How To Use pfSense To Load Balance Your Web Servers

Want to support HowtoForge? Become a subscriber!
 
Submitted by neofire (Contact Author) (Forums) on Wed, 2011-11-16 18:16. :: Web Server | High-Availability | FreeBSD

How To Use pfSense To Load Balance Your Web Servers

In this HowTo I will show you how to configure pfSense 2.0 as a load balancer for your web servers. This HowTo assumes that you already have a pfSense box and at least 2 Apache servers installed and running on your network, and that you have some pfSense knowledge.

 

Requirements

1 Box for pfSense 2.0 installation (if this is your edge firewall I would recommend a physical machine).

Minimum of 2 Apache2 servers (these can be virtual).

Have your Apache servers configured to sync web files some how (rsync/corosync or another option of keeping files up to date over the web servers).

 

Configuring pfSense

pfSense uses the load balancer to share the load of certain types of traffic over multiple servers, this is great if you have multiple servers for hosting applications, you can spread the load over all servers instead of stressing out one server.

Let's get started, first click on "Services" then "Load Balancers", then click the "Monitor" tab.

To add a new entry click on the "Plus" button, specify a "Name" and a "Description" (in this example I will be using ApacheClusterMon as a name and description), set the type to "HTTP" then set the "Host" to an unused IP address (we will be creating virtual server IPs later on that will be assigned to the failover server group), leave the "HTTP Code" set to "200 OK". Then click on "Save" and apply changes if needed.

Now we are going to create the server pool. Click on the "Pools" tab, and click the "Plus" button to add a new pool.

Specify a name ( ApacheSrvPool will be used in my example). Set the "Mode" to "Load Balance", then set the "Port" to "80" (you can get pfSense to load balance other applications on other ports), set "Monitor" to the monitor configuration you created before and specify the IP addresses of all the web servers that you want in the pool, "Save" and apply changes if required.

Next click on the "Virtual Servers" tab, and click on the "Plus" button to add a new entry. Specify a "Name" and "Description" then set the "IP Address" with the unused IP that you choose ealier, set the "Port" to "80", then set the "Virtual Server Pool" to the pool you created before, "Submit" and apply changes.

That's it, you have just configured pfSense to load balance your web traffic between your web servers.

Just a note if any of the servers don't reply with a 200 OK status (pfSense sends requests to your web servers periodically to determine if they are running, All Servers must reply to this ) the server pool will be taken offline. The best thing to do to avoid downtime would be to configure a failover (which I will cover in my next tutorial).


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by TatG (not registered) on Fri, 2013-05-03 06:21.

Hi 

 Can we Load balance servers difference locations (WAN IP)?  Will be any issues of performance? 

 Cheers,

Tat G 

Submitted by Lenny Raposo (not registered) on Mon, 2012-06-18 17:51.

I have competed the steps as listed above to no avail.

 

Here is my setup:

 

listening IP (Monitor):

192.168.1.40

 

server IPs (Pools):

192.168.1.50

192.168.1.51

192.168.1.52

Submitted by Anonymous (not registered) on Wed, 2011-12-28 23:59.
Are firewall policies auto-created for the VIP?
Submitted by Don (not registered) on Wed, 2011-11-23 07:08.

Nice post Kyle, thank you for the help. I think this part may be incorrect though:

"Just a note if any of the servers don't reply with a 200 OK status (pfSense sends requests to your web servers periodically to determine if they are running) the server pool will be taken offline."

In my experience, and according to the note on the page "Services: Load Balancer: Virtual Server: Edit", all of the servers have to reply with something other than a 200 OK in order for the server pool to be taken offline, not just one.

Cheers,
Don

Submitted by neofire (registered user) on Fri, 2011-11-25 01:58.
Thanks for that, i worded the How to Wrong, i will fix it up