HAProxy is a very good candidate for load balancing in a web cluster with high availability, even for Windows IIS servers! In its newer versions (1.5.x), HAProxy supports native SSL which makes it suitable for even enterprise level web applications with high traffic. It also supports sticky session which is useful when no session management is implemented. I know that the best option is to use centralized session management out of the box, but considering the fact that this central session manager will be point of failure (at least in IIS) and needs care, sticky session can be a good choice for some small to medium environments with short aged session applications.
Here, I will show how to configure HAProxy 1.5.x to support backend IIS servers with SSL (https) and sticky sessions.
– If you have IIS certificate, export it and use ‘openssl’ in Linux to convert it to appropriate format and put it in a protected directory.
– For SSL termination (HAProxy sends certificate to the users and takes over https protocol between user and load balancer), configurations is as follows:
- frontend https-in
bind *:443 ssl crt /etc/ssl/private/company.com.pem
reqadd X-Forwarded-Proto:\ https
– To deploy sticky session, specify ’round robin’ as balancing policy and configure backend cluster part as follows. the key line is ‘cookie SERVERID insert indirect’:
- backend application-backend
cookie SERVERID insert indirect nocache
server WEB-001 192.168.x.1:80 cookie A check
server WEB-002192.168.x.2:80 cookie B check
server WEB-003 192.168.x.3:80 cookie C check
To have more information about different policies and different session behaviours, read here.