Confluence DC 用 HAProxy ロード バランサーの構成
関連コンテンツ
- 関連コンテンツがありません
The purpose of a load balancer is to efficiently distribute incoming network traffic between Confluence nodes in round robin cluster configuration. If you don't have a particular preference or policy for load balancers, you can use HAProxy, which is a popular open-source load balancer. Learn how to get up and running with HAProxy and see sample configurations that you can use as reference points for creating your own setup.
はじめる前に
The content on this page relates to platforms which are not supported. Consequently, Atlassian Support cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.
Download and install HAProxy from http://www.haproxy.org/.
Make sure that you're using HAProxy 2.2.0 or newer for HTTP check and HTTPS support.
To check which version of HAProxy you use, run the following command:
haproxy --version
To configure HAProxy:
Review the contents of the
haproxy.cfg
file and customize it for your environment.The
haproxy.cfg
file is typically located at/etc/haproxy/haproxy.cfg
. See https://docs.haproxy.org/ for more information about configuring HAProxy. Refer to the examples of how to configure HAProxy in different scenarios:Example 1: HTTP terminationThe following is an example of a minimal configuration that sets up a frontend on port 80/TCP (HTTP) in front of two Confluence servers running on the default HTTP service port 8090/TCP, and the Syncrony service on port 8091/TCP.
When installing haproxy it should create the user haproxy to run it has a service, change it in the haproxy.cfg if necessary.
In this configuration example, the HAProxy statistics page is disabled by default. To do enable it, change the
stats disabled
line tostats enabled
. Then, once the haproxy service is running, navigate tohttp://<confluence-url>:8404/stats
.However, by default, the HAProxy statistics page doesn't require authentication. In case of any security concerns, you can enforce basic authentication by adding a
stats auth <username:password>
line to the configuration. Alternatively, disable access to the page by changing thestats enabled
line tostats disabled
.For more information, see Exploring the HAProxy Stats Page (What You Should Know).
global log 127.0.0.1 local2 # Loging to syslog service local2 chroot /var/lib/haproxy daemon user haproxy group haproxy frontend stats bind *:8404 stats enable stats uri /stats stats refresh 10s frontend confluence bind *:80 mode http option forwardfor option http-server-close log global option httplog timeout client 300s maxconn 150 use_backend connie_backend if { path /confluence } || { path_beg /confluence/ } use_backend synchrony_backend if { path /synchrony } || { path_beg /synchrony/ } backend connie_backend log global mode http balance roundrobin option httpchk http-check send meth GET uri /confluence/status http-check expect string RUNNING cookie confluence insert indirect nocache server confluence1 x.x.x.x:8090 check cookie confluence1 server confluence2 x.x.x.x:8090 check cookie confluence2 backend synchrony_backend log global mode http balance roundrobin option httpchk http-check send meth GET uri /synchrony/heartbeat http-check expect string OK cookie synchrony insert indirect nocache server synchrony1 x.x.x.x:8091 check cookie synchrony1 server synchrony2 x.x.x.x:8091 check cookie synchrony2
Example 2: HTTPS terminationThe following is an example of a more complex HAProxy configuration, which assumes that:
This is a 2-node Confluence active-active cluster.
- HAProxy will listen on ports:
- 443/TCP for HTTPS connections
The certificate apem file used by HAProxy are installed in /etc/haproxy/cert.pem. Change this for your certificate path.
<confluence-url>
this is your FQDNHAProxy redirects calls to /url/confluence path to Confluence Node1 and Node 2
- HAProxy redirects calls to /url/confluence path to Synchrony Node1 and Node 2 - This one can be standalone or managed.
In this configuration example, the HAProxy statistics page is enabled by default. This allows you to monitor the health of your cluster by navigating to the HAProxy statistics page at
https://<confluence-url>:8404/stats
.However, by default, the HAProxy statistics page doesn't require authentication. In case of any security concerns, you can enforce basic authentication by adding a
stats auth <username:password>
line to the configuration. Alternatively, disable access to the page by changing thestats enabled
line tostats disabled
.For more information, see Exploring the HAProxy Stats Page (What You Should Know).
The following details the structure of a typical .pem file (including they private key, the certificate and the certificate chain):
-----BEGIN RSA PRIVATE KEY----- (Private Key: domain_name.key contents) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Primary SSL certificate: domain_name.crt contents) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Intermediate certificate: certChainCA.crt contents) -----END CERTIFICATE----
global log 127.0.0.1 local2 # Loging to syslog service local2 chroot /var/lib/haproxy daemon user haproxy group haproxy frontend stats bind *:8404 name <confluence-url> ssl crt /etc/haproxy/cert.pem stats enable stats uri /stats stats refresh 10s # HTTPS frontend confluence bind *:443 name <confluence-url> ssl crt /etc/haproxy/cert.pem mode http option forwardfor option http-server-close http-request redirect scheme https unless { ssl_fc } log global option httplog timeout client 300s maxconn 150 use_backend connie_backend if { path /confluence } || { path_beg /confluence/ } use_backend synchrony_backend if { path /synchrony } || { path_beg /synchrony/ } backend connie_backend log global mode http balance roundrobin option httpchk http-check send meth GET uri /confluence/status http-check expect string RUNNING cookie confluence insert indirect nocache server confluence1 x.x.x.x:8090 check cookie confluence1 server confluence2 x.x.x.x:8090 check cookie confluence2 backend synchrony_backend log global mode http balance roundrobin option httpchk http-check send meth GET uri /synchrony/heartbeat http-check expect string OK cookie synchrony insert indirect nocache server synchrony1 x.x.x.x:8091 check cookie synchrony1 server synchrony2 x.x.x.x:8091 check cookie synchrony2
Once you have configured
haproxy.cfg
correctly for your environment, start thehaproxy
service according to the instructions appropriate for your operating system.
関連コンテンツ
- 関連コンテンツがありません