Aloha Load-balancer as a reverse proxy

Synopsis

You own small public subnet and want to be able to access multiple web sites or application behind a single public IP address.
Basically, you want to use your Aloha load-balancer as a reverse proxy.

Diagram

The diagram below shows how the reverse proxy works.
In our case, we have 2 domains pointing to the Aloha IP address.
Depending on the domain name, the Aloha will decide which farm it will use.
reverse_proxy

Configuration

On the Aloha, the reverse-proxy configuration is achieved by HAProxy.
HAProxy configuration can be done in the “layer 7” tab of the GUI or through the CLI command “service haproxy edit”.

First, the Frontend definition.
This is where HAProxy will take rooting decision based on layer 7 information.

frontend ft_websites
   mode http
   bind 0.0.0.0:80
   log global
   option httplog
# Capture Host header is important to know whether rules matches or not
   capture request header host len 64
# mysite configuration
   acl site1 hdr_sub(host) site1.com
   acl site1 hdr_sub(host) site1.eu
   use_backend bk_site1 if site1
# yoursite configuration
   acl site2 hdr_sub(host) site2.com
   acl site2 hdr_sub(host) site2.ie
   use_backend bk_site2 if site2
# default configuration
   default_backend bk_default

And now, we can define our backend sections for each website or application:

# First site backend configuration
backend bk_site1
   mode http
   balance roundrobin
   cookie SERVERID insert indirect nocache    # persistence cookie
   option forwardfor # add X-Forwarded-For
   option httpchk HEAD / HTTP/1.0rnHost: www.site1.com
   default-server inter 3s rise 2 fall 3 slowstart 0 # servers default parameters
   server srv1 192.168.10.11:80 cookie s1 weight 10 maxconn 1000 check
   server srv2 192.168.10.12:80 cookie s2 weight 10 maxconn 1000 check

# Second site backend configuration
backend bk_site2
   mode http
   balance roundrobin
   cookie SERVERID insert indirect nocache    # persistence cookie
   option forwardfor # add X-Forwarded-For
   option httpchk HEAD / HTTP/1.0rnHost: www.site2.com
   default-server inter 3s rise 2 fall 3 slowstart 0 # servers default parameters
   server srv1 192.168.10.13:80 cookie s1 weight 10 maxconn 1000 check
   server srv2 192.168.10.14:80 cookie s2 weight 10 maxconn 1000 check

And finally, the “garbage collector”, the default backend which hosts all the traffic that has not match any other rules.
It may be important to watch logs from this backend in order to ensure there is no mis-configuration.

backend bk_default
   mode http
   balance roundrobin
   option forwardfor # add X-Forwarded-For
   option httpchk HEAD /
   default-server inter 3s rise 2 fall 3 slowstart 0 # servers default parameters
   server srv1 192.168.10.8:80 weight 10 maxconn 1000 check
   server srv2 192.168.10.9:80 weight 10 maxconn 1000 check

Links

Leave a Reply

Your email address will not be published. Required fields are marked *