Load-balancing Notes

These are notes I'm making on load-balancing, probably using Apache, as I set up a solution. I do this using Nginx later on this page.

Useful links

Here are some links I collected:

My own topology is this:


Apache modules

The following modules must be obtained and configured.


Configuration

The following modules must be obtained and configured.

The commands (in httpd.conf or the equivalent you're using) are. This stuff goes into a proper VirtualHost container. See sample at end of this section.

    LoadModule proxy_module mod_proxy.so
    LoadModule proxy_http_module mod_proxy_http.so
    LoadModule proxy_balancer_module mod_proxy_balancer.so

Next, disable the proxy server as it constitutes an open security hazard.

    ProxyRequests Off
    <Proxy \*>
        Order deny,allow
        Deny from all
    </Proxy>

Ensure all the back-end targets are in agreement, i.e.: make sure they're going to serve up the same content. Otherwise, you're going to confuse your user a great deal—the universe will no longer appear deterministic to him.

Here are the load-balancer configuration statements. Some refer to the BalanceMember servers as "web heads".

    <Proxy balancer://cloudservices>1
        BalancerMember http://192.168.0.292
        BalancerMember http://192.168.0.332
        Order allow,deny
        Allow from all

        ProxySet lbmethod=byrequests3
    </Proxy>
    ProxyPass /balancer-manager !4
    ProxyPass / balancer://cloudservices/1

1 cloudservices—this is arbitrary; you can call it anything you want as long as the "protocol" part (balancer://) is there.
2 192.168.0.29—these are DNS names, IP addresses, etc.
3 I'm using a "by request" (similar to "round robin") balancing algorithm.
4 Means "don't proxy the balancer itself.

What's left? This was simple, but there is much more to do:


The grand httpd.conf example
Sample httpd.conf:
<VirtualHost *:80>
    ProxyRequests off

    ServerName aintnoclouds.com
    ServerAlias aintnoclouds.com *.aintnoclouds.com

    <Proxy balancer://cloudservices>
        # -----
        # app-1
        # -----
        BalancerMember http://192.168.0.29:8080 loadfactor=31

        # -----
        # app-2
        # -----
        BalancerMember http://192.168.0.33:8080 loadfactor=71

        # --------
        # Security
        # --------
        # Not technically blocking anyone but this would be the
        # place to make those changes.
        Order Deny,Allow
        Deny from none
        Allow from all

        # ----------------------
        # Load Balancer Settings
        # ----------------------
        # This configures a simple round robin-style load-balancer.
        # This means that all webheads take an equal share of of
        # the load.
        ProxySet lbmethod=byrequests
    </Proxy>

    # ----------------
    # balancer-manager
    # ----------------
    # This tool is built into the mod_proxy_balancer module and allows
    # for simple modifications to the balanced group via a GUI (web)
    # interface.
    <Location /balancer-manager>
        SetHandler balancer-manager

        # Lock this one down to your your office, eh?!
        Order deny,allow
        Allow from all
    </Location>

    # ----------------
    # Point of Balance
    # ----------------
    # This setting allows explicitly naming the location in the site
    # that is to be balanced. In this example, it's / (root), in
    # other words, everything.
    ProxyPass /balancer-manager !
    ProxyPass / balancer://cloudservices/

    # -------
    # mod_ssl
    # -------
    # Here is how traffic is decrypted/encrypted between the Internet
    # and the web heads behind the load balancer.
    SSLEngine on
    SSLCertificateFile    /etc/apache2/conf.d/ssl.crt/domain.com.crt2
    SSLCertificateKeyFile /etc/apache2/conf.d/ssl.key/domain.com.key2
</VirtualHost>

Notes on the file above

1 The loadfactor setting is grey because, in my case, it's pointless: both of my application servers are identical VM configurations in ESXi and identical hardware.
2 Obviously, these paths will have to be changed to point at an actual cert and key you get from somewhere.

Here's some stuff left out of some articles, but included by another one. I keep it for now because I've got some additional woes suggested by it to solve.

    DocumentRoot /Library/WebServer/Documents

    <Directory "/Library/WebServer/Documents">
        AllowOverride AuthConfig
    </Directory>

Nginx example
  1. Install Nginx.
        apt-get install nginx
    

Links

...more or less in order of usefulness which I weighted on a) completeness, b) unassuming nature of article and c) dedication to use of Apache 2 web server. Some goodish articles assumed Nginx web servers being balanced.