Goal
This blog covers end to end administrative setup for High Availability Architecture starting with registering a domain name from a service provider, configuring DNS at cloudflare and setting up HAProxy for High Availability Load Balancing on Oracle Cloud Infrastructure
Requesting Domain Name
You can purchase domain name from service providers like godaddy or anyone, in this case i will take an example of having purchased domain name from godaddy.
login to My Account page to review your domain name
Setting up DNS at Cloudflare
Login to Cloudflare account , register your site , you have an option of getting free or paid service , you can choose the one that best suits your need, give the IP address of your load balancer and white list all the servers that you would be accessing
Add A Name Entry under DNS tab
Note : the A name should point to public IP of your load balancer running HAProxy Service
Setup Caching Level so that pages can load faster
Setting up DNS from CloudFlare at GoDaddy
From the MyAccount page , click on Manage Domain Option , You would now need to point the DNS that you received from cloudflare at godaddy domain console
Architecture
Request from Public Internet –> GoDaddy Hostname lookup -> Lookup for DNS –> Connect with Cloudflare —> Cloudflare to Get Content from Cached Servers -> Map request to Load Balancer IP –> Load Balancer will decide on which server to take request –> Cloudflare will respond back to request
Architecture without load balancing
Architecture with load balancing
Setting up Back end machines
Backend machines will have the actual replica of source codes that you wish to run , in ideal case they need to be at different availability domain, We can use Bitnami or OCI to create a simple Backend machine
In our case we will setup LAMP machine through Bitnami
Refer my previous blog on how to setup a Ubuntu 16.04 LAMP Bitnami image
Now we have setup 2 identical machines with same code with 2 public IP address
LAMP Machine 1 –> public ip address AA.BB.CC.DD
LAMP Machine 2 –> public ip address AA.BB.EE.FF
Setting up Front end machines
Similarly we will create one more LAMP machine for HAProxy Load balancing
LAMP Machine 3 –> public ip address AA.BB.DD.EE
Setting up HAProxy on Ubuntu 16.04
SSH into HAProxy Machine ( Ubuntu 16.04 LAMP Stack)
Stop Apache Server
chmod 700 bitnami-opc-a457995.pem ssh -i bitnami-opc-a457995.pem [email protected] .... b[email protected]:/etc/haproxy$ sudo /opt/bitnami/ctlscript.sh stop
Install HAProxy
[email protected]:sudo apt-get -y install haproxy [email protected]:/etc/haproxy/keys$ haproxy -v HA-Proxy version 1.7.10-1ppa1~xenial 2018/01/03 Copyright 2000-2018 Willy Tarreau <[email protected]>
Configure HAProxy
roundrobin
Round Robin selects servers in turns. This is the default algorithm.
leastconn
Selects the server with the least number of connections–it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.
source
This selects which server to use based on a hash of the source IP i.e. your user’s IP address. This is one method to ensure that a user will connect to the same server.
[email protected]:/etc/haproxy$ sudo vi /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative directives can be obtained from # https://mozilla.er-side-tls/ssl-config-generator/?server=haproxy ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend http_front bind *:80 option forwardfor stats uri /haproxy?stats default_backend http_back backend http_back balance roundrobin server server246 AA.BB.CC.DD:80 check server server158 AA.BB.EE.FF:80 check
Check if configuration file is correct and restart
[email protected]:/etc/haproxy$ haproxy -f /etc/haproxy/haproxy.cfg -c Configuration file is valid [email protected]:/etc/haproxy$ sudo service haproxy status ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Sun 2018-04-08 12:12:54 UTC; 17min ago Docs: man:haproxy(1) file:/usr/share/doc/haproxy/configuration.txt.gz Process: 7936 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f $CONFIG -p $PIDFILE $EXTRAOPTS (code=exited, status=1/FAILURE) Process: 7932 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=0/SUCCESS) Main PID: 7936 (code=exited, status=1/FAILURE) ...
[email protected]:/etc/haproxy$ sudo service haproxy restart
Conclusion: Now everytime user access your domain the load balancer will serve the requests from one of the IP addresses listed in the configuration list , there by ensuring High Availability
Author Madhusudhan Rao