Setting Up nginx As a Proxy on CentOS

This post will go over how to set up nginx to proxy and load balance over multiple servers on CentOS.

Step 1:
Install nginx.  If you have not already done so, install the epel repository:

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install nginx

The configuration file is stored in /etc/haproxy/haproxy.cfg.  You may want to back this file up as it will be modified in the next step.  You can also set up the service to start at boot:

chkconfig nginx on

Step 2:
Set up the server configuration.  The configuration file that will be modified is /etc/nginx/conf.d/default.conf.  You may want to back up this file before proceeding.  Some of the changes that will be made to this file are shown below.

server{
     listen 1.1.1.1:80;
     server_name example.com;

     location / {
          proxy_pass http://webservice;
     }
}

upstream webservice{
     server 10.0.0.2:80;
     server 10.0.0.3:80;
}

Note that the backend servers will be apache servers.

Step 3:
Set up the backend servers defined in haproxy.cfg.  In this example, just the apache test page is being used.  Apache can be installed with a simple

yum install httpd
service httpd on

Step 4:
Verify functionality.Checking the access logs on the nginx machine at /var/logs/nginx/access.log show the client making the connection.  Checking the apache logs at /var/logs/httpd/access.log on the servers behind the proxy show the requests being load balanced across both machines.  Taking down one of the apache servers results in the site staying up, but requests only being passed to the active server.

Setting Up HAProxy on CentOS

This post will go over installing and setting up HAProxy on CentOS.  HAProxy is a load balancer, and in this case, will have a public ip of 1.1.1.1 with 10.0.0.0/8 as the private network load balancing http.

Step 1:
Install HAProxy.  If you have not already done so, install the epel repository.

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install haproxy

The configuration file is stored in /etc/haproxy/haproxy.cfg.  You may want to back this file up as it will be modified in the next step.  You can also set up the service to start at boot:

chkconfig haproxy on

Step 2:
Set up the haproxy.cfg file.  There are a number of configuration options for haproxy, most of which can be found here.  The below configuration is how this system will be set up.

global
  maxconn 2000 # this system only has 512MB of memory
  daemon
  nbproc 1 # specify the number of processors to use
  log 127.0.0.1 local2
  user haproxy
  group haproxy
defaults
  log global
  mode http
  option httplog
  option dontlognull
  option http-server-close
  option forwardfor except 127.0.0.0/8
  option redispatch
  retries 3
  timeout http-request 10s
  timeout queue 1m
  timeout connect 10s
  timeout client 1m
  timeout server 1m
  timeout http-keep-alive 10s
  timeout check 10s
  maxconn 1900
listen webservice 0.0.0.0:80
  mode http
  status enable
  stats uri /haproxy?stats
  stats realm Private
  stats auth admin:password
  balance roundrobin
  option httpclose
  option forwardfor
  server server2 10.0.0.2 check
  server server3 10.0.0.3 check

Once the configuration is set up, start the service:

service haproxy start

Step 3:
Set up the backend servers defined in haproxy.cfg.  In this example, just the apache test page is being used.  Apache can be installed with a simple

yum install httpd
service httpd on

Step 4:
Verify functionality.

Upon the initial connection, the stats page already shows some data.

A couple of page refreshes shows the counters going up and the load being spread across the two servers.

To get a better sense of how the system will perform, the FreeBSD tool siege will be used with 1000 concurrent hits.

Shutting down apache on one of the servers shows that the web page remains reachable, but all of the connections go to the one remaining server.