load-balancer-setup

仓库: aj-geddes/useful-ai-prompts
安装量: 121
排名: #7080

安装

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill load-balancer-setup

Load Balancer Setup Overview

Deploy and configure load balancers to distribute traffic across multiple backend servers, ensuring high availability, fault tolerance, and optimal resource utilization across your infrastructure.

When to Use Multi-server traffic distribution High availability and failover Session persistence and sticky sessions Health checking and auto-recovery SSL/TLS termination Cross-region load balancing API rate limiting at load balancer DDoS mitigation Implementation Examples 1. HAProxy Configuration

/etc/haproxy/haproxy.cfg

global log stdout local0 log stdout local1 notice maxconn 4096 daemon

# Security
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2

defaults log global mode http option httplog option denylogin option forwardfor option http-server-close

# Timeouts
timeout connect 5000
timeout client 50000
timeout server 50000

# Stats
stats enable
stats uri /stats
stats refresh 30s
stats admin if TRUE

Frontend - Public facing

frontend web_frontend bind :80 bind :443 ssl crt /etc/ssl/certs/myapp.pem mode http option httplog

# Redirect HTTP to HTTPS
http-request redirect scheme https if !{ ssl_fc }

# Logging
log /dev/log local0 debug

# Rate limiting
stick-table type ip size 100k expire 30s store http_req_rate(10s)
http-request track-sc0 src
http-request deny if { sc_http_req_rate(0) gt 100 }

# ACLs
acl is_websocket hdr(Upgrade) -i websocket
acl is_api path_beg /api/
acl is_health path /health
acl is_static path_beg /static/

# Route to appropriate backend
use_backend health_backend if is_health
use_backend api_backend if is_api
use_backend static_backend if is_static
use_backend web_backend if is_websocket
default_backend web_backend

Frontend for internal API

frontend internal_api_frontend bind 127.0.0.1:8080 mode http default_backend stats_backend

Health check backend

backend health_backend mode http balance roundrobin server local 127.0.0.1:8080 check

Main web backend

backend web_backend mode http balance roundrobin

# Session persistence
cookie SERVERID insert indirect nocache

# Compression
compression algo gzip
compression type text/html text/plain text/css application/json

# Servers with health checks
server web1 10.0.1.10:8080 check cookie web1 weight 5
server web2 10.0.1.11:8080 check cookie web2 weight 5
server web3 10.0.1.12:8080 check cookie web3 weight 3

# Health check configuration
option httpchk GET /health HTTP/1.1\r\nHost:\ localhost
timeout check 5s

API backend with connection limits

backend api_backend mode http balance least_conn maxconn 1000

option httpchk GET /api/health
timeout check 5s

server api1 10.0.2.10:3000 check weight 5
server api2 10.0.2.11:3000 check weight 5
server api3 10.0.2.12:3000 check weight 3

Static file backend

backend static_backend mode http balance roundrobin

# Cache control for static files
http-response set-header Cache-Control "public, max-age=31536000, immutable"

server static1 10.0.3.10:80 check
server static2 10.0.3.11:80 check

Stats backend

backend stats_backend stats enable stats uri /stats stats refresh 30s

  1. AWS Application Load Balancer (CloudFormation)

aws-alb-cloudformation.yaml

AWSTemplateFormatVersion: '2010-09-09' Description: 'Application Load Balancer with Target Groups'

Parameters: VpcId: Type: AWS::EC2::VPC::Id Description: VPC ID SubnetIds: Type: List Description: Public subnet IDs for ALB Environment: Type: String Default: production AllowedValues: [dev, staging, production]

Resources: # Security Group for ALB LoadBalancerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security group for ALB VpcId: !Ref VpcId SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: -1 CidrIp: 0.0.0.0/0 Tags: - Key: Name Value: !Sub '${Environment}-alb-sg'

# Application Load Balancer ApplicationLoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Name: !Sub '${Environment}-alb' Type: application Scheme: internet-facing SecurityGroups: - !Ref LoadBalancerSecurityGroup Subnets: !Ref SubnetIds Tags: - Key: Environment Value: !Ref Environment

# HTTP Listener (redirect to HTTPS) HttpListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: redirect RedirectConfig: Protocol: HTTPS Port: '443' StatusCode: HTTP_301 LoadBalancerArn: !Ref ApplicationLoadBalancer Port: 80 Protocol: HTTP

# HTTPS Listener HttpsListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref WebTargetGroup LoadBalancerArn: !Ref ApplicationLoadBalancer Port: 443 Protocol: HTTPS Certificates: - CertificateArn: !Sub 'arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/xxxxxxxx'

# Target Group for Web Servers WebTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Sub '${Environment}-web-tg' Port: 8080 Protocol: HTTP VpcId: !Ref VpcId TargetType: instance

  # Health Check
  HealthCheckEnabled: true
  HealthCheckPath: /health
  HealthCheckProtocol: HTTP
  HealthCheckIntervalSeconds: 30
  HealthCheckTimeoutSeconds: 5
  HealthyThresholdCount: 2
  UnhealthyThresholdCount: 3

  # Stickiness
  TargetGroupAttributes:
    - Key: deregistration_delay.timeout_seconds
      Value: '30'
    - Key: stickiness.enabled
      Value: 'true'
    - Key: stickiness.type
      Value: 'lb_cookie'
    - Key: stickiness.lb_cookie.duration_seconds
      Value: '86400'

# Target Group for API ApiTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Sub '${Environment}-api-tg' Port: 3000 Protocol: HTTP VpcId: !Ref VpcId TargetType: instance

  HealthCheckPath: /api/health
  HealthCheckIntervalSeconds: 15
  HealthCheckTimeoutSeconds: 5
  HealthyThresholdCount: 2
  UnhealthyThresholdCount: 2

# Listener Rule for API routing ApiListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: Actions: - Type: forward TargetGroupArn: !Ref ApiTargetGroup Conditions: - Field: path-pattern Values: ['/api/*'] ListenerArn: !Ref HttpsListener Priority: 1

Outputs: LoadBalancerDNS: Description: DNS name of the ALB Value: !GetAtt ApplicationLoadBalancer.DNSName LoadBalancerArn: Description: ARN of the ALB Value: !Ref ApplicationLoadBalancer WebTargetGroupArn: Description: ARN of Web Target Group Value: !Ref WebTargetGroup ApiTargetGroupArn: Description: ARN of API Target Group Value: !Ref ApiTargetGroup

  1. Load Balancer Health Check Script

!/bin/bash

health-check.sh - Monitor backend health

set -euo pipefail

BACKENDS=("10.0.1.10:8080" "10.0.1.11:8080" "10.0.1.12:8080") HEALTH_ENDPOINT="/health" TIMEOUT=5 ALERT_EMAIL="ops@myapp.com"

check_backend_health() { local backend=$1 local host=${backend%:} local port=${backend#:}

if timeout "$TIMEOUT" bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null; then
    if curl -sf --max-time "$TIMEOUT" "http://$backend$HEALTH_ENDPOINT" > /dev/null; then
        return 0
    fi
fi
return 1

}

main() { local unhealthy_backends=()

for backend in "${BACKENDS[@]}"; do
    if ! check_backend_health "$backend"; then
        unhealthy_backends+=("$backend")
        echo "WARNING: Backend $backend is unhealthy"
    else
        echo "OK: Backend $backend is healthy"
    fi
done

if [ ${#unhealthy_backends[@]} -gt 0 ]; then
    local message="Unhealthy backends detected: ${unhealthy_backends[*]}"
    echo "$message"
    echo "$message" | mail -s "Load Balancer Alert" "$ALERT_EMAIL"
    exit 1
fi

}

main "$@"

  1. Load Balancer Monitoring

prometheus-scrape-config.yaml

scrape_configs: - job_name: 'haproxy' static_configs: - targets: ['localhost:8404'] metrics_path: '/stats;csv' scrape_interval: 15s

  • job_name: 'alb' cloudwatch_sd_configs:
    • region: us-east-1 port: 443 relabel_configs:
    • source_labels: [__meta_aws_cloudwatch_namespace] action: keep regex: 'AWS/ApplicationELB'

Load Balancing Algorithms Round Robin: Sequential distribution Least Connections: Fewest active connections IP Hash: Based on client IP Weighted: Proportional to server capacity Random: Random distribution Best Practices ✅ DO Implement health checks Use connection pooling Enable session persistence when needed Monitor load balancer metrics Implement rate limiting Use multiple availability zones Enable SSL/TLS termination Implement graceful connection draining ❌ DON'T Allow single point of failure Skip health check configuration Mix HTTP and HTTPS without redirect Ignore backend server limits Over-provision without monitoring Cache sensitive responses Use default security groups Neglect backup load balancers Resources HAProxy Documentation AWS ELB/ALB/NLB Documentation Load Balancing Strategies

返回排行榜