HAProxy Load Balancer
IT infra going day to day very critical and costly, So for that we need simple IP based load balancing solution that handles ssl traffic. Basically it’s very easy and secure way to manage your server load balancing.
This example will shows you how we use this with easy steps
The Configuration =
* Load Balancer: <10.0.0.77> // will be our haproxy server # This will listen on many ports that we will bind as per requirement
* Web Server 1: <10.0.1.209> // web application server 1 #This will listen on tcp mode
* Web Server 2: <10.0.1.210> // web application server 2 #This will listen on tcp mode
* Web Server 3: <10.0.1.227> // web application server 3 #This will listen on http mode
* Admin Panel Port 8088: <10.0.0.77> // Statistics Panel on port 8080 #This will listen on http mode
Get and Install haproxy
We’ll be using the 1.3.17 src files to install haproxy. You can get them from http://haproxy.1wt.eu/
wget http://haproxy.1wt.eu/download/1.3/src/haproxy-1.3.19.tar.gz
tar xvzf haproxy-1.3.19.tar.gz
cd haproxy-1.3.19
make TARGET=linux26 ARCH=x86_64
make install
Now add user haproxy or what ever need to run config
[root@ravi.com ~]# useradd haproxy
cp /path/to/haproxy-1.3.19/examples/haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
create the /etc/haproxy folder and create haproxy.cfg config file in it.
mkdir /etc/haproxy
Now Please add your config file haproxy.cfg in /etc/haproxy
Configure /etc/haproxy/haproxy.cfg
#[root@app71 haproxy]# more haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 25000 # count about 1 GB per 25000 connections
#debug
#quiet
user ravi
group ravi
defaults
log global
mode tcp
option dontlognull
retries 3
option redispatch
maxconn 20000
contimeout 5000
clitimeout 50000
srvtimeout 50000
#Configuration for www.ravi.com
listen VIP:www.ravi.com:10.0.0.77:80
bind 10.0.0.77:80 # or any other IP:port combination we listen to.
bind 10.0.0.77:443 # or any other IP:port combination we listen to.
mode tcp
option ssl-hello-chk
option forwardfor # set the client’s IP in X-Forwarded-For.
balance roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server app139:10.0.1.209:80 10.0.1.209 weight 1 maxconn 5000 check
server app140:10.0.1.210:80 10.0.1.210 weight 1 maxconn 5000 check
listen VIP:www.ravi.com:10.0.0.77:8080
bind 10.0.0.77:8080 # or any other IP:port combination we listen to.
mode http
option forwardfor # set the client’s IP in X-Forwarded-For.
balance roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server app127:10.0.1.227:8080 10.0.1.227 weight 1 maxconn 5000 check
# Enable the stats page on a dedicated port (8088). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen ha_stats 10.0.0.77:8088
mode http
stats enable
stats auth user:password ##Auth user pass
edit the /etc/sysctl.conf and add the end of file then run sysctl -p to load the setting
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.core.somaxconn = 10000
start haproxy using (/etc/init.d/haproxy start or /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid)
Configuring logging
Edit /etc/sysconfig/syslog
1.SYSLOGD_OPTIONS=”-m 0 -r”
Edit /etc/syslog.conf. Add the following:
1.local0.* /var/log/haproxy/haproxy.log
2.local1.* /var/log/haproxy/haproxy-1.log
Restart Syslog
service syslog restart
Now check with
ps auxwww | grep haproxy
Thanks
Ravi