How To Set Up A Loadbalanced High-Availability Apache Cluster - Page 2

3 Enable Packet Forwarding On The Load Balancers

The load balancers must be able to route traffic to the Apache nodes. Therefore we must enable packet forwarding on the load balancers. Add the following lines to /etc/sysctl.conf:


vi /etc/sysctl.conf

# Enables packet forwarding
net.ipv4.ip_forward = 1

Then do this:


sysctl -p

4 Configure heartbeat And ldirectord

Now we have to create three configuration files for heartbeat. They must be identical on loadb1 and loadb2!


vi /etc/ha.d/

logfacility        local0
bcast eth0 # Linux
mcast eth0 694 1 0
auto_failback off
node loadb1
node loadb2
respawn hacluster /usr/lib/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster

Important: As nodenames we must use the output of

uname -n

on loadb1 and loadb2.


vi /etc/ha.d/haresources

loadb1        \ \
LVSSyncDaemonSwap::master \

The first word is the output of

uname -n

on loadb1, no matter if you create the file on loadb1 or loadb2! After IPaddr2 we put our virtual IP address


vi /etc/ha.d/authkeys

auth 3
3 md5 somerandomstring

somerandomstring is a password which the two heartbeat daemons on loadb1 and loadb2 use to authenticate against each other. Use your own string here. You have the choice between three authentication mechanisms. I use md5 as it is the most secure one.

/etc/ha.d/authkeys should be readable by root only, therefore we do this:


chmod 600 /etc/ha.d/authkeys

ldirectord is the actual load balancer. We are going to configure our two load balancers ( and in an active/passive setup, which means we have one active load balancer, and the other one is a hot-standby and becomes active if the active one fails. To make it work, we must create the ldirectord configuration file /etc/ha.d/ which again must be identical on loadb1 and loadb2.


vi /etc/ha.d/


real= gate
real= gate
fallback= gate
receive="Test Page"

In the virtual= line we put our virtual IP address ( in this example), and in the real= lines we list the IP addresses of our Apache nodes ( and in this example). In the request= line we list the name of a file on webserver1 and webserver2 that ldirectord will request repeatedly to see if webserver1 and webserver2 are still alive. That file (that we are going to create later on) must contain the string listed in the receive= line.

Afterwards we create the system startup links for heartbeat and remove those of ldirectord because ldirectord will be started by the heartbeat daemon:


update-rc.d heartbeat start 75 2 3 4 5 . stop 05 0 1 6 .
update-rc.d -f ldirectord remove

Finally we start heartbeat (and with it ldirectord):


/etc/init.d/ldirectord stop
/etc/init.d/heartbeat start

Share this page:

20 Comment(s)

Add comment


From: Anonymous at: 2006-04-28 08:14:56

thank you falko, it is the best guide.



From: at: 2007-10-03 18:15:45

I must prove it in Ubuntu 6.06





From: John Wards at: 2008-12-17 08:21:41

Just a note to say that this tutorial works in 8.10 i386 server.

 I believe it won't work in x64.

From: Jimmy at: 2009-11-03 01:15:53

This was one of the best cluster guides I have seen. Just wanted to say thank you. We are using it on onelight.

From: Anonymous at: 2010-07-03 11:23:49

How hard would it be to set up ISPConfig in a similar fashion?

From: at: 2010-11-12 10:17:59

Tested and approved with Debian GNU/Linux 2.6.26 and backports.

 I'm wondering why there are loaded both of the scheduling "lblc" and "lblcr" ? If we have only two nodes in our cluster

 then cannot be talk for a "server set" and replication scheduling will be senseless.

 Correct me if i'm wrong.

 With respect: Imagandi

From: Anonymous at: 2011-10-24 17:24:41

Hello Everyone.. sorry if this is not the best place to ask, but I was just wondering..

Will I need a Layer4 Switch to have all this settings working?

If I do configure my nodes as above without it (switch) will I be able to still have a load-balanced Apache without it?

 Thanks so much, and appreciate the effort to make this tutorial.

See ya.

From: Anonymous at: 2011-10-25 15:04:21

Thanks for this article............

From: Anonymous at: 2014-01-10 21:11:09

Layer 3*

And no the switches "think" the ip is on both of the load balancers. It doesnt matter where it gets to since the load balancers will make sure the request gets to a node.


read :

From: Martin Sebald at: 2008-11-26 15:47:25

Hello all,

in my opinion the persistant flag is missing. As described in the introduction of this tutorial the load balancers also take care of connections/sessions.

This does NOT happen.

After I added the option "persistent" to it worked:

real= gate
real= gate
fallback= gate
receive="Test Page"

600 means 600 seconds which also could be the default setting. In my opinion to short for stuff like forum software.

Maybe there is a easier way to handle this. Our setup is depending mostly on PHP and PHP session based stuff, so it did not work correctly before.

Kindest regards,

From: ndr at: 2009-05-27 02:13:32

I don't quite understand why this needs to be specified in a config file in order for the apache failover to occur. When I tried just creating a random file on both servers and stopped one, it didn't failover to the second apache server. Anyone know why this is?

 Your tutorial is great. I ran into problems with starting ldirector and heartbeat and it was very difficult to back up to a place where I could start fresh. i think the problem is that I had entered some IP Addresses incorrectly. Some info on how to roll out would be helpful. I did it with trial and error.



From: Koni at: 2010-03-09 19:11:07

Where did you configure the second ip (virtual ip) for eth0?

I made it like this:

auto eth0
iface eth0 inet static

#the virtual ip

auto eth0:0
iface eth0:0 inet static


does this also work?

From: Anonymous at: 2006-05-15 11:06:02

How To very mutch!!!!

By Marcos Abadi


From: namwodahs at: 2006-10-19 21:06:06

This is a great tutorial! Worked first time through. I've been very impressed with your selection of tutorials on this site. Thank You!

From: Anonymous at: 2008-09-28 19:43:45


seems to be a great tutorial !

I'd like to know if this kind of load balancing setup can be SSL aware, means, an SSL session is able load balanced between nodes ?

Thanks a lot 

From: Anonymous at: 2008-09-30 22:03:40

can you tell me if this tutorial implements session-aware load-balancing as we need to use this for big site which is session driven.

From: Anonymous Coward at: 2008-11-25 11:33:43

Nice article, although I think Load Balancing is a little misleading.

This is High Availability - an active / passive server relationship, there is no load sharing

From: faizan at: 2009-11-12 06:20:49

hey guys i have done almost complete work and all tests went fine but the only problem which i am facing is in file request is not forwarding toward the real server......................

if anybody knows about the problem plz help me .........

From: John Langley at: 2011-01-25 16:16:13

I know this is an old article, but it seems still valid, I hope to try it out soon with some VM's before I try this on our production site! 

That said, I saw the comment I'm replying to, and, at first glance, it seemed right and I got frustrated that I would have to continue my search on how to do HA & LB w/Apache.  But, the only portion of this solution that isn't load balanced are the balancers themselves.

As to Apache being load balanced, you can see that it is based on page 3 of the article from the output of ipvsadm -L -n.   You can see how the load balancer master is listening on the 105 virtual IP and knows about two Apache servers at 101 & 102.  Since the weights are "0" requests will be handed off 50/50 for each server (rather, new sessions will be split 50/50).  I don't know any of the commands personally yet but you'd want to change the weight based on the hardware capabilities of the servers as well as if either the 101 or 102 box had other tasks they were solely responsible for.

Also if you wanted to get real inventive I think you could set your session directory to be on a SAN, so that if the 101 or 102 box went down, the sessions wouldn't be blown away ... something I hope to test!

From: Ashish at: 2011-10-31 09:44:18


 You can use pound as load balancers, it supports SSL feature...



Ashish Jaiswal