ha-proxy install procedure

* goals:

1. Install and perform a basic configuration of ha-proxy.
2. Configure two additional webserver instances on alternate ports in apache.
3. Demonstrate load-balanced-http connections between them.
4. Log X-Forwarded-For.
4. Bonus: use a cookie to pin a requesting host to one server or
another.

* Installation:
 
	# cd /usr/ports/net/haproxy

	# make

	accept defaults.

       accept defaults with pcre

       # make install

* configuration:

	# vi /etc/rc.conf

	add the line:

	haproxy_enable="YES"

	at the end of the file.

	# cd /usr/local/etc/

	vi haproxy.conf

add the following text

global
      maxconn 4096
      pidfile /var/run/haproxy.pid
      daemon

defaults
      mode http
      retries 3
      option redispatch
      maxconn 2000
      contimeout 5000
      clitimeout 50000
      srvtimeout 50000

listen LOADBALANCER  myipaddress:8080
      mode http
      balance roundrobin
      option httpclose
      option forwardfor
      stats enable
      stats auth myuser:mypass
      server WEB1 127.0.0.1:8081 
      server WEB2 127.0.0.1:8082

replace myipaddress with the ipaddress of your vm

save and exit

* start and verify operation

Verify that you can start the ha-proxy process

# /usr/local/etc/rc.d/haproxy start

# /usr/local/etc/rc.d/haproxy status

and that it's listening on the correct port

#  netstat -a |grep 8080

* modify apache

# cd /usr/local/etc/apache22/Includes

# vi lb-vhosts.conf

Add the following text

listen 8081
listen 8082

<VirtualHost *:8081>
DocumentRoot /usr/local/www/apache22/data/1
ServerName web1.vmXX.sse.ws.afnog.org
   <Directory /usr/local/www/apache22/data/1>
    Order deny,allow
    Allow from all
   </Directory>
</VirtualHost>

<VirtualHost *:8082>
DocumentRoot /usr/local/www/apache22/data/2
ServerName web2.vmXX.sse.ws.afnog.org
   <Directory /usr/local/www/apache22/data/2>
    Order deny,allow
    Allow from all
   </Directory>
</VirtualHost>

change the vmXX to the number of your vm.

save and close 

We need to create the directories specified in the above configuration
for document root and also we're going to put a zero length file in
each directory in order to be able to tell each server appart

# mkdir /usr/local/www/apache22/data/1
# mkdir /usr/local/www/apache22/data/2
# touch /usr/local/www/apache22/data/1/1
# touch /usr/local/www/apache22/data/2/2

Test apache configuration sanity

# apachectl -t

If that works without fatal errors restart apache with the new configuration.

# apachectl restart

now see how many listening servers are available

# netstat -a |grep 808

test the two webservers

# curl localhost:8081
# curl localhost:8082

* testing the load balancer

If both of those work try the following several times

# curl /theipofyourvm:8080

replace theipofyourvm with the ip of your vm

what happens?

If it alternates between showing the index for the directory on web1
and the directory on web2 then you have a load balancer.

now try hitting the ip and port 8080 of your virtual machine with a
web-browser. Does it work?


* Statistics 

To get statistics from the haproxy in realtime:

point your browser at:

http://theipofyourvm:8080/haproxy?stats

Replacing theipofyourvm with the ip address of your virtual machine.

remember that when we created the haproxy configuration that we set the
auth credentials to myuser:mypass so lets use those.

* Apache not logging x-forwarded-for

If we tail the apache log file:

tail -f /var/log/httpd-access.log 

we'll realize that the source ip for all requests has become 127.0.0.1 

We can alter the apache log format to log x-forwarded-for as well as
the source address.

# vi /usr/local/etc/apache22/httpd.conf

look for the line:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" com
bined

change it to:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" com
bined

test your apache configuration

apachectl -t

if it works restart apache

apachectl restart

now your apache server logs the X-Forwarded-For header.

* handing the client a cookie

If you set a cookie you can use the cookie to pin subsequent
connections to the same server, if the webserver is running an
application that is stateful (like a webmail client for example) this
is highly useful.

# cd /usr/local/etc/

# vi haproxy.conf

global
      maxconn 4096
      pidfile /var/run/haproxy.pid
      daemon

defaults
      mode http
      retries 3
      option redispatch
      maxconn 2000
      contimeout 5000
      clitimeout 50000
      srvtimeout 50000
      
listen LOADBALANCER  192.168.191.131:8080
      mode http
      balance roundrobin
      option httpclose
      option forwardfor
      stats enable
      stats auth myuser:mypass
      cookie LOADBALANCER insert
      server WEB1 127.0.0.1:8081 cookie LOADBALANCER_01 check
      server WEB2 127.0.0.1:8082 cookie LOADBALANCER_02 check

save and exit

/usr/local/etc/rc.d/haproxy restart

# curl /theipofyourvm:8080

nothing has changed right?

do:

# curl -v /theipofyourvm:8080

can you see the cookie?

ok try it with your web-browser.

Bibliography:

Derived in part from:

http://www.softwareprojects.com/resources/programming/t-how-to-install-and-configure-haproxy-as-an-http-loa-1752.html

ha-proxy homepage:

http://haproxy.1wt.eu/

ha-proxy configuration guide

http://cbonte.github.com/haproxy-dconv/configuration-1.5.html#2.1