Apache 2.2 mod_proxy failover/load balancing - apache

I am using mod_proxy_balancer to manage failover of backend servers (tcServers). Backend servers may return an error code instead of timing out when some other backend service fails such as NFS and we want such servers also to be marked as failed nodes. Hence we are using failonstatus directive.
<Proxy balancer://awstestbalancer>
ProxySet failonstatus=503
BalancerMember https://host:port/context/ retry=30
# the hot standby
BalancerMember https://host:port/context/ status=+H retry=0
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
Currently the failover works perfectly with one glitch. When active node fails the user gets a 503 error and from the next request the Standby server takes over.
I dont want even a single request to fail though. Cant mod_proxy failover with out ever returning an error to the client? If active node fails I want mod_proxy to try the Standby for the same request and not just from the subsequent request!
I have also tried the following settings, but they did not work. Using APACHE 2.2.59
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context route=tcserver1 loadfactor=1
BalancerMember https://host:port/context route=tcserver2 loadfactor=1
ProxySet lbmethod=bybusyness
ProxySet nofailover=Off
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
AND
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context route=tcserver1 loadfactor=1 ping=5
BalancerMember https://host:port/context route=tcserver2 loadfactor=1 ping=5
ProxySet lbmethod=bytraffic
ProxySet nofailover=On
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
Thanks!!!
Sid

Following configuration would work. if backend is on AWS and its status changes frequently you could try to decrease the connectiontimeout.
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context/ connectiontimeout=5
BalancerMember https://host:port/context/ connectiontimeout=5
</Proxy>
ProxyPass /context balancer://awstestbalancer failonstatus=500,501,502,503,504
ProxyPassReverse /context balancer://awstestbalancer

Related

Apache load balancer just uses first entry

I have configured a loadbalancer for Apache as following:
<Proxy "balancer://mycluster">
BalancerMember "http://127.0.0.1:8081/" loadfactor=1
BalancerMember "http://127.0.0.1:8082/" loadfactor=1
ProxySet lbmethod=byrequests
</Proxy>
<VirtualHost *:80>
ServerName subdomain.example.com
ProxyPass / "balancer://mycluster"
ProxyPassReverse / "balancer://mycluster"
</VirtualHost>
If i fire some requests at it like in
for i in `seq 1 100`
curl http://subdomain.example.com/ping &
I get my pong (which is the balancers response) 100 times
But the logs are only showing the requests in my first BalancerMember at port 8081.
How can I debug this or change to a round-robin style?

configuring multiple domains using virtual host with mod proxy in a single httpd instance

I have an apache instance running three domains using name based virtual hosting and every domain has resources to reverse proxy them down to an application server. Application server is a JBoss running a since JVM instance (http://x.x.x.x:8080/)
The domains along with their resources are,
www.abc.com
- alpha
www.def.com
- beta
www.ghi.com
- gamma
- (root URL - no resource)
abd.com and def.com domains have one resource whereas ghi.com has two (root (/) and gamma).
this is how we have setup virtual hosting for three different domains. A sample for abc.com domain is below,
<VirtualHost *>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
With all configuration in place when I try accessing these domains,
www.abc.com/alpha --> works
www.def.com/beta --> works
www.ghi.com/gamma --> works
www.ghi.com/ --> works
since ghi.com domain has a root mapping (/) I am able to access resources of other domain through ghi.com and if I remove the root mapping, cross domain resource accessibility does not work.
www.ghi.com/alpha --> works
www.ghi.com/beta --> works
I do not want the resources of other domain to be accessed through ghi.com. I cannot remove root mapping from ghi.com virtual host configuration.
We have tried multiple configuration but none has worked out.
I may sound bit non technical here which I apologize, but this is my problem statement and I am looking for for a fix.
update 1: configuration file after fix proposed by pandurang.
NameVirtualHost *
<VirtualHost *>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/gamma " env=BALANCER_ROUTE_CHANGED
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ " env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster4>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
ProxyPass /alpha !
</VirtualHost>
Use the below sequence and test.
ProxyPass /alpha !
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
Create Three different Name-based VirtualHost and disable context(alpha and beta) in www.ghi.com.
<VirtualHost www.abc.com>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
<VirtualHost www.def.com>
ServerName def.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/beta" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /beta balancer://mycluster4/beta
ProxyPassReverse /beta balancer://mycluster4/beta
</VirtualHost>
<VirtualHost www.ghi.com>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha !
ProxyPass /beta !
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
</VirtualHost>

Apache 2.4 - configure ProxyPass based on full url instead of trailing path

Currently I have the following ProxyPass's configured in my Apache httpd.conf file.
The goal is to have one Proxypass on http://myurl.com:port1/mypath to one balance group, and then have any additional Proxypass go to http://myurl.com:port2/mypath to any additional balance groups.
Here is my code currently as is which only works based on the /mypath apparently and can have no proceeding URL. The problem is my two /mypath's are the same and only differ by port1 and port2 in the URL.
I am currently listening on Port1 and Port2 defined above in Apache, but I have no way currently to distinguish if someone who comes in on myurl.com:port1 will get directed to Group1 or Group2 in the balance manager because the /mypath is the same for both.
<IfModule proxy_module>
ProxyPass /mypath balancer://Group1/ stickysession=JSESSIONID|jsessionid
ProxyPass /mypath balancer://Group2/ stickysession=JSESSIONID|jsessionid
<Proxy balancer://Group1>
BalancerMember ajp://myurl.com:portX/mypath route=TC01
</Proxy>
<Proxy balancer://Group2>
BalancerMember ajp://myurl.com:portY/mypath route=TC01
</Proxy>
</IfModule>
The below does not work but this is essentially what I am trying to do:
<IfModule proxy_module>
ProxyPass http://myurl.com:port1/mypath balancer://Group1/ stickysession=JSESSIONID|jsessionid
ProxyPass http://myurl.com:port2/mypath balancer://Group2/ stickysession=JSESSIONID|jsessionid
<Proxy balancer://Group1>
BalancerMember ajp://myurl.com:portX/mypath route=TC01
</Proxy>
<Proxy balancer://Group2>
BalancerMember ajp://myurl.com:portY/mypath route=TC01
</Proxy>
</IfModule>
Since ProxyPass cannot occur within <If> section, seems like you are left with splitting your configuration in two VirtualHosts:
<VirtualHost *:port1>
ServerName myurl.com
<Proxy balancer://Group1>
BalancerMember ajp://myurl.com:portX/mypath route=TC01
</Proxy>
ProxyPass /mypath balancer://Group1/ stickysession=JSESSIONID|jsessionid
</VirtualHost>
<VirtualHost *:port2>
ServerName myurl.com
<Proxy balancer://Group2>
BalancerMember ajp://myurl.com:portY/mypath route=TC01
</Proxy>
ProxyPass /mypath balancer://Group2/ stickysession=JSESSIONID|jsessionid
</VirtualHost>

Load Balancer with Apache HTTPD

I'm struggling to set up a an Apache httpd load balancer in front of a couple of application servers. This is my configuration:
ProxyRequests off
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
ProxySet lbmethod=bybusyness
ProxySet stickysession=JESSIONIDSSO
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
ProxyPassReverseCookieDomain http://127.0.0.1:8080 localhost
ProxyPassReverseCookieDomain http://remote-svr:8080 localhost
I'm not sure the last 2 lines do anything, although one of the many examples I've looked at online used them, so I added them to see if it fixed my problem (it didn't).
The issue is that if I comment out either of the BalancerMember lines eg:
#BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
Then the behaviour from a user perspective is fine, however when both members are active, the behaviour is wrong.
The application initially displays a login screen, however when both load balancers are active, the user on submitting their username and password just get redirected back to the login screen again, maybe the session is being lost somewhere. Does anyone have any idea what the issue might be?
EDIT - NOW WORKING
for reference, this setup now seems to work:
ProxyRequests off
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080 route=localServer
BalancerMember http://remote-svr:8080 route=remoteServer
ProxySet lbmethod=bybusyness
ProxySet stickysession=ROUTEID
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
Note the 'route' attribute for the individual nodes needs to be set on the nodes themselves (server.xml in this case, as the servers run JBoss). JSESSIONID worked ok as the sticky session cookie for individual applications but there is more than one application on each server, and the user needs to use the same node for all.
If I were to guess you probably loose the session due to a typo in this section:
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
ProxySet lbmethod=bybusyness
ProxySet stickysession=JESSIONIDSSO
</Proxy>
ProxySet stickysession=JESSIONIDSSO this should probably say ProxySet stickysession=JSESSIONIDSSO? Or maybe even JSESSIONID?

mod_proxy isn't using the port defined in my balancermembers

I'm trying to set up my apache load balancer to proxy to the same backend clusters to apps running on different ports. The cluster definitions are like this:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
BalancerMember http://192.168.2.11:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://192.168.2.10:81
BalancerMember http://192.168.2.11:81
</Proxy>
In the load balancer, one of the vhost needs to talk to both, so in the vhost definition I have:
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /feed balancer://wordpress-cluster/feed lbmethod=byrequests
ProxyPassReverse /feed balancer://wordpress-cluster/feed
ProxyPass / balancer://corporate-cluster/ lbmethod=byrequests
ProxyPassReverse / balancer://corporate-cluster/
when requesting for '/' , I get the content served from the port 80 app, not the port 81 app.
Would anyone know on what is happening? it looks like this might be a case of overzealous worker sharing, but shouldn't specifying the different ports prevent that?
Is there something else I should do?
Forgot to mention: this is using apache 2.2.4-1 on a centos box.
Thanks in advance!
Tim
OK, so I still don't know what happened. Did 2 steps to fix my problem:
1) split the cluster into 2 1-machine clusters and things worked:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://192.168.2.11:81
</Proxy>
But of course that killed balancing and failover support... not good
Second option, create dns aliases to ensure that the balancermembers looked different (even though they point to the same boxes:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
BalancerMember http://192.168.2.11:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://corp01:81
BalancerMember http://corp02:81
</Proxy>
And voila! The setup is now working for me :)