New Project - Thoughts? (CentOS, HAProxy, Load Balance)...

Jimmy9008

Hi folks,

Thanks for taking the time...

I've been thinking of doing this for a while now and finally have some time! Before investing that time, I would like to make sure this is a path that makes sense, or see if a better options exist... I have no experience of Linux and will hopefully get alternatives if my idea is not a 'production' worthy option... (Probably time I start using Linux anyway!)

Ok, what I currently have:

1. Cloudflare points requests to us.
2. Our firewall gets the traffic from Cloudflare, then allows the traffic through to IIS webservers IF the traffic meets the rules we have in place.
3. IIS serves content.

What I want to do (obviously, as a lab, then as a test with actual test copies of our sites, then a staging test for in depth testing by our test team, before being released to production (far away if its even a solid plan)...

1. Cloudflare points requests to us.
2. Firewall checks the traffic based on our rules.
3. Traffic routes to CentOS, with HAProxy.
4. HAProxy looks at custom header added by Cloudflare "HTTP_CF_CONNECTING_IP", which is the clients origin IP, and points them to an IIS web server.
5. Web server responds.
6. Any following requests from same client route to same web server, unless that web server is unavailable.

So... thoughts? Would CentOS with HAProxy be suitable to crack this? Is it a poor choice compared to other options?
I've looked at load balance options in Windows, but that doesn't look to do what I want. For example, I don't think you can get Windows Load Balancer to check for the custom header and route that client to the same web server until its unavailable. All Windows has is 'affinity', but in a test that points all Cloudflare traffic to the same web server as its all from 'Cloudflare' - didn't check the custom header... and couldn't see a way to make it!

I've also looked at Citrix NetScaler, and I think that could check the header, but compared to CentOS/HAProxy, I do not know if they are even comparable options...

I love to learn and have no issues being told i'm waaaayyyyy off of a good idea if that's the case - so where would you suggest I look based on what i'm trying to do for a solution that could eventually be production?

Thanks,
Jim

scottalanmiller

Is this pure web? Nginx might be better than HA-Proxy.

Jimmy9008

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Is this pure web? Nginx might be better than HA-Proxy.

I will take a look at Nginx too. Any benefits over HAProxy?

The sites are IIS, only one webserver for each site, all going to a series of SQL Servers for data etc...
I aim to change the IIS boxes to all be load balanced (somehow).

Like I said, don't mind learning new things, like doing so in fact - just want to make sure what I'm learning is down the right path...

Technically, from an infrastructure pov, we have four nodes running HyperV 2016. Each has a number of 2016 VMs running on it, a mix of IIS servers and SQL Servers etc. We have a few older boxes, but still very decent, which could be provisioned as Linux/load balance boxes.

Jimmy9008

@scottalanmiller

Only HTTP/S traffic from the IIS boxes to clients. They aren't used for anything else.

scottalanmiller

Nginx is very good for that. Does caching.

scottalanmiller

Nginx will also do your SSL termination taking that load off of Windows.

Jimmy9008

@scottalanmiller

So, NGINX Plus, I will take a look at that. Do they have a totally free version?
CentOS with HAProxy is totally free right?

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Nginx is very good for that. Does caching.

'Ip_hash' would load balance to IP; that does what I need if I can specify HTTP_CF_CONNECTING_IP as the client IP rather than Cloudflare. Can NGINX do that?

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

So, NGINX Plus, I will take a look at that. Do they have a totally free version?
CentOS with HAProxy is totally free right?

What? Why did you jump from Nginx which is part of CentOS to NGinx Plus which no one here has ever mentioned, ever (in any thread)? Of course it is free, it's been the leading web server for a long time. We all use it. Tons of threads on it. It's part of your OS.

Just do this...

yum install nginx

And there it is.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

HTTP_CF_CONNECTING_IP

Why do you want that? What's the goal of this?

Jimmy9008

@scottalanmiller

The first link i found went to that version hence wondering if a free version exists. Like i said, never looked at anything Linux before so a high learning curve here...

I think I that cloud flare header can't be used, the load balancer would see all traffic from the one address and would then point all traffic, like affinity, to the same webserver. Using that value shows the traffic is from different clients.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

The first link i found went to that version hence wondering if a free version exists. Like i said, never looked at anything Linux before so a high learning curve here...

I think I that cloud flare header can't be used, the load balancer would see all traffic from the one address and would then point all traffic, like affinity, to the same webserver. Using that value shows the traffic is from different clients.

Oh, I see.

https://www.serverstack.com/blog/2013/01/21/load-distribution-with-nginx-and-cloudflare/

scottalanmiller

Why do you want to load balance multiple IIS instances? Are your individual web servers so big that you can't grow them any longer?

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Why do you want to load balance multiple IIS instances? Are your individual web servers so big that you can't grow them any longer?

The end goal is to 4 x IIS VMs with each being on a different host. Each VM runs the same site (so 4 running copies on different hardware). With load balancer, especially if they can work as a redundant pair too on separate hosts, we'd have to lose all four IIS VMs, or both Internet lines, or both load balancers, or all four hosts to be unavailable to clients.

Or power/flood/Cloudflare issues/what not.

But in terms of what we have available to us, its within reach to at least have better capability with what we can control. I just need to understand what tools to use now, be in HAProxy, NGINX, NetScaler... etc

JaredBusch

The better question here is why this crap not posted somewhere else why are you doing in internal.

There's no way you can do this is cost efficiently as a hosting provider.

Jimmy9008

@JaredBusch

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

The better question here is why this crap not posted somewhere else why are you doing in internal.

There's no way you can do this is cost efficiently as a hosting provider.

Bad Thursday Jared? Why don't you post your crap somewhere else.
We have on site for many reasons, none of which I need to explain to you.

JaredBusch

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

The better question here is why this crap not posted somewhere else why are you doing in internal.

There's no way you can do this is cost efficiently as a hosting provider.

Bad Thursday Jared? Why don't you post your crap somewhere else.
We have on site for many reasons, none of which I need to explain to you.

Don't throw your bad business decisions on me. I simply asked a question because it's true. Something everyone on here always tries to do was get to an actual valid business solution not just the solution a person asks for especially when they specifically stated they did Not know all possible solutions. And less you tell somebody we have no way to know that you evaluated I hosted solution where this could all be done properly or not.

Jimmy9008

@JaredBusch

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

The better question here is why this crap not posted somewhere else why are you doing in internal.

There's no way you can do this is cost efficiently as a hosting provider.

Bad Thursday Jared? Why don't you post your crap somewhere else.
We have on site for many reasons, none of which I need to explain to you.

Don't throw your bad business decisions on me. I simply asked a question because it's true. Something everyone on here always tries to do was get to an actual valid business solution not just the solution a person asks for especially when they specifically stated they did Not know all possible solutions. And less you tell somebody we have no way to know that you evaluated I hosted solution where this could all be done properly or not.

Yes, all valid questions. 'Why this crap not posted somewhere else' is rude; no need to be rude at all and not appreciated.

Our hosting decisions to keep on site, and to figure out a way to do load balancing etc is also not a bad business decision. It is less expensive than a hosting provider; how exactly do you think it would be more expensive?

JaredBusch

If you're going to constrain yourself to on premise then as Scott suggested Nginx is the probably the best thing to do

JaredBusch

@Jimmy9008 oh I see with this you off that word should be hosted sorry Siri messed up