Astra Linux and HAproxy
This can be done using the command:
sudo apt install haproxy
Next, we need to make some settings directly on the web servers involved in the load balancing process.
Install the apache2 package and restart the service:
sudo apt install apache2
sudo apachectl restart
Configuring HAproxy
Next, let's return to our main balancer server and make settings in the configuration file /etc/haproxy/haproxy.cfg.
Let's start with the Global section. Here you need to specify the logging settings:
log <address> <facility> [max level [min level]]
For example, to save events locally, you must specify:
log 127.0.0.1 local0 notice
Next we will specify the maximum number of connections
maxconn 1000
Specifies the number of haproxy processes. By default, only one haproxy process is created.
nbproc 2
The daemon parameter sets the haproxy process to run in <
In addition, we need to specify the user and group on behalf of which the haproxy process runs. The parameters are responsible for this user And group .
Let's set up the haproxy process environment.
chroot /var/lib/haproxy
Operating modes
Let's dwell separately on the HAProxy operating modes. Two modes are possible: TCP, when packet distribution between nodes is performed at the transport level, and HTTP, when analysis is performed at the application level. This option is suitable for distributing http traffic. Since we want to provide balancing for a web resource, we will specify the http mode.
mode http
Let's specify a few more important parameters. Let's start with the number of attempts to determine the state of the service server after a connection failure.
retries 3
In case of failure of service servers, we need to redistribute requests
option redispatch
Next, we set the frontend name, its address and port:
frontend frontend http
bind *:80
Allocation algorithms
And one more important parameter is the distribution algorithm. We will also dwell on this point separately. HAProxy offers several algorithms.
Round Robin — directs new connections to the next server in a round robin list, which is modified by the server weight, which is used to distribute requests. The server weight can be changed “on the fly”. The parameter is enabled using the balance roundrobin command;
Least Connected — directs new connections to the server with the least number of connections. This parameter is enabled using the balance leastconn command;
Static Round Robin — routes new connections to the next server in a cyclic list, which is modified by the server weight used to distribute requests. Unlike the standard Round Robin implementation, this algorithm does not allow changing the server weight “on the fly”. Changing the server weight requires restarting HAProxy. The parameter is enabled using the balance static-rr command;
Source — selects a server based on a hash built on the user's IP address. This way, the user always accesses the same server.
Accordingly, in the balance parameter we specify the required value:
balance (roundrobin/leastconn/static-rr/uri/source)
Service nodes
In the server parameter, we specify the necessary data for interaction with the service servers. In particular: server name, IP address: port, setting a cookie required for the correct distribution of client sessions, time interval after which the availability check is performed, number of errors after which the server is considered unavailable, number of simultaneously processed requests, server weight (from 1 to 100).
Here is an example of a record with the appropriate parameters:
server srv-1.3.my.com 21.86.21.20:80 cookie site113ha check inter 2000 fall 3 minconn 30 maxconn 70 weight 100
There is no need to edit the configuration file from scratch. Instead, you can use the standard configuration file and add instructions for accepting and distributing requests, for example by adding the following lines to the file:
After making all the necessary changes to the configuration file, restart the haproxy service:
sudo systemctl restart haproxy
Simple testing
To check the correctness of the load distribution settings on the Astra website, it is suggested to run the following script
for i in {1..1000} ; do
wget --no-cache -qO- http://IP_балансировщика/index.html > /dev/null &
done
waitAs a result of running the script on the primary server, entries of the following type should appear in the haproxy service log (file /var/log/haproxy.log) indicating load redistribution:
As you can see, the balancer receives requests and redistributes them between nodes host1 and host2, thereby ensuring load distribution between the two nodes.
Conclusion
In this short article, we looked at installing and configuring HAProxy on the Russian Astra Linux OS. Using balancers with proper configuration allows you to significantly increase the reliability and performance of resources.
You can learn how to professionally select configurations, manage processes, ensure security, deploy, configure and maintain networks. on the course page “Linux Administrator. Professional”.
