Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Fedora 8

Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>

This document describes how to set up a two-node load balancer in an active/passive configuration with HAProxy and heartbeat on Fedora 8. The load balancer acts between the user and two (or more) Apache web servers that hold the same content. The load balancer passes the requests to the web servers and it also checks their health. If one of them is down, all requests will automatically be redirected to the remaining web server(s). In addition to that, the two load balancer nodes monitor each other using heartbeat. If the master fails, the slave becomes the master - users won't notice any disruption of the service. HAProxy is session-aware - you can use it with any web application that makes use of sessions like forums, shopping carts, etc.

From the HAProxy web site: "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net."

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.

 

1 Preparation

For this howto I set up four Fedora 8 systems (minimal installation without gui etc.) with the following configuration:

 

1.1 Load Balancer 1

Hostname: lb1.example.com
IP: 192.168.0.110
Shared IP: 192.168.0.120

 

1.2 Load Balancer 2

Hostname: lb2.example.com
IP: 192.168.0.111
Shared IP: 192.168.0.120

 

1.3 Web Server 1

Hostname: http1.example.com
IP: 192.168.0.112

 

1.4 Web Server 2

Hostname: http2.example.com
IP: 192.168.0.113

 

1.5 Overview

+-----------------+
|  192.168.0.120  |
|    Shared IP    |
+--------+--------+
         |
         +----------------------+
         |                      |
+--------+--------+    +--------+--------+
|  192.168.0.110  |    |  192.168.0.111  |
| Load Balancer 1 |    | Load Balancer 2 |
+--------+--------+    +--------+--------+

+--------+--------+    +--------+--------+
|  192.168.0.112  |    |  192.168.0.113  |
|  Web Server 1   |    |  Web Server 2   |
+-----------------+    +-----------------+

 

2 HTTP1 & HTTP2

2.1 Firewall Configuration

In order that the webservers are accessible from outside you have to open the corresponding ports on both web servers.

system-config-firewall-tui

Set HTTP & HTTPS as trusted service as shown on the screenshot below and save the settings.

 

2.2 Apache Configuration

HAProxy will work as a transparent proxy - so the user's IP address will be passed in the field "X-Forwarded-For" to the web servers. In order that the web servers will log the user's IP address and not the IP addresses of the load balancers we have to modify the log format within the apache configuration file on both web servers.

vi /etc/httpd/conf/httpd.conf

Search the Lines that begin with "LogFormat" ...

[...]
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
[...]

 

... and replace "%h" with "%{X-Forwarded-For}i". The content should look like this:

[...]
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
[...]

 

We'll configure HAProxy to check the web servers' health by continuously requesting the file "check.txt" from the web servers. To keep the logs small, we'll customize the first vhost on each web server (HAProxy will use the web servers' IP adresses to request the file - so the first vhost will answer the request) to ensure that the access to "check.txt" won't be logged. In this example the vhosts are configured in "/etc/httpd/conf.d/vhosts.conf".

Add the following line to the configuration of your first vhost ...

SetEnvIf Request_URI "^/check\.txt$" dontlog

... and add the exception (env=!dontlog) to the line for the CustomLog. For example, the configuration for the first vhost could look like this:

NameVirtualHost 192.168.0.112:80

<VirtualHost 192.168.0.112:80>
    ServerName health.example.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/haproxy
    
    SetEnvIf Request_URI "^/check\.txt$" dontlog
    LogLevel warn
    ErrorLog /var/log/httpd/vhost_error.log
    CustomLog /var/log/httpd/vhost_access.log combined env=!dontlog
</VirtualHost>

Now we have to create the file "check.txt" (this file can be empty) within the document root of the first vhost.

touch /var/www/haproxy/check.txt

Afterwards the configuration of the web servers is completed - restart the web servers.

/etc/init.d/httpd restart
Share this page:

3 Comment(s)