Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Dec 2003 14:02:13 +0100
From:      Clement Laforet <sheepkiller@cultdeadsheep.org>
To:        Bogdan TARU <bgd@icomag.de>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: general load balancing issues
Message-ID:  <20031215140213.2bd338ea.sheepkiller@cultdeadsheep.org>
In-Reply-To: <20031215114652.GA74902@icomag.de>
References:  <20031215114652.GA74902@icomag.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 15 Dec 2003 12:46:52 +0100
Bogdan TARU <bgd@icomag.de> wrote:
 
Hi !
>  Right now I am considering a setup with one common NFS repository for
>  the configuration files, Apache binaries, Web content and temp
>  directory for PHP, NFS resource which will be mounted on all the
>  'front' webservers. I am wondering, though, if I will be able (by
>  having one common temp directory for PHP) to load-balance the domains
>  involving sessions: will the sessions be lost when connsecutive hits
>  go to different webservers, or not? 

If I were you, I would consider a 3-tier architecture


                  /----------+
                 /           |
                /        +-------+
    +----------+         |  web  |        +----------+
----|   Load   |         |servers|--------|NFS server|
    | balancer |         |  pool |        +----------+
    +----------+         |       |
                \        +-------+
                 \           |
                  \----------+

Concerning PHP session, a HTTP reverse-proxy can easily do the trick.
If you don't want to spend a lot of time on configuring apache as
reverse proxy, you can use some flexible and easy-to-use dedicated
software.
Here's my favorite:
1. pound (${PORTSDIR}/www/pound}
pound can handle URI based sessions to redirect request to the correct
backend server. It support SSL too.

2. haproxy (${PORTSDIR}/net/haproxy)
haproxy is less intuitive than pound, but more flexible.
It DOES NOT support SSL.

Both support backend failures.
Since thay acts like proxy, you don't have to reconfigure your network
(but I recommend it)

To grab real IP address on your apache server you must use (and
configure carefully) mod_extract_forwarded{2} or mod_rpaf{2}.

If you don't want to use a reverse proxy, Matthew Seaman's solution
looks the best.


clem

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031215140213.2bd338ea.sheepkiller>