ThingWorx High Availability > HAProxy Example
HAProxy Example
HAProxy information
Information on HAProxy is available at the following locations:
HAProxy Example Configuration
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor
timeout connect 4s
timeout client 20s
timeout server 20s
timeout client-fin 20s
timeout tunnel 1h
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ft_app
bind *:80 name app
reqadd X-Forwarded-Proto:\ http
default_backend bk_app

frontend www-https
bind *:443 ssl crt /etc/ssl/thingworx/thingworx.pem
reqadd X-Forwarded-Proto:\ https
default_backend bk_app

backend bk_app
stick-table type ip size 1
stick on dst
# Server s1 and server s2 are ThingWorx server nodes 1 and 2.
server s1 10.68.75.208:8080 check
server s2 10.68.75.208:8081 check backup
option httpchk GET /Thingworx/Admin/HA/LeaderCheck HTTP/1.0\r\nAuthorization:\ Basic\ QWRtaW5pc3RyYXRvcjphZG1pbg==
Multiple HAProxy Setup
For a multiple HAProxy setup, do the following:
1. Install HAProxy on two servers.
2. Install Keepalived on the same two servers.
sudo apt-get install keepalived
sudo vi /etc/sysctl.conf
3. Add the following line to the end of the file:
net.ipv4.ip_nonlocal_bind=1
4. Save and close.
sudo sysctl -p
sudo vi /etc/keepalived/keepalived.conf
5. Add the following to keepalived.conf:
# Settings for notifications
global_defs {
}

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
fall 2
rise 2
}

# Configuation for the virtual interface
vrrp_instance VI_1 {
interface eth0
state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine
virtual_router_id 51
advert_int 1
lvs_sync_daemon_interface eth0
authentication {
auth_type AH
auth_pass myPassw0rd # Set this to some secret phrase
}

# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
192.168.234.200
}

# Use the script above to check if we should fail over
track_script {
chk_haproxy
}
}
6. Save and exit.
sudo service keepalived start
7. Go to the other server, and set up Keepalived as described above with the only difference in keepalived.conf:
Set

state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine

to

state BACKUP
priority 100
8. Start ThingWorx, HAProxy, and the other Keepalived process.
Go to 192.168.234.200/ThingWorx in a browser to verify you have HAProxy.
Was this helpful?