- Jamf Nation Community
- Products
- Jamf Pro
- Re: HAProxy Load Balancer Configuration Help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
HAProxy Load Balancer Configuration Help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-20-2017 08:25 AM
We have been using a Barracuda Load Balancer for a few years now, and I am not entirely happy with it...so I was looking at HAProxy as a load balancing solution. However, not having had any experience with them...I am in need of some help/verification with the configuration.
I have looking through other posts in Jamf Nation, specifically this one HAProxy configuration for JSS Load Balancing our cluster and this one HAProxy Load Balancer help, and I have also looked at the HAProxy configuration guide. I think I have an idea of what I am doing, but I just wanted to reach out to confirm...
Our load balanced Jamf environment is as follows...
1 x Jamf Pro Cluster Master (not load balancer in the cluster)
3 x Jamf Pro Cluster Nodes (behind load balancer)
I want to start basic, and I can add from there, so this is the configuration I have added to the haproxy.cfg file...
##### Jamf Pro Load Balancing Configuration #####
listen stats # Goto port 9999 for stats
mode http
bind *:9999
stats enable
stats uri /
frontend jamfpro-lb # Jamf Pro Load Balancing
mode http
bind *:8080 # Jamf non-SSL port
bind *:8443 ssl crt /path/to/cert/with/no/key.pem
timeout client 10000
default_backend jamfpro-cluster
backend jamfpro-cluster #Jamf Pro Cluster
mode http
option forwardfor
option http-server-close
balance leastconn
option httpchk
fullconn 1100
cookie SRVSTICKY insert indirect nocache # Use session cookie to keep on same server
server jamf-pro02 IP_Address:8080 check cookie jamf-pro02 inter 2000 fall 5
server jamf-pro03 IP_Address:8080 check cookie jamf-pro03 inter 2000 fall 5
server jamf-pro04 IP_Address:8080 check cookie jamf-pro04 inter 2000 fall 5
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }Is there anything else that would be beneficial to add? It seems pretty straight forward. The main thing I am having issues with at this point, is figuring out how to add the wildcard SSL certificate to HAProxy. So if anyone has done that with HAProxy, I would love to know...I understand the premise, I am just not certain on the steps.
Also, is there any configuration that needs to be done on the Tomcat side of things?
Thanks,
Steve
Labels:
- Labels:
-
Jamf Pro
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-20-2017 02:36 PM
On the Tomcat side enable remote valve and remote ip forwarding
On balancer side, you want session persistence turned on so each client completes a full session with the same backend. You also want to use the healthCheck.html page to determine up or down status. Finally you may also have to deal with remote ip forwarding on the balancer side as well.
We use the Kemp load balancer, but each load balancer config is a bit different.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-20-2018 09:37 AM
Anyone have any direction on using the healthCheck.html page for up/down status in haproxy? I've been getting some false-downs. Restarting tomcat seems to clear it up, but I'd like to avoid having to do that.
(Oh hey, this thread was started a year ago today. Neat.)
