Powered by Algolia

    Reverse Proxy with Load Balancer

    This document is aimed at helping the users to configure Reverse Proxy when load balancer is used. To do that:

    1. Install HA Proxy on each rProxy hosts.
    2. Configure HA Proxy edit /etc/haproxy/haproxy.conf and edit IPs of backends and copy to every rProxy hosts.

    Below, there is an example configuration for a possible web application.

    See the full list of configuration options online at http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

    Global settings

    To have these messages end up in /var/log/haproxy.log you will need to:

    1. Configure syslog to accept network log events.

    This is done by adding the -r option to the SYSLOGD_OPTIONS in /etc/sysconfig/syslog.

    1. Configure 'local2' events to go to the /var/log/haproxy.log file. A line like the following can be added to /etc/sysconfig/syslog
    local2.*                       
    /var/log/haproxy.log
        log         127.0.0.1 local2
    

        chroot      /var/lib/haproxy
        pidfile     /var/run/haproxy.pid
        maxconn     4000
        user        haproxy
        group       haproxy
        daemon

    Turn on stats unix socket:

    stats socket /var/lib/haproxy/stats

    Common defaults that all the 'listen' and 'backend' sections will be used if not designated in their block.

    Defaults:

        mode                    http
        log                     global
        option                  httplog
        option                  dontlognull
        option http-server-close
        option forwardfor       except 127.0.0.0/8
        option                  redispatch
        retries                 3
        timeout http-request    10s
        timeout queue           1m
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        timeout http-keep-alive 10s
        timeout check           10s
        maxconn                 3000

    Main frontend which proxys to the openiam-ui and openiam-esb backends:

    frontend  ui *:5000
        default_backend openiam-ui
       
    frontend  esb *:5001
        default_backend openiam-esb
       
    frontend stats
        bind *:8404
        stats enable
        stats uri /stats
        stats refresh 10s

    Round robin balancing between the openiam-ui backends:

    backend openiam-ui
        balance        roundrobin
        option httpchk GET /idp/actuator/health
        http-check expect string {"status":"UP"}
        server     openiam-ui-01 <ip-of-ui-1>:8080 check
          server     openiam-ui-02 <ip-of-ui-2>:8080 check
          server     openiam-ui-03 <ip-of-ui-3>:8080 check

    Round robin balancing between the openiam-esb backends:

    Backend openiam-esb

        balance     roundrobin
        server      openiam-esb-01 <ip-of-esb-1>:9080 check
          server      openiam-esb-02 <ip-of-esb-2>:9080 check
          server      openiam-esb-03 <ip-of-esb-3>:9080 check
    1. Restart HA Proxy
    systemctl restart haproxy
    1. Edit mod_openiam_*.conf and change OPENIAM_ESBPath and OPENIAM_ConfigureBackend to point to HA Proxy frontends:
    OPENIAM_ConfigureBackend = http://localhost:5000
    OPENIAM_ESBPath = http://localhost:5001
    1. Edit Content Provider's Application Servers to match HA Proxy UI frontend 
    http://localhost:5000
    Previous
    Examples
    Next
    Setting up Kerberos via rProxy