First here is the guide I have written to install and configure HAproxy. Next, Sometimes we have different servers with different contents, such as one set of servers with all static contents (html, image files) of a website while another set of servers have dynamic contents (cgi, perl, php scripts) This type of config is beneficial in some situations where you want to serve your static data directly from CDN for faster response and dynamic contents from your own servers.
While deploying a load balancer, we need some mechanism to inform loadbalancer to forward request to different set of servers based on the condition specified. Here I’m using HAProxy load balancer on CentOS 5 box. This is a very small test setup in Amazon EC2 environment having 3 small instances.
Let’s start the action. Login to server where you want to install HAProxy. Download it and extract it. You can download source and compile but as its a single executable file, I prefer to download precompiled file for being lazy
$ mkdir /usr/local/haproxy $ cd /usr/local/haproxy $ wget http://haproxy.1wt.eu/download/1.3/bin/haproxy-126.96.36.199-pcre-40kses-splice-linux-i586.notstripped.gz $ gunzip haproxy-188.8.131.52-pcre-40kses-splice-linux-i586.notstripped.gz $ mv haproxy-184.108.40.206-pcre-40kses-splice-linux-i586.notstripped haproxy $ chmod 700 haproxy
As an example, we have two backend servers/domains, one to serve static contents and other for dynamic contents. Let’s create config file:
$ vi haproxy.cfg defaults balance roundrobin cookie SERVERID insert indirect</code> frontend www 10.252.130.162:80 mode http acl dyn_content url_sub cgi-bin use_backend dyn_server if dyn_content default_backend stat_server backend dyn_server mode http server dserver1 dynamic.example.com:80 cookie A check backend stat_server mode http server sserver1 static.example.com:80 cookie B check</code>
Here, 10.252.130.162 is the IP of your load balancer server. HAProxy configuration file has several sections called defaults, listen, frontend and backend. We used cookie to forward all subsequent requests from same user to same backend. The main thing here is the acl in frontend section which stats that if there’s a word “cgi-bin” in user’s url then use dyn_server as backend otherwise use default backend which is stat_server. You should refer HAProxy documentation for further information of configurations.
Save the file and check it for syntax:
$ ./haproxy -f ./haproxy.cfg -c
It will throw warnings regarding missing timeouts in sections, you can ignore these warnings. If there’s any error, check the config file again.
$ ./haproxy3 -f ./haproxy.cfg -p /var/run/haproxy.pid
Put load balancer’s public IP/domain name in your browser and test this setup, it should go as expected.
You may also like to read:
* 5 steps to secure your Linux Server
* Ensuring secure access to production Linux Servers
* Bash script to backup essential log files in Linux
* Quickly change your ssh port from defualt 22 to something higher
* SSH port forwarding from remote to local machine
* Save root or user history to check later
* Install and configure denyhost to prevent brute force attacks