From owner-freebsd-hackers@FreeBSD.ORG Mon Dec 15 05:02:09 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62F8416A4CE for ; Mon, 15 Dec 2003 05:02:09 -0800 (PST) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7554443D37 for ; Mon, 15 Dec 2003 05:02:03 -0800 (PST) (envelope-from sheepkiller@cultdeadsheep.org) Received: (qmail 22876 invoked by uid 85); 15 Dec 2003 14:02:01 +0100 Received: from sheepkiller@cultdeadsheep.org by goofy.cultdeadsheep.org by uid 82 with qmail-scanner-1.20rc2 (spamassassin: 2.60. Clear:RC:1:. Processed in 0.078216 secs); 15 Dec 2003 13:02:01 -0000 Received: from unknown (HELO persephone.cultdeadsheep.org) (192.168.0.8) by goofy.cultdeadsheep.org with SMTP; 15 Dec 2003 14:02:00 +0100 Received: (qmail 18423 invoked from network); 15 Dec 2003 14:01:18 +0100 Received: from unknown (HELO lucifer.cultdeadsheep.org) (192.168.0.2) by persephone.cultdeadsheep.org with DES-CBC3-SHA encrypted SMTP; 15 Dec 2003 14:01:18 +0100 Date: Mon, 15 Dec 2003 14:02:13 +0100 From: Clement Laforet To: Bogdan TARU Message-Id: <20031215140213.2bd338ea.sheepkiller@cultdeadsheep.org> In-Reply-To: <20031215114652.GA74902@icomag.de> References: <20031215114652.GA74902@icomag.de> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.9.8 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: general load balancing issues X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2003 13:02:09 -0000 On Mon, 15 Dec 2003 12:46:52 +0100 Bogdan TARU wrote: Hi ! > Right now I am considering a setup with one common NFS repository for > the configuration files, Apache binaries, Web content and temp > directory for PHP, NFS resource which will be mounted on all the > 'front' webservers. I am wondering, though, if I will be able (by > having one common temp directory for PHP) to load-balance the domains > involving sessions: will the sessions be lost when connsecutive hits > go to different webservers, or not? If I were you, I would consider a 3-tier architecture /----------+ / | / +-------+ +----------+ | web | +----------+ ----| Load | |servers|--------|NFS server| | balancer | | pool | +----------+ +----------+ | | \ +-------+ \ | \----------+ Concerning PHP session, a HTTP reverse-proxy can easily do the trick. If you don't want to spend a lot of time on configuring apache as reverse proxy, you can use some flexible and easy-to-use dedicated software. Here's my favorite: 1. pound (${PORTSDIR}/www/pound} pound can handle URI based sessions to redirect request to the correct backend server. It support SSL too. 2. haproxy (${PORTSDIR}/net/haproxy) haproxy is less intuitive than pound, but more flexible. It DOES NOT support SSL. Both support backend failures. Since thay acts like proxy, you don't have to reconfigure your network (but I recommend it) To grab real IP address on your apache server you must use (and configure carefully) mod_extract_forwarded{2} or mod_rpaf{2}. If you don't want to use a reverse proxy, Matthew Seaman's solution looks the best. clem