High availability load balancing using HAProxy on Ubuntu (part 1)

In this post we will show you how to easily setup loadbalancing for your web application. Imagine you currently have your application on one webserver called web01:

+---------+
| uplink  |
+---------+
     |
+---------+
|  web01  |
+---------+

But traffic has grown and you’d like to increase your site’s capacity by adding more webservers (web02 and web03), aswell as eliminate the single point of failure in your current setup (if web01 has an outage the site will be offline).

              +---------+
              | uplink  |
              +---------+
                   |
     +-------------+-------------+
     |             |             |
+---------+   +---------+   +---------+
|  web01  |   |  web02  |   |  web03  |
+---------+   +---------+   +---------+

In order to spread traffic evenly over your three web servers, we could install an extra server to proxy all the traffic an balance it over the webservers. In this post we will use HAProxy, an open source TCP/HTTP load balancer. (see: http://haproxy.1wt.eu/) to do that:

              +---------+
              |  uplink |
              +---------+
                   |
                   +
                   |
              +---------+
              | loadb01 |
              +---------+
                   |
     +-------------+-------------+
     |             |             |
+---------+   +---------+   +---------+
|  web01  |   |  web02  |   |  web03  |
+---------+   +---------+   +---------+

So our setup now is:
– Three webservers, web01 (192.168.0.1), web02 (192.168.0.2 ), and web03 (192.168.0.3) each serving the application
– A new server (loadb01, ip: (192.168.0.100 )) with Ubuntu installed.

Allright, now let’s get to work:

Start by installing haproxy on your loadbalancing machine:

loadb01$ sudo apt-get install haproxy


Now let’s backup the original haproxy configuration file and create a new one with our config which will tell haproxy to listen for incoming http requests on port 80 and balance them between the three webservers:

loadb01$ sudo mv /etc/haproxy/haproxy.cfg /etc/haproxy/backup_haproxy.cfg
loadb01$ sudo vi /etc/haproxy/haproxy.cfg

Paste the following configuration there:

global
        maxconn 4096
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option  redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen webcluster *:80
        mode    http
        stats   enable
        stats   auth us3r:passw0rd
        balance roundrobin
        option httpchk HEAD / HTTP/1.0
        option forwardfor
        cookie LSW_WEB insert
        option httpclose
        server web01 192.168.0.1:80 cookie LSW_WEB01 check
        server web02 192.168.0.2:80 cookie LSW_WEB02 check
        server web03 192.168.0.3:80 cookie LSW_WEB03 check

Enable HAproxy by editing the /etc/default/haproxy file

loadb01$ sudo nano /etc/default/haproxy

and setting ENABLED to 1:

# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS="-de -m 16"

Then, start HAProxy:

loadb01$ sudo /etc/init.d/haproxy start

Now open your webbrowser and browse to http://129.168.0.100/ (or whatever IP you have set for loadb01), you should be served a file from one of the webservers! The loadbalancing is now working, but let’s take a closer look at some of the things we configured in the HAProxy configuration:

listen webcluster *:80

Listen for incoming connections on all interfaces, port 80 (the * can also be replaced with a single ip address)

stats   enable
stats   auth us3r:passw0rd

This enables HAProxy’s statistics interface which you can access by browsing to http://192.168.0.100/haproxy?stats login with the username and password given and you should see a nice statistics report like this:

balance roundrobin

This line set’s HAProxy’s balancing algorithm to ’roundrobin’ (which is also the default one), it basically makes sure each subsequent request is handled by the next server in the line. For other possible algorithms to use here, please check section 4.2 of Haproxy’s configuration manual: http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

option httpchk HEAD / HTTP/1.0

This option enables HTTP checking on the web servers, HAProxy will issue HTTP requests to / and check for a valid response, if the webserver does not give a valid response (for example when it’s down) haproxy will mark the server as down and will not send any requests to it anymore. You can also see this in the statistics interface, here’s an example with the webserver on web02 stopped:

cookie LSW_WEB insert
  server web01 192.168.0.1:80 cookie LSW_WEB01 check
  server web02 192.168.0.2:80 cookie LSW_WEB02 check
  server web03 192.168.0.3:80 cookie LSW_WEB03 check

The first line in this block enables the use of cookies, basically, when a user reaches the webcluster group, the cookie LSW_WEB will be created and the server id (LSW_WEB01, LSW_WEB02, LSW_WEB03) will be stored in it. For all next requests in the same session, HAProxy will look at the cookie and redirect that user to the same webserver (unless it’s down).

The last three lines define the backend webservers which HAProxy will use, you can easily add more lines here as the infrastructure grows.

Allright the loadbalancing is working and we are almost there, just one thing left to do in this article and that’s fixing your webserver logs on the web01/web02/web03 servers. Since requests now changed from:

user --> webserver

To:

user --> HAProxy --> webserver

You will see the loadbalancer’s ip in the access log on your webservers. In order to fix this when you are using Apache webserver open your /etc/apache2/apache2.conf file and replace this line:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

By

#LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Then restart/reload apache and the logging should be fixed, it will now include the IP address which is send in the X-Forwarded-For header (This header contains a value representing the client’s IP address.) that HAProxy includes in all requests to the backend webserver. We enabled that earlier by setting the

option forwardfor

option in the HAPRoxy configuration.

That’s it!, over the course of next weeks we will be posting some more articles on this subject, covering:

– Adding high-availability for the loadbalancer (as it’s now a single point of failure ;-))
– MySQL database scalability options.

If there’s anything else you’d like us to cover, or if you have any questions please leave a comment!

Share

14 thoughts on “High availability load balancing using HAProxy on Ubuntu (part 1)”

  1. We’ve just migrated our application to a new server cluster last week, co-incidentally on dedicated servers from LeaseWeb. We’re now using the HAProxy software to load balance all our HTTP traffic, which replaces our previous installation’s ServerIron hardware load balancer. So far we’re very impressed with the performance, features and cost savings that HAProxy delivers!

    In terms of the Apache part of the setup, it’s worth mentioning that we’ve opted to use a backport of Apache 2.3’s ‘mod_remoteip’ module to monitor the ‘X-Forwarded-For’ HTTP header and then correctly pass on the client’s IP address, which is more useful than merely adjusting Apache’s LogFormat directive as shown in this post. The ‘mod_remoteip’ module will, for example, allow you to perform access control in Apache based on the client’s IP address. This is of course a good option if you are compiling Apache 2.2.x from source.

    Finally, I hope I’m not being too premature considering that you are planning a follow-up blog post, but in the interests of helping others on the high-availability or failover side of things, we’ve used the lightweight Keepalived VRRP daemon, as recommended by Willy Tarreau the author HAProxy, to manage a floating IP address across master and standby load balancer servers. I believe others use software called Heartbeat instead.

    See:
    http://www.gossamer-threads.com/lists/apache/users/390137
    http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
    http://www.keepalived.org/

  2. @Warren:

    Thanks for your comment! Good to see you’re getting impressive results using HAProxy on our infrastructure.
    The additional information is definitely useful for the readers, so don’t hold back in posting it. There are quite some options around to do high availability (be it hardbeat or keepalived) – but we’ll try to cover at least some of them 🙂

    Robert

  3. In lighttpd the Logformat part could be :

    accesslog.format = “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\””
    in the /etc/lighttpd/lighttpd.conf 🙂

  4. installed and configured the haproxy as u mentioned above.After installation trying to access the stats page this errors displayed by browser.
    You don’t have permission to access /haproxy on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
    Plz help out me.

  5. @bhanu: Do you try to access this URL?
    http://192.168.0.100/haproxy?stats
    Did you enable the stats and define a password?

  6. Yes,tried the url with haproxy machine installed ip address.

    then i got

    Forbidden

    You don’t have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Leave a Reply

Your email address will not be published. Required fields are marked *