Configure HAProxy for round robin load balancing


#1

I installed haproxy and apache on same server. I then cloned the server for load balancing. My goal is to have apache handle both http and https requests (ssl passthrough) and have all http requests redirected to https automatically. I choosed round robin as algorithm for load balancing. I configured haproxy to use ports 80 and 443 for binding to virtual the IP (10.10.0.1) and have apache listen on ports 8080 and 4443 for “passed through” requests.

After much googling, I have the following haproxy.cfg setup on both servers:
-------------------------------------------------------------------------------------------------------------
<snip>

###-Redirect http requests to https-######
frontend http_to_https_redirect
bind 10.10.0.1:80
mode http
redirect scheme https if !{ ssl_fc }

frontend https_frontend
bind 10.10.0.1:443
mode tcp
option tcplog
default_backend https_backend

backend https_backend
mode tcp
balance roundrobin
option ssl-hello-chk
server ws1 10.10.0.2:4443 check
server ws2 10.10.0.3:4443 check

<snip>
-------------------------------------------------------------------------------------------------------------

I used curl and wget to test the above configuration and noted that all connections were directed only to ws1 although roundrobin was specified as algorithm. I would appreciate if someone can share insight on how to make roundrobin work.

Also, is it better (performance wise) if http-to-https redirection is done at apache level rather than at haproxy? If so, how do I configure haproxy so that both http and https connections get forwarded to apache? Thanks.

Kristy


#2

Maybe the backend is down due to a failed health check, we cannot possibly tell.
Check your haproxy logs to find out more.

http-to-https redirection works very well on haproxy, no need to forward to apache for that.

Please do read the documentation and configure haproxy based on the documentation, not copy and paste everything from random configuration examples on the internet.