Okay the final post in this series, lets talk about the big daddy. The last load balancer I explored was Haproxy and I fell in love with it because of its light weight, high reliability and awesome performance.
Haproxy
Haproxy is a very light, fast, highly reliable load balancer and proxy solution for TCP(it handles any TCP communication not just http) based applications. Its based on event model and is single process system(which enables it to handle heavy load). Its a pure proxy, unlike apache and nginx it doesn't serves any files etc, remember its not a web server. One of the really good feature it has is a status page which has all the details like how many request went to which server, bytes transfered etc which helps a lot to understand what exactly is happening.
Installation:
You can download the setup from there official download page
On linux you can install by
$> sudo apt-get install haproxy
Note : If you want ssl support use a version >= 1.5dev12(You will have to compile and build)
Configure :
In my case I needed ssl support with haproxy (Authentication server was talking to the app using ssl) so I tried to install and configure version 1.5dev12 but I couldn't figure out where to put the ssl certs and enable ssl port and failed to configure it, so I needed decided to put some ssl offloader in front of Haproxy which can offload the ssl and then pass the request down to haproxy. Stunnel is a popular option for these kind of scenario but I really didn't have time to learn how to install and configure stunnel so once again I went ahead with my beloved Apache :).
So the final setup was something like this :
Okay enough talk, lets configure both apache and haproxy and start the whole system.
For configuration suppose haproxy and apache are one machine 192.168.1.1 and apps on 192.168.1.2, 192.168.1.3 etc.
Apache Config :
Created a virtual host which is listening on ssl port :
<IfModule mod_ssl.c>
Listen 8443
NameVirtualHost 192.168.1.1:8443
<VirtualHost 192.168.1.1:8443>
ServerName 192.168.1.1
ProxyRequests off
SSLEngine on
SSLProxyEngine on
#SSLEnable
SSLCertificateFile /home/apache_certs/server.crt
SSLCertificateKeyFile /home/apache_certs/server.key
ProxyPass / http://192.168.1.1:81/ #passing it to haproxy
ProxyPassReverse / http://172.17.76.136:81/ #passing it to haproxy
</VirtualHost>
</IfModule>
Here i am listening on port 8443 and after offloading the ssl i am sending request to haproxy.
Haproxy config :
At haproxy side I am starting to listening ports one for direct http communications and one port which will listen the requests being forwarded by apache, and then haproxy is forwarding them down to one of the application.
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
#user haproxy
#group haproxy
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen ha_stats 0.0.0.0:8088
balance roundrobin
mode http
timeout client 30000ms
stats enable
stats uri /lb?stats
listen app_non_ssl 192.168.1.1:80
mode http
option httplog
balance roundrobin
option httpclose
option redispatch
maxconn 1000
reqadd X-Forwarded-Proto:\ http
server webserver1 192.168.1.2:80 maxconn 100 weight 100
server webserver2 192.168.1.3:80 maxconn 100 weight 100
listen app_from_apache 192.168.1.1:81
mode http
option httplog
balance roundrobin
option httpclose
option redispatch
maxconn 1000
reqadd X-Forwarded-Proto:\ https
server webserver1 192.168.1.2:80 maxconn 100 weight 100
server webserver2 192.168.1.3:80 maxconn 100 weight 100
In haproxy basically there are three sections global, default, listen global section contains all the settings for the haproxy instance like log server location, max connections etc. The default section has the default settings for each listen port(lets just say a server instance you start) you open. Listen block is where you mention on what port will you listen (you can have multiple listen blocks). In listen block I have mentioned my backend servers where haproxy is forwardng requests(see the server definition). I suggest to go through haproxy documentation to see all the options available. Most of the options in listen block are pretty straight forward but ill discuus these options
1. balance : This option tells which algorithm its using to distribute the load.
2. maxconn : Maximum number of connections it will open.
3. server : What is the backend server it should forward the request to.
And you are done!!
This was the final setup I used for my Performance testing. :-)
Haproxy
Haproxy is a very light, fast, highly reliable load balancer and proxy solution for TCP(it handles any TCP communication not just http) based applications. Its based on event model and is single process system(which enables it to handle heavy load). Its a pure proxy, unlike apache and nginx it doesn't serves any files etc, remember its not a web server. One of the really good feature it has is a status page which has all the details like how many request went to which server, bytes transfered etc which helps a lot to understand what exactly is happening.
Installation:
You can download the setup from there official download page
On linux you can install by
$> sudo apt-get install haproxy
Note : If you want ssl support use a version >= 1.5dev12(You will have to compile and build)
Configure :
In my case I needed ssl support with haproxy (Authentication server was talking to the app using ssl) so I tried to install and configure version 1.5dev12 but I couldn't figure out where to put the ssl certs and enable ssl port and failed to configure it, so I needed decided to put some ssl offloader in front of Haproxy which can offload the ssl and then pass the request down to haproxy. Stunnel is a popular option for these kind of scenario but I really didn't have time to learn how to install and configure stunnel so once again I went ahead with my beloved Apache :).
So the final setup was something like this :
Okay enough talk, lets configure both apache and haproxy and start the whole system.
For configuration suppose haproxy and apache are one machine 192.168.1.1 and apps on 192.168.1.2, 192.168.1.3 etc.
Apache Config :
Created a virtual host which is listening on ssl port :
<IfModule mod_ssl.c>
Listen 8443
NameVirtualHost 192.168.1.1:8443
<VirtualHost 192.168.1.1:8443>
ServerName 192.168.1.1
ProxyRequests off
SSLEngine on
SSLProxyEngine on
#SSLEnable
SSLCertificateFile /home/apache_certs/server.crt
SSLCertificateKeyFile /home/apache_certs/server.key
ProxyPass / http://192.168.1.1:81/ #passing it to haproxy
ProxyPassReverse / http://172.17.76.136:81/ #passing it to haproxy
</VirtualHost>
</IfModule>
Here i am listening on port 8443 and after offloading the ssl i am sending request to haproxy.
Haproxy config :
At haproxy side I am starting to listening ports one for direct http communications and one port which will listen the requests being forwarded by apache, and then haproxy is forwarding them down to one of the application.
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
#user haproxy
#group haproxy
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen ha_stats 0.0.0.0:8088
balance roundrobin
mode http
timeout client 30000ms
stats enable
stats uri /lb?stats
listen app_non_ssl 192.168.1.1:80
mode http
option httplog
balance roundrobin
option httpclose
option redispatch
maxconn 1000
reqadd X-Forwarded-Proto:\ http
server webserver1 192.168.1.2:80 maxconn 100 weight 100
server webserver2 192.168.1.3:80 maxconn 100 weight 100
listen app_from_apache 192.168.1.1:81
mode http
option httplog
balance roundrobin
option httpclose
option redispatch
maxconn 1000
reqadd X-Forwarded-Proto:\ https
server webserver1 192.168.1.2:80 maxconn 100 weight 100
server webserver2 192.168.1.3:80 maxconn 100 weight 100
In haproxy basically there are three sections global, default, listen global section contains all the settings for the haproxy instance like log server location, max connections etc. The default section has the default settings for each listen port(lets just say a server instance you start) you open. Listen block is where you mention on what port will you listen (you can have multiple listen blocks). In listen block I have mentioned my backend servers where haproxy is forwardng requests(see the server definition). I suggest to go through haproxy documentation to see all the options available. Most of the options in listen block are pretty straight forward but ill discuus these options
1. balance : This option tells which algorithm its using to distribute the load.
2. maxconn : Maximum number of connections it will open.
3. server : What is the backend server it should forward the request to.
And you are done!!
This was the final setup I used for my Performance testing. :-)
