INSTALL HAPROXY LAYER 7 LOAD BALANCER ON CENTOS 7 NGINX WEB SERVERS

UPDATED!!!

GOAL

We want to put 1 haproxy server in front of 2 web servers which means we aim to load balance 2 nginx web servers.

Servers:

haproxy3: 10.10.4.18
web1: 10.10.4.21
web2: 10.10.4.22

CONFIGURE WEB1 AND WEB2

edit hosts
$ sudo vi /etc/hosts
add haproxy3 to web1

10.10.4.18 haproxy3

add haproxy3 to web2

10.10.4.18 haproxy3

For both web1 and web2 backup the current config file
$ sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup

make sure you have valid config file like this
$ sudo vi /etc/nginx/nginx.conf

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log;

pid        /run/nginx.pid;


events {
    worker_connections  8192;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  200;
    types_hash_max_size 2048;

    client_body_buffer_size 32K;
    client_header_buffer_size 8k;
    client_max_body_size 512m;
    large_client_header_buffers 8 64k;
    client_body_timeout 3000;
    client_header_timeout 3000;

    send_timeout 300;
    fastcgi_buffers 8 128k;
    fastcgi_buffer_size 128k;
    proxy_connect_timeout     600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;


    ##
    # 'gzip' Settings
    #
    #
    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;


    server {
        listen       80;
        server_name  moodle.na.edu;

        # note that these lines are originally from the "location /" block
        root   /usr/share/nginx/html;
        index index.php index.html index.htm;

        location / {
            root   /usr/share/nginx/html;
            try_files $uri $uri/ =404;
            index  index.php index.html index.htm;
        }

        error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        location ~ [^/]\.php(/|$) {
            root   /usr/share/nginx/html;
            fastcgi_split_path_info  ^(.+\.php)(/.+)$;
            fastcgi_index   index.php;
            fastcgi_pass    unix:/var/run/php-fpm/php-fpm.sock;
            include         fastcgi_params;
            fastcgi_param   PATH_INFO       $fastcgi_path_info;
            fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_read_timeout 300;

            if ($request_filename ~* ^.?/([^/]?)$)
            {
               set $filename $1;
            }

            if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
               add_header Access-Control-Allow-Origin *;
            }
        }

        location /dataroot/ {
                internal;
                alias /var/moodledata/; # ensure the path ends with /
        }

        location /cachedir/ {
                internal;
                alias /var/moodledata/cache/; # ensure the path ends with /
        }

        location /localcachedir/ {
                internal;
                alias /var/moodledata/localcache/; # ensure the path ends with /
        }

        location /tempdir/ {
                internal;
                alias /var/moodledata/temp/; # ensure the path ends with /
        }

        location /filedir/ {
                internal;
                alias /var/moodledata/filedir/; # ensure the path ends with /
        }

        location ~* \.(?:ttf|ttc|otf|eot|woff|font.css)$ {
            add_header "Access-Control-Allow-Origin" "*";
            expires 1M;
            access_log off;
            add_header Cache-Control "public";
        }

    }
}

restart nginx
$ sudo systemctl restart nginx

INSTALL AND CONFIGURE HAPROXY

PREREQUISITES
go to haproxy3 (10.10.4.18) server

update yum
$ sudo yum update

First make sure you have installed the right editor, system and network tools
$ sudo yum install nano wget curl net-tools lsof vim telnet xinetd psmisc socat

edit hosts
$ sudo vi /etc/hosts

10.10.4.18 haproxy3
10.10.4.21 web1
10.10.4.22 web2

disable selinux
$ sudo vi /etc/sysconfig/selinux

SELINUX=disabled

Burada kaldim

open ports for 80 and 8080
$ sudo systemctl status firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

add service or port to to exclude from firewall
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-port=8080/tcp
$ sudo firewall-cmd --reload
$ sudo systemctl restart firewalld.service
$ sudo iptables -L

install haproxy
$ sudo yum install haproxy

backup the haproxy config file
$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

edit haproxy config
$ sudo vi /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


#---------------------------------------------------------------------
#HAProxy statistics backend
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080
  mode    http
  option forwardfor
  option httpclose
  stats   enable
  stats   show-legends
  stats   refresh           5s
  stats   uri               /stats
  stats   realm             Haproxy\ Statistics
  stats   auth              [username]:[password]
  stats   admin             if TRUE

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
        bind *:80
        option http-server-close
        option forwardfor
        default_backend webapp-main

# round robin balancing between the various backends
#---------------------------------------------------------------------
backend webapp-main
        balance source
        option httpchk HEAD / HTTP/1.1\r\nHost:\ lms.na.edu
        server  web1 10.10.4.21:80 check
        server  web2 10.10.4.22:80 check

start or restart haproxy3
$ sudo systemctl status haproxy
$ sudo systemctl start haproxy
$ sudo systemctl restart haproxy

Note:if you see cannot bind socket when lookup status of haproxy then run this instead of start
$ sudo /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg

let’s see who is listening
$ sudo netstat -tapnl

tcp        0      0 0.0.0.0:80           0.0.0.0:*               LISTEN      20324/haproxy       
tcp        0      0 0.0.0.0:8080         0.0.0.0:*               LISTEN      20324/haproxy

If you see 80 and 8080 ports processes, then you are good to go!

We will use 8080 to monitor the load balancer stats
http://10.10.4.18:8080/stats or http://moodle.na.edu:8080/stats
type: username and password for web username and password as you defined in haproxy config

Now finally go to the domain name

http://domainname.example.com

Note: Make sure you setup your DNS successfully by pointing the haproxy along with a public ip.

YEEEEYYYYYYY!!!

3 thoughts on “INSTALL HAPROXY LAYER 7 LOAD BALANCER ON CENTOS 7 NGINX WEB SERVERS

  1. Pingback: NAU MOODLE CLUSTER | snapdev

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s