer
#LogFormat "%{User-agent}i" agentLogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Also, we will configure HAProxy to check the backend servers health by continuously requesting the file check.txt (translates to /var/www/check.txt if /var/www is your document root) from the backend servers. Of course, these requests would totally bloat the access logs and mess up your page view statistics (if you use a tool like Webalizer or AWstats that generates statistics based on the access logs).
Therefore we open our virtualhost configuration (in this example it’s in /etc/apache2/sites-available/default) and put these two lines into it (comment out all other CustomLog directives in your vhost configuration):
$ sudo touch /var/www/check.txt $ sudo vi /etc/apache2/sites-available/default
[...] SetEnvIf Request_URI "^/check\.txt$" dontlog CustomLog /var/log/apache2/access.log combined env=!dontlog [...]
Adds the ports to /etc/apache2/ports.conf file.
Listen 81 Listen 82 <IfModule mod_ssl.c> Listen 443 </IfModule>
Afterwards we restart Apache:
$ sudo /etc/init.d/apache2 restart
Now to check the status of haproxy use the custom URI or use http://example1.com/haproxy?stats
I hope it helped, a comment with your questions are welcome 
No Comment Received
Leave A Reply