Load balacing – nginx and HAProxy

I had a scalability problem at work. Having about 3k customers with an average of 500 – 600 concurrent sessions and a middle aged all-in-one server, I have to balance http and https connections at least over 2 servers without changing the main IP address used by the client to start the application.

rock ssd

 

At the beginning, I evaluated Nginx, which is a well established http server (known for its outstanding capability on serving static resources) that has the capability to proxy requests to a pool of servers. I left this road quickly when I noticed that the proxy capability of Nginx does not supports (yet) sticky-sessions. In fact, when session affinity is required, Nginx can only route connection using source IP address as selection key, loosing the round-robin capability based on weight (that I need because I have server with different strength).

 

Looking for a balancer that supports weighted backend as long as affinity sessions, I foundHAProxy, which is considered the de-facto solution for this kind of problem. Again, evaluating this solution, I found something that bother me: HAProxy, in its stable version, can balance only http connection; it does not have support for https, which I need for my next version of the app.

Read more at: http://blog.towerengineering.it/2012/12/load-balancing-with-nginx-and-haproxy-1/

 

Nginx_HAProxy_Backend

 

———————-

HAProxy is really just a load balancer/reverse proxy. Nginx is a Webserver that can also function as a reverse proxy.

Here are some differences:

HAProxy:

  • Does TCP as well as HTTP proxying (SSL added from 1.5-dev12)
  • More rate limiting options
  • The author answers questions here on Server Fault 😉

Nginx:

  • Supports SSL directly
  • Is also a caching server

At Stack Overflow we mainly use HAProxy with nginx for SSL offloading so HAProxy is my recommendation.

Read more at: http://serverfault.com/questions/229945/what-are-the-differences-between-haproxy-and-ngnix-in-reverse-proxy-mode

———————-

“Nginx is becoming the standard for front end load balancing for many high traffic sites and this helps.”

I’ve used nginx as a load balancer, and it’s not pretty. All of the nginx load-balancing modules I’ve used, or seen used (I can think of at least five off the top of my head), have fallen apart under load, or not balanced intelligently, or just been plain bad. The modules I’ve used also tend to be hard to instrument, which makes working out exactly why they’re failing a bit of an adventure. I’m sure (I’d hope, at least) the load balancing modules in nginx have improved over time, but I’d still be very wary of it. In short: nginx is a kick-arse webserver, and I highly recommend it for that purpose, but as a load balancer I’d find something else.

My preference is for IPVS almost everywhere, as it runs at the IP layer and completely avoids all the ugly problems you just can’t avoid with a proxy. If you do feel the need to use a proxy, though, I would strongly recommend HAProxy over nginx. There are (narrow) circumstances in which a proxy is the best solution for the job, and I think HAProxy is the best of the bunch.

Read more at: http://www.hezmatt.org/~mpalmer/blog/2011/07/24/followup-to-ssl-session-caching-with-nginx.html

 

———————-

A example of how to configure HAProxy and Nginx
http://think-devops.blogspot.pt/2013/04/load-balancer-with-ssl-offloading-nginx.html 

5 thoughts on “Load balacing – nginx and HAProxy

  1. IPVS is your recommendation? Something that has not been updated since 2004? HAProxy is the de facto standard and you mention that StackOverflow uses it as of your writing in December 2013. Do you still feel that IPVS is the correct way to go? How do you feel about HAProxy now?

  2. haproxy should provide SSL termination on latest version
    stunnel can be used as alternative for SSL termination point
    some advanced load balancing features (like session afinnity) are only in commercial version of nginx

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.