Load Balancing usign HAProxy for Openfire

HAProxy, which stands for High Availability Proxy, is a popular open source software TCP/HTTP Load Balancer and proxying solution. Its most common use is to improve the performance and reliability of a server environment by distributing the workload across multiple servers (e.g. web, application, database).

Installing HAProxy
$ apt-get install haproxy 
We need to enable HAProxy to be started by the init script.
$ nano /etc/default/haproxy 
Set the ENABLED option to 1

Configuring HAProxy
HAProxy's configuration process involves 3 major sources of parameters
  1. the arguments from the command-line, which always take precedence
  2. the "global" section, which sets process-wide parameters
  3. the proxies sections which can further divide as
  • defaults
  • listen
  • frontend
  • backend
The configuration file syntax consists in lines beginning with a keyword
referenced in this manual, optionally followed by one or several parameters
delimited by spaces.

1. Global Section
Parameters in the “global” section are process-wide and often OS-specific. They are generally set once for all and do not need being changed once correct.

for keywords are supported in the "global" section please follow the ref link.

    log local0 notice 
    maxconn 2000 
    user haproxy 
    group haproxy

- The log directive mentions a syslog server to which log messages will be sent

- The maxconn directive specifies the number of concurrent connections on the frontend

- The user and group directives changes the HAProxy process to the specified user/group. These shouldn't be changed

2. Default Section
A "defaults" section sets default parameters for all other sections following
its declaration. Those default parameters are reset by the next "defaults"
section. See below for the list of parameters which can be set in a "defaults"
section. The name is optional but its use is encouraged for better readability.

    log     global 
    mode    http 
    option  httplog 
    option  dontlognull 
    retries 3 
    option redispatch 
    timeout connect  5000 
    timeout client  10000 
    timeout server  10000

We're specifying default values in this section. The values to be modified are the various timeout directives. The connect option specifies the maximum time to wait for a connection attempt to a VPS to succeed.

The client and server timeouts apply when the client or server is expected to acknowledge or send data during the TCP process. HAProxy recommends setting the client and server timeouts to the same value.

3. Frontend Section
A "frontend" section describes a set of listening sockets accepting client

 frontend Openfire 
    mode tcp
    default_backend admin_console

A frontend defines how requests should be forwarded to backends. Frontends are defined in the frontend section of the HAProxy configuration. Their definitions are composed of the following components:

a set of IP addresses and a port (e.g., *:443, etc.)


use_backend rules, which define which backends to use depending on which ACL conditions are matched, and/or a default_backend rule that handles every other case

4. Backend Section
A "backend" section describes a set of servers to which the proxy will connect
to forward incoming connections.
backend admin_console 
    balance roundrobin 
    mode tcp 
    server openfire_gk check 
    server openfire_rs check

A backend is a set of servers that receives forwarded requests. Backends are defined in the backend section of the HAProxy configuration.In its most basic form.
a backend can be defined by:
  •  which load balance algorithm to use
  •  a list of servers and ports
A backend can contain one or many servers in it--generally speaking, adding more servers to your backend will increase your potential load capacity by spreading the load over multiple servers.

5. Listen Section
A "listen" section defines a complete proxy with its frontend and backend
parts combined in one section. It is generally useful for TCP-only traffic.

listen appname
    mode http
    stats enable
    stats uri /haproxy?stats
    stats realm Strictly\ Private
    stats auth A_Username:YourPassword
    stats auth Another_User:passwd
    balance roundrobin
    option httpclose
    option forwardfor
    server lamp1 check
    server lamp2 check

* The balance directive specifies the load balancing algorithm to use.

Load Balancing Algorithms
The load balancing algorithm that is used determines which server, in a backend, will be selected when load balancing. HAProxy offers several options for algorithm as

1. roundrobin
Round Robin selects servers in turns. This is the default algorithm

2. leastconn
Selects the server with the least number of connections--it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.

3. source
This selects which server to use based on a hash of the source IP i.e. your user's IP address. This is one method to ensure that a user will connect to the same server.

Health Check
HAProxy uses health checks to determine if a backend server is available to process requests. This avoids having to manually remove a server from the backend if it becomes unavailable. The default health check is to try to establish a TCP connection to the server i.e. it checks if the backend server is listening on the configured IP address and port.

Keepalives in HAProxy
Under the listen directive, we used option httpclose which adds a Connection: close header. This tells the client (web browser) to close a connection after a response is received.

If you want to enable keep-alives on HAProxy, replace the option httpclose line with:

option http-server-close 
timeout http-keep-alive 3000
* option http-server-close : just disables keepalive on the server

Access Control List (ACL)
In relation to load balancing, ACLs are used to test some condition and perform an action (e.g. select a server, or block a request) based on the test result.

in HAProxy, the ACL rules are placed in a “frontend” and (depending on the logic) the request is proxied through to any number of “backends”.

The first “use_backend” that matches a request will be used, and if none are matched, then HAProxy will use the “default_backend”. You can also combine ACL rules in the “use_backend” statements to match one or more rules.

frontend Openfire 
    mode tcp 
    acl CHATING dst_port 5222 
    use_backend chat if CHATING
    default_backend admin_console 

backend admin_console 
    balance roundrobin 
    mode tcp 
    server openfire_gk check 
    server openfire_rs check

backend chat
    balance roundrobin
    mode tcp
    server openfire_gk check 
    server openfire_rs check

Enabling HAProxy Logging
When we began configuring HAProxy, we added a line: log local0 notice which sends syslog messages to the localhost IP address. But by default, rsyslog on Ubuntu doesn't listen on any address. So we have to make it do so.

Edit the config file of rsyslog.

nano /etc/rsyslog.conf 

Add/Edit/Uncomment the following lines

$ModLoad imudp 
$UDPServerRun 514 
Now rsyslog will work on UDP port 514 on address but all HAProxy messages will go to /var/log/syslog so we have to separate them.

Create a rule for HAProxy logs
nano /etc/rsyslog.d/haproxy.conf 

Add the following line to it
if ($programname == 'haproxy') then -/var/log/haproxy.log 

Now restart the rsyslog service
service rsyslog restart 


Post a Comment

Popular Posts

Java Conversion Types and Conversion Contexts

Enable JMX Port in Tomcat with authentication