Crowd Data Center load balancer configuration examples

Crowd Data Center relies on a load balancer to balance traffic between the nodes. Many larger installations of Crowd already have a reverse proxy configured, and many reverse proxies have the ability to perform load balancing as well.

The exact configuration depends on the load balancer you chose to use. The load balancer should be able to:

  • handle routing HTTP/HTTPS traffic to one of the active Crowd Data Center cluster nodes
  • determine whether the node is available or not, and if not, routing requests to a different available node
  • provide session affinity ('sticky sessions') to make sure that all requests from during a user's session are routed to the same node. We recommend delegating sticky session handling to the load balancer entirely (ie. having the load balancer set the session cookie, rather than relying on the application nodes - see the examples below)
  • support health checks so that you can configure it to perform a check on http://<crowd-node>:8095/status; the <crowd-node> is the node's hostname or IP address. If the node doesn't respond with a 200 OK HTTP response within a reasonable time, the load balancer should not direct any traffic to it. 

EXAMPLE Apache, using mod_proxy_balancer

This is a sample configuration for Apache HTTP Server, using mod_proxy_balancer to route incoming requests, providing session stickiness by setting a ROUTEID cookie with the chosen route, and using that information to route subsequent requests. 

crowd-cluster.conf
<VirtualHost *:80>
        ProxyRequests off
 
        ServerName MyCompanyServer
        
        # This makes Apache set a ROUTEID cookie, to provide session affinity
		Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
        <Proxy balancer://crowdcluster>
                # Crowd node 1 (make sure there are no trailing slashes after port number)
                BalancerMember http://crowd1.internal.atlassian.com:8095 route=node1
                # Crowd node 2 (make sure there are no trailing slashes after port number)
                BalancerMember http://crowd2.internal.atlassian.com:8095 route=node2
 
                # Security "we aren't blocking anyone but this the place to make those changes
                Order Deny,Allow
                Deny from none
                Allow from all
 
                # Load Balancer Settings, use the ROUTEID cookie to provide sticky sessions
                ProxySet lbmethod=byrequests
                ProxySet stickysession=ROUTEID
        </Proxy>
 
        # Here's how to enable the load balancer's management UI if desired
        <Location /balancer-manager>
                SetHandler balancer-manager
 
                # You SHOULD CHANGE THIS to only allow trusted ips to use the manager
                Order deny,allow
                Allow from all
        </Location>
 
        # Don't reverse-proxy requests to the management UI
        ProxyPass /balancer-manager !
        # Reverse proxy all other requests to the Crowd cluster
        ProxyPass / balancer://crowdcluster/
        
        ProxyPreserveHost on
        ProxyPassReverse / balancer://mycluster/
</VirtualHost>

EXAMPLE HAProxy

This is an example configuration for HAProxy, providing session stickiness by setting the ROUTEID cookie with the chosen route, and using that information to route subsequent requests.

haproxy.cfg
global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 debug
    maxconn 4096
 
  defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option redispatch
    maxconn 2000
    timeout connect      5000
    timeout client      50000
    timeout server      50000
 
  frontend localnodes
    bind *:8000
    mode http
    default_backend nodes
 
  backend nodes
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    cookie ROUTEID insert nocache
    server node1 http://crowd1.internal.atlassian.com:8095 check cookie node1
    server node2 http://crowd2.internal.atlassian.com:8095 check cookie node2
Last modified on Aug 16, 2017

Was this helpful?

Yes
No
Provide feedback about this article

Not finding the help you need?

Ask the community

Powered by Confluence and Scroll Viewport.