Tuesday, June 1, 2010

Setting Up A High-Availability Load Balancer HTTPS(With Failover and Session Support) With HAProxy/Keepalived/Stunnel


As this document http://conheotiensinh.blogspot.com/2010/05/setting-up-high-availability-load_14.html.I setup load balancer for HTTP in Haproxy.But Haproxy not support SSL(HTTPS) directly So I will intro config haproxy support SSL use stunnel(As haproxy site require need install Stunnel for support SSL(HTTPS...))


2/Install Stunnel

you need insert patch of haproxy to Stunnel packet(I build rpm packet with insert patch of haproxy.If you need it for install easy Please contact me with email:quan.hoa@conheotiensinh.co.cc)

3/Config Keepalived as document:

4/config Haproxy in both loadbalance

Edit /etc/haproxy/haproxy.cfg

stats enable
stats auth test:123
listen domain_cluster_https
mode http
balance roundrobin
cookie SERVERID insert nocache
option forwardfor except
option httpchk HEAD /check.txt HTTP/1.0
server server1 cookie A check
server server2 cookie B check

5/config Stunnel

Edit /etc/stunnel/stunnel.conf

cert = /etc/stunnel/monit.pem # you need install cert
;key = /etc/stunnel/mail.key

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /var/run/stunnel/
setuid = root
setgid = root
; PID is created inside chroot jail
;pid = /stunnel.pid
pid = /etc/stunnel/stunnel.pid
;debug = 3
;output = /etc/stunnel/stunnel.log
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

6/Test You can access web mail with URL:

Check status HAPROXY with URL:

Beside You can use another solution for this problem:

Use Pound for Reverse Proxy( SSL )and Haproxy for load balancer


1 comment:

  1. Thanks for providing this informative information you may also refer.