preload preload preload preload

Apache Load Balance Using Haproxy

29 June 2008 spacer Posted by Shahid spacer Apache, Linux

Haproxy

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net.

1. Preperation

For configuring haproxy you need the following setups. Here I used ACL.

1.1. Using ACL

The use of Access Control Lists (ACL) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status. The principle is simple

1.2. Load Balancer

Hostname: lb.example.com

IP: 192.168.0.110

1.3 Web Server 1

Hostname: http1.example.com

IP: 192.168.0.111

1.4. Web Server 2

Hostname: http2.example.com

IP: 192.168.0.112

1.5. First download and install haproxy

To get latest version click here 

$ wget  http://haproxy.1wt.eu/download/1.2/src/haproxy-1.2.18.tar.gz
$ tar -xzvf haproxy-1.2.18.tar.gz
$ cd  haproxy-1.2.18
$ sudo make  TARGET=linux24

 1.6. Configuring Load Balancer System IP : 192.168.0.110

set ENABLED to 1 in /etc/default/haproxy

 $ sudo vim /etc/default/haproxy
# Set ENABLED to 1 if you want the init script to start haproxy.

ENABLED=1

# Add extra flags here.
#EXTRAOPTS="-de -m 16"

We back up the original /etc/haproxy.cfg and create a new one like this

cp /etc/haproxy.cfg /etc/haproxy.cfg_orig
cat /dev/null > /etc/haproxy.cfg
vi /etc/haproxy.cfg

Sample haproxy configuration file /etc/haproxy.cfg which uses ACL. In the below example if you use the domain example.com haproxy always uses web server 1,if you use loadbalancer.com

global
global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        pidfile /var/run/haproxy.pid
        daemon
#       debug           # If you want to start haproxy in debugging mode uncomment this line and comment the above line.
        nbproc      4   # Number of processing cores. Dual Dual-core Opteron i    s 4 cores for example.
defaults
        log     global
        mode    http
        option  httplog
        option  httpchk
        option  dontlognull
        retries 3
        option          redispatch
        maxconn 2000
        contimeout      50000
        clitimeout      500000
        srvtimeout      500000

backend back_std
        balance roundrobin
        option redispatch
        cookie JSESSIONID prefix
        option httpclose
        option forwardfor
        option httpchk HEAD /check.txt HTTP/1.0
        server ws4 192.168.0.111:82 weight 1 check
#      stats uri /status   # Custom status URI
        stats auth username:password
        stats enable
        stats refresh 10

backend back_lb
        balance roundrobin
        option redispatch
        cookie JSESSIONID prefix nocache indirect
        option httpchk HEAD /check.txt HTTP/1.0
        server ws1 192.168.0.111:81 cookie ws1 weight 1 check
        server ws2 192.168.0.112:81 cookie ws2 weight 1 check
        option httpclose
        option forwardfor
        stats enable
        stats refresh 10

frontend http-in
        bind :80
        acl hosts_std hdr_end(host) -i example1..com          # Which is not load balanced
        acl hosts_std hdr_end(host) -i example1.com:80

        acl hosts_lb hdr_end(host) -i loadbalancer.com      # Which is load balanced
        acl hosts_lb hdr_end(host) -i loadbalancer.com:80

        use_backend back_std if hosts_std       # If requests comes to the domain which is in host_std then that URL will use back_std
        use_backend back_lb if hosts_lb          # If requests comes to the domain which is in host_lb then that URL will use back_lb

To allow HAProxy to bind to the shared IP address, we add the following line to /etc/sysctl.conf:

$ sudo vim /etc/sysctl.conf
[...]
net.ipv4.ip_nonlocal_bind=1
[...]

and run

$ sudo sysctl -p

1.7 Start haproxy

$ sudo /etc/init.d/haproxy start

1.8. Configuring Web Server 1 & Web Server2

We will configure HAProxy as a transparent proxy, i.e., it will pass on the original user’s IP address in a field called X-Forwarded-For to the backend web servers. Of course, the backend web servers should log the original user’s IP address in their access logs instead of the IP addresses of our load balancers. Therefore we must modify the LogFormat line in /etc/apache2/apache2.conf and replace %h with %{X-Forwarded-For}i:

 $ sudo vim /etc/apache2/apache2.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#LogFormat "%h %l %u %t \"%r\" %>s %b" common
#LogFormat "%{Referer}i -> %U" referer
#LogFormat "%{User-agent}i" agentLogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Also, we will configure HAProxy to check the backend servers health by continuously requesting the file check.txt (translates to /var/www/check.txt if /var/www is your document root) from the backend servers. Of course, these requests would totally bloat the access logs and mess up your page view statistics (if you use a tool like Webalizer or AWstats that generates statistics based on the access logs).

Therefore we open our virtualhost configuration (in this example it’s in /etc/apache2/sites-available/default) and put these two lines into it (comment out all other CustomLog directives in your vhost configuration):

$ sudo touch /var/www/check.txt
$ sudo vi /etc/apache2/sites-available/default
[...]
SetEnvIf Request_URI "^/check\.txt$" dontlog
CustomLog /var/log/apache2/access.log combined env=!dontlog
[...]

Adds the ports to /etc/apache2/ports.conf file.

Listen 81
Listen 82
<IfModule mod_ssl.c>
    Listen 443
</IfModule>

Afterwards we restart Apache:

$ sudo /etc/init.d/apache2 restart

Now to check the status of haproxy use the custom URI or use http://example1.com/haproxy?stats

I hope it helped, a comment with your questions are welcome  :)

  • Share/Bookmark

  • 4 responses to "Apache Load Balance Using Haproxy"

  • Alexwebmaster
    14:58 on March 3rd, 2009

    Hello webmaster
    I would like to share with you a link to your site
    write me here preonrelt@mail.ru

  • weput
    4:38 on November 5th, 2009

    What is the exact haproxy option to pass the ip to the backend servers??

    I did exacly as you showed here (ofcourse i have other haproxy config as i only have 2 backends servers) and the logs on apache showed – - – - instead of the source ip.

  • admin
    11:33 on January 1st, 2010

    Hi weput

    Thanks for reading the post.

    Please check your haproxy configuration file and conform below two lines are there in the configuraion file.

    option httpclose
    option forwardfor

    Also edit the web server configuration file to log source IP. Use X-Forwarded-For.

  • Leave a Reply

    * Required
    ** Your Email is never shared

Email Subscriptions

Enter your email address:

Delivered by FeedBurner

Calendar

March 2010
M T W T F S S
« Jan    
1234567
891011121314
15161718192021
22232425262728
293031  
© 2010 Linux, Programming, Telephony, Asterisk, Apache, Tips & Tricks
Wordpress Themes by DT Website Templates