Crowd Data Center load balancer configuration examples
Crowd Data Center relies on a load balancer to balance traffic between the nodes. Many larger installations of Crowd already have a reverse proxy configured, and many reverse proxies have the ability to perform load balancing as well.
The exact configuration depends on the load balancer you chose to use. The load balancer should be able to:
- handle routing HTTP/HTTPS traffic to one of the active Crowd Data Center cluster nodes
- determine whether the node is available or not, and if not, routing requests to a different available node
- provide session affinity ('sticky sessions') to make sure that all requests from during a user's session are routed to the same node. We recommend delegating sticky session handling to the load balancer entirely (ie. having the load balancer set the session cookie, rather than relying on the application nodes - see the examples below)
- support health checks so that you can configure it to perform a check on
http://<crowd-node>:8095/status; the <crowd-node>is the node's hostname or IP address. If the node doesn't respond with a 200 OK HTTP response within a reasonable time, the load balancer should not direct any traffic to it.
EXAMPLE Apache, using mod_proxy_balancer
This is a sample configuration for Apache HTTP Server, using mod_proxy_balancer to route incoming requests, providing session stickiness by setting a ROUTEID cookie with the chosen route, and using that information to route subsequent requests.
<VirtualHost *:80>
ProxyRequests off
ServerName MyCompanyServer
# This makes Apache set a ROUTEID cookie, to provide session affinity
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://crowdcluster>
# Crowd node 1 (make sure there are no trailing slashes after port number)
BalancerMember http://crowd1.internal.atlassian.com:8095 route=node1
# Crowd node 2 (make sure there are no trailing slashes after port number)
BalancerMember http://crowd2.internal.atlassian.com:8095 route=node2
# Security "we aren't blocking anyone but this the place to make those changes
Order Deny,Allow
Deny from none
Allow from all
# Load Balancer Settings, use the ROUTEID cookie to provide sticky sessions
ProxySet lbmethod=byrequests
ProxySet stickysession=ROUTEID
</Proxy>
# Here's how to enable the load balancer's management UI if desired
<Location /balancer-manager>
SetHandler balancer-manager
# You SHOULD CHANGE THIS to only allow trusted ips to use the manager
Order deny,allow
Allow from all
</Location>
# Don't reverse-proxy requests to the management UI
ProxyPass /balancer-manager !
# Reverse proxy all other requests to the Crowd cluster
ProxyPass / balancer://crowdcluster/
ProxyPreserveHost on
ProxyPassReverse / balancer://mycluster/
</VirtualHost>EXAMPLE HAProxy
This is an example configuration for HAProxy, providing session stickiness by setting the ROUTEID cookie with the chosen route, and using that information to route subsequent requests.
global
log 127.0.0.1 local0
log 127.0.0.1 local1 debug
maxconn 4096
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
frontend localnodes
bind *:8000
mode http
default_backend nodes
backend nodes
mode http
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
cookie ROUTEID insert nocache
server node1 http://crowd1.internal.atlassian.com:8095 check cookie node1
server node2 http://crowd2.internal.atlassian.com:8095 check cookie node2