HAProxy Load Balancing IIS with Sticky Session and SSL

HAProxy is a very good candidate for load balancing in a web cluster with high availability, even for Windows IIS servers! In its newer versions (1.5.x), HAProxy supports native SSL which makes it suitable for even enterprise level web applications with high traffic. It also supports sticky session which is useful when no session management is implemented. I know that the best option is to use centralized session management out of the box, but considering the fact that this central session manager will be point of failure (at least in IIS) and needs care, sticky session can be a good choice for some small to medium environments with short aged session applications.

Here, I will show how to configure HAProxy 1.5.x to support backend IIS servers with SSL (https) and sticky sessions.

– If you have IIS certificate, export it and use ‘openssl’ in Linux to convert it to appropriate format and put it in a protected directory.

– For SSL termination (HAProxy sends certificate to the users and takes over https protocol between user and load balancer), configurations is as follows:

  • frontend https-in
    bind *:443 ssl crt /etc/ssl/private/company.com.pem
    reqadd X-Forwarded-Proto:\ https
    default_backend application-backend

– To deploy sticky session, specify ’round robin’ as balancing policy and configure backend cluster part as follows. the key line is ‘cookie SERVERID insert indirect’:

  • backend application-backend
    balance roundrobin
    option httpclose
    option forwardfor
    cookie SERVERID insert indirect nocache
    server WEB-001 192.168.x.1:80 cookie A check
    server WEB-002192.168.x.2:80 cookie B check
    server WEB-003 192.168.x.3:80 cookie C check

To have more information about different policies and different session behaviours, read here.

Microsoft Web Farm Framework Installation Tips for Windows 2008 R2

Microsoft Web Farm Framework can be very useful for system administrators, especially when they have to manage multiple web servers (IIS) in a cluster behind load balancer. It makes the task of updating web applications much easier because the only server that you need to update would be Primary server. It’s also integrated with ARR for load balancing and scaling web servers. Its installation and configuration is fairly easy but if you have Windows Server 2008 R2, you must be careful to satisfy the exact system requirements it needs. In specific, for Controller server these are important modules which should be installed:

  • Microsoft Web Platform Installer V3 (Web PI v3) AND NOT LATER VERSIONS
  • Microsoft Web Deploy v2 AND NOT LATER VERSIONS

I’m emphasizing on not installing later versions because newer versions exist on the market (actually Microsoft) but newer versions are not compatible with WFF. So, if you install Web Platform Installer 4.6 or Web Deploy 3.5 on Controller, WFF installation will fail. To get Web Platform 3 and other components, go to the following download links:

http://www.microsoft.com/en-ca/download/details.aspx?id=6164   (Web Platform Installer)
http://www.microsoft.com/en-ca/download/details.aspx?id=25230 (Web Deploy 2)
http://www.microsoft.com/en-us/download/details.aspx?id=27723  (Web Farm Framework)

If you have Windows 2012, your job is easier because Web Farm is kind of native feature there.

p.s – good HOW TO about using Microsoft Web Farm Framework

Introducing the Microsoft Web Farm Framework
Creating a Server Farm with the Web Farm Framework