This guide demonstrates the minimum requirements and configuration for the HAProxy load balancer, to distribute the ProcessRobot clients connections load among the ProcessRobot Servers of a Multiserver environment.
Please note that this article demonstrates the minimum required configuration for the HAProxy Load Balancer. Please consult your IT Department before setting it up on a Production environment.
After installing HAProxy on the desired Linux distribution, please edit the haproxy.cfg file located by default at /etc/haproxy/ directory.
The minimum configuration should look like this:
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode tcp option tcplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend haproxynode bind *:6090 mode tcp default_backend backendnodes frontend stats bind *:80 mode http stats enable stats uri /stats stats refresh 10s backend backendnodes balance source option tcplog server node1 172.16.0.10:6090 check server node2 172.16.0.13:6090 check
On the frontend haproxynode, the bind port is set to 6090, same as the ProcessRobot Servers listening port picked. It is user configurable, but it is easier to refer to the same port as the ProcessRobot Servers one.
On the backend backendnodes, the load is distributed using the source algorithm on the two available nodes, where the ProcessRobot Servers are installed. On the source algorithm, the source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This ensures that the same client IP address will always reach the same server as long as no server goes down or up (session stickiness).
Upon the configuration is ready, please restart the haproxy service.
After performing the above steps, in order to connect the ProcessRobot clients to the ProcessRobot Servers through the load balancer, please provide the IP and port of the Linux machine that hosts the HAProxy to the 'ProcessRobot Server Address' configuration field.