This article will describe the process required to set up a highly-available SSL-enabled load balancer using HAProxy, stunnel and keepalived to front a pair of Apache Tomcat instances.
The configuration will start off simple, and extend and grow as more functionality is added. First, a session-aware HAProxy load balancer is configured. Next, Tomcat clustering is configured with session replication and the responsibility for maintaining session state is moved to Tomcat. Then, keepalived is added - providing a failover IP between HAProxy instances running on two nodes. The solution is then fully HA. To complete the article, SSL support will be enabled by way of adding stunnel in front of the HAProxy instances, and a few cleanup tasks performed.
Faithful dolan and gooby will be used for this in my lab environment. Each of the servers is running CentOS 6.3 x86_64 and already has a Tomcat instance installed to /usr/local/tomcat7 (running as the tomcat user).
|
1 2 3 |
172.16.18.169 dolan www1.tokiwinter.com 172.16.18.172 gooby www2.tokiwinter.com 172.16.18.199 vip-address |
As you can see, I’ve also reserved an IP address for our floating IP (or Virtual IP - VIP).
The end goal is to have dolan and gooby both running Tomcat as before, also running their own HAProxy and stunnel instances but also running a failover VIP provided by keepalived.