04 Aug 2015

Optimalisasi Load Balancer HAProxy dengan HTTPS

Masa – masa registrasi gini nih yang seru, karena load user bisa sampai 1000 lebih concurrent. Awalnya server load balancer saya menggunakan FreeBSD+HAProxy+Stunnel. di bawah 800 concurrent masih aman, tapi waktu diatas 1000 server sudah menunjukkan kegoyahannya hampir tumbang di user 1400an. pas kito jenguk server balancer, ternyata stunnel udah gak kuat menopang user yang terus berdatangan. Alhasil stunnel saya matikan dan load balancer nggak pake stunnel, hanya HAProxy. Mencari ide gimana caranya site jadi https kembali, baca-baca akhirnya bisa menggunakan NGINX dan HAProxy.

Configurasi di NGINX

#user nobody;
worker_processes 6;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;
events {

worker_connections 1024;

}
http {

include mime.types;
default_type application/octet-stream;

sendfile on;
keepalive_timeout 65;

server {

listen 443 ssl;
server_name hanangpriambodo.com;

ssl_certificate /usr/local/etc/nginx/certs/hanangpriambodo_com.pem;
ssl_certificate_key /usr/local/etc/nginx/certs/hanangpriambodo_com.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {

proxy_pass http://10.13.14.85:81;

}

}

}

Kemudian konfigurasi di HAProxy

global

log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user www
group www
stats socket /tmp/haproxy

defaults

log global
mode http
maxconn 5000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

listen jupe 10.13.14.85:80

mode http
redirect location https://hanangpriambodo.com
redirect prefix https://hanangpriambodo.com code 301
stats enable
stats uri /hanang?stats
stats auth hanang:priambodo
option httpclose
option redispatch #tambahan
option httplog #tambahan
timeout client 500000
timeout connect 500000
timeout server 500000
balance roundrobin
#reqadd X-Forwarded-Proto:\ http
cookie SERVERID insert indirect
server 71 10.13.14.71:80 cookie A check maxconn 200 weight 200
server 73 10.13.14.73:80 cookie B check maxconn 200 weight 200

listen secure_jupe 10.13.14.85:81

timeout client 500000
timeout connect 500000
timeout server 500000
mode http
balance roundrobin
cookie SERVERID insert nocache
option forwardfor except 10.13.14.181
option httpclose
option redispatch
option httplog
reqadd X-Forwarded-Proto:\ https
server 71 10.13.14.71:80 cookie A check maxconn 200 weight 200
server 73 10.13.14.73:80 cookie B check maxconn 200 weight 200

Kemudian restart nginx dan haproxy

Leave a Reply