0

I have an application which is running on a webserver(ws1) and connected to a app server(as1). I have the same application running on another webserver(ws2) and another appserver(as2). But I have only one reverse proxy server. So my setup is something like

server setup diagram

So currently I am load balancing between these servers. My Nginx configuration looks like this:

http {
    upstream myapp1 {
        server ws1.example.com;
        server ws2.example.com;

    }

    server {
        listen 80;

        location / {
            proxy_pass http://myapp1;
        }
    }
}

But is it better to load balance by Nginx or to make the HA setup. If I make HA setup should the web server and app server be clustered?

kasperd
  • 29,894
  • 16
  • 72
  • 122
Ronak
  • 11
  • 1
  • 2
  • It's fine. You can add another identical server that can take it's place with keepalived. – hookenz May 11 '17 at 03:25
  • My question is the load balancing with one nginx is good or should I have another nginx server and do the HA setup? – Ronak May 11 '17 at 03:33
  • 1
    Your current setup leaves the Nginx load balancer as the single point of failure. If you want to eliminate that you could potentially do it with DNS. Remove the reverse proxy (or create another), have A records for either the web servers directly or the reverse proxies if you keep them. Clients _should_ load balance across both - you'd clearly want to research and test that thoroughly before doing anything similar in production. Using AWS Route53 could help with that, as it randomises the order of A records returned for each query. – Tim May 11 '17 at 03:55

1 Answers1

2

It's all very good to load balance the servers, but if the server providing the load balancing was to fall over, neither of the other two servers would be accessible.

One way to resolve that is to set up an HA arrangement so that if the load balancer was to drop out, another server would immediately take it's place.

To provide the HA you can use a service like keepalived which uses the VRRP protocol to provide a highly available Internet Address. In fact, it works very well. A configuration similar to the following would work.

Lets say you want a service to be visible at 10.10.10.100

Create 2 machines with one with IP 10.10.10.101 and the other with IP 10.10.10.102 Install keepalived service on both. Remember to set: net.ipv4.ip_nonlocal_bind = 1 In sysctl.conf on both machines.

Set up with nginx config as described.

First Nodes keepalived.conf:

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secretpass
    }
    virtual_ipaddress {
        10.10.10.100  
    }
}

Second Node:

vrrp_instance VI_1 {
        state BACKUP
        interface eth0
        virtual_router_id 51
        priority 150
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass secretpass
        }
        virtual_ipaddress {
            10.10.10.100
        }
    }

Now what'll happen is when the master machine is running, it will provide the virtual ip 10.10.10.100 If you stop this machine, the other will take over the IP.

Fuller example: Simple keepalived failover setup on Ubuntu 14.04

hookenz
  • 14,132
  • 22
  • 86
  • 142
  • So byt the method you are suggesting do i need a seperate nginx server or not? Could you please clarify this? – Ronak May 11 '17 at 05:37
  • Correct. A separate phydical machine. Although if you were to host this on amazon or Google they have a loadbalancer service and all that ha stuff is handled for you. That might be a better long term plan rather than self hosting. – hookenz May 11 '17 at 09:08
  • I might vote to close your question... is not clear what you are asking. I'm guessing. – hookenz May 11 '17 at 09:12
  • @Ronak, Mat in his answer offer you solution, how to make failover for your revers-proxy. Keepalived could be installed on revers-proxy machines, so you'll have two reverse-proxy machines with one shared IP-address. – Alexander Tolkachev May 12 '17 at 14:11