Using HA Proxy to loadbalance between HTTPS endpoints
For providing a high availability for a service which isn’t high available by design often results in a few hours of headaches before you can solve it. I had the same issue. The situation was a cloud service which is not high available, but can be set up at different server locations. The question is how do I make the users switch when the outage is happening? The application I was facing was a SAP Cloud Platform HTML 5 application which does not offer high availability at this point. Because these applications can proxy data I needed to get them high available. A loadbalancer is a great way to distribute users between these endpoints. I have been using haproxy here in this case and later used an azure front door service for convenience, cause why not, right?
Prepare the endpoints
First of all you need two or more endpoints for your application. I had two endpoints which were both located in the EU, so that they can be reached without huge latency or package loss. Distributing the endpoints across regions is very important to provide a higher availability, because one region can fail due to many reason, while it is very unlikely that two regions fail at the same time.
Configure Server
First of all we need to spin up a linux machine which will be our haproxy host. After that we need to install it:
sudo apt install haproxy
After that we can edit the configuration file:
sudo vim /etc/haproxy/haproxy.conf
Now is the point where the real magic is happening and we need to append the following to the end of the file:
frontend haproxynode
bind *:80
mode http
option http-buffer-request
timeout http-request 10s
default_backend backendnodes
backend backendnodes
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r
http-send-name-header Host
server application-subaccount.dispatcher.hana.ondemand.com application-subaccount.dispatcher.hana.ondemand.com:443 ssl verify none
server application2-subaccount.dispatcher.eu3.hana.ondemand.com application2-subaccount.dispatcher.eu3.hana.ondemand.com:443 ssl verify none
Now we can restart the service and take a look on the logs to see if our users are distributed correctly:
sudo systemctl restart haproxy
sudo less +G /var/log/haproxy.log
You can change the rules to your needs to provide a location based balancing, if needed.