INSTALL HAPROXY LAYER 7 LOAD BALANCER ON CENTOS 7 NGINX WEB SERVERS

GOAL

We want to put 1 haproxy server in front of 2 web servers which means we load balance 2 nginx web servers.

Servers:

haproxy3: 10.10.1.18
web1: 10.10.1.21
web2: 10.10.1.22

CONFIGURE WEB1 AND WEB2

edit hosts

$ sudo vi /etc/hosts

add haproxy3 to web1

10.10.1.18 haproxy3

add haproxy3 to web2

10.10.1.18 haproxy3

For both web1 and web2 backup the current config file

$ sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup

make sure you have valid config file like this

$ sudo vi /etc/nginx/nginx.conf

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 8192;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;
tcp_nopush on;
sendfile on;
keepalive_timeout 65;
types_hash_max_size 2048;

client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 512m;
large_client_header_buffers 2 1k;

client_body_timeout 1200;
client_header_timeout 1200;
send_timeout 100;

include /etc/nginx/mime.types;
default_type application/octet-stream;

server {
listen 80;
server_name domainname.example.com;

# note that these lines are originally from the "location /" block
root /usr/share/nginx/html;
index index.php index.html index.htm;

location / {
root /usr/share/nginx/html;
try_files $uri $uri/ =404;
index index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ [^/]\.php(/|$) {
root /usr/share/nginx/html;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

###################### For Moodle Application ##################
location /dataroot/ {
internal;
alias /var/moodledata/; # ensure the path ends with /
}

location /cachedir/ {
internal;
alias /var/moodledata/cache/; # ensure the path ends with /
}

location /localcachedir/ {
internal;
alias /var/moodledata/localcache/; # ensure the path ends with /
}

location /tempdir/ {
internal;
alias /var/moodledata/temp/; # ensure the path ends with /
}

location /filedir/ {
internal;
alias /var/moodledata/filedir/; # ensure the path ends with /
}
###################### For Moodle Application ##################

}

}

restart nginx

$ sudo systemctl restart nginx

Note: haproxy does not see the nginx modular config files under /etc/nginx/conf.d/
make sure you only have 1 config file which is the /etc/nginx/nginx.config

INSTALL AND CONFIGURE HAPROXY

go to haproxy3 (10.10.1.18) server

update yum

$ sudo yum update

First make sure you have installed the right editor, system and network tools

$ sudo yum install nano wget curl net-tools lsof vim telnet xinetd psmisc socat

edit hosts

$ sudo vi /etc/hosts

10.10.1.18 haproxy3
10.10.1.21 web1
10.10.1.22 web2

disable selinux

$ sudo vi /etc/sysconfig/selinux
SELINUX=disabled
$ sudo systemctl restart network

open ports for 80 and 8080

$ sudo systemctl status firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

add service or port to to exclude from firewall

$ sudo firewall-cmd –permanent –add-service=http
$ sudo firewall-cmd –permanent –add-port=8080/tcp
$ sudo firewall-cmd –reload
$ sudo systemctl restart firewalld.service
$ sudo iptables -L

 install haproxy

$ sudo yum install haproxy

backup the haproxy config file

$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

edit haproxy config

$ sudo vi /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 10000

#---------------------------------------------------------------------
#HAProxy statistics backend
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth username:password
stats admin if TRUE

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:80
option http-server-close
option forwardfor
default_backend webapp-main

# round robin balancing between the various backends
#---------------------------------------------------------------------
backend webapp-main
balance source
option httpchk HEAD / HTTP/1.1\r\nHost:\ domainname.example.com
server web1 10.10.1.21:80 check
server web2 10.10.1.22:80 check

start or restart haproxy3

$ sudo systemctl status haproxy
$ sudo systemctl start haproxy
$ sudo systemctl restart haproxy

Note: if you see cannot bind socket when lookup status of haproxy then run this instead of start

$ sudo /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg

let’s see who is listening

$ sudo netstat -tapnl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20324/haproxy
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20324/haproxy

If you see 80 and 8080 ports processes, then you are good to go!

We will use 8080 to monitor the load balancer stats either with ip or domainname
Make sure you setup your DNS successfully by pointing the haproxy along with a public ip.

http://10.10.1.18:8080/stats
http://domainname.example.com:8080/stats

type: username and password for web username and password as you defined in haproxy config

Now finally go to the domain name

http://domainname.example.com

YEEEEYYYYYYY!!!
Advertisements

3 thoughts on “INSTALL HAPROXY LAYER 7 LOAD BALANCER ON CENTOS 7 NGINX WEB SERVERS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s