Here you will get the solution to many problems like why it is important to use Load Balancer and how haproxy is solving our problems related to security as well as of load balancing, we will also deploy Web servers on the AWS instances through Ansible. These webservers are accessible for the client through the Load balancer.
In this article we will setup same setup on the AWS cloud with 1 system as Load Balancer and 2 system as backend server and in my last article I have configure this setup on Virtual Machines in my local system.
When we set up a system to work as a webserver it can handle some limited number of clients, so for the best user experience company runs many servers which provide the same services so the client can access the services without any interruption but every webserver is having its own IP address so the client has to remember every IP address which is not possible and if the client can directly interact with backend server its also a serious problem as the attacker can access my critical information.
So to solve this issue we use Load Balancer which not only balances the load but also provides the security as it uses Reverse proxy and now client don't have to remember all the Ip of backend server by just using single IP of load balancer they can access the server and now load balancer will automatically distribute the load between the webserver to ensure the smooth flow of network traffic between clients and servers.
So what is Reverse proxy?
A Reverse Proxy Server, sometimes also called a reverse proxy web server, often a feature of a load balancing solution, stands between web servers and users, similar to a forward proxy. However, unlike the forward proxy which sits in front of users, guarding their privacy, the reverse proxy sits in front of web servers and intercepts requests. In other words, a reverse proxy acts on behalf of the server, while a proxy acts for the client.
A reverse proxy server acts as a middleman, communicating with the users so the users never interact directly with the origin servers. It also balances client requests based on location and demand and offers additional security.
So let's start implementation by updating the inventory file:
This time as we are using AWS we don't have any limitation on RAM and CPU so now I will not use my Controller node as Target node for this I have three systems as Target node( one for HAProxy and 2 as backend server) and one system as my Ansible controller node.
Now updating the IP of the target node in the inventory file as well
We have created two group one group will contain all the system which we want to configure as the HAProxy and another group is the systems which we want to configure as the backend server so by this we don't have to write the every IP in the playbook by just include this name it will automatically fetch all the IP available in this group and we have not used any password for login as for this we will use the private file as it more secured over tradition login and password and the location of that file we will give in the configuration file of the ansible.
Now updating the configuration file of the Ansible
Here we have specified the path of the private key which is required by the ansible to login into the OS for configuration management and we have also given privilege escalation as in the instance we have an “ec2-user” user which have sudo power of root enabled so to run the task on the behalf of root user see use privilege escalation.
Now we have to check if the IP is connecting or not and for that, we will use ping command of ansible.
Now we will write the playbook for achieving the required architecture
In my previous article, I have explained this part in very detail so read my last article if you haven't read it. We have created a separate variable file where all these info is saved as when other use my playbook then don’t have to look into code for changes they just go into the variable file and can make changes according to the requirement
Now let's check the playbook code for the load balancer and see if there is any change we have to make
We have only changed the name of the group which we have provided in the inventory file and by using this group we don't have to specify all the IP of load balancer by using this group name it will automatically run this code on all the IP present in this group.
We have also used the template module to configure haproxy configuration file so let's see if we have made any change in the file.
Instead of writing the IP of a backend server, we used the jinja which will automatically extract the Ip of the backend server from the inventory file and using the for loop It will add all the IP of the backend server with the port of the backend server and in my case, it is running on the port 80, we also used the variable port_lb which will tell the load balancer to run the services on the port 8080 as port_lb contains 8080 value in the variable file.
Now writing code for backend server as well
This code will install httpd and php software and copy the index.php page which we want to host using the webserver.
Now let's run our playbook and check if there is an error or not
So as we can see there no error our playbook it ran successfully. Now we will try to connect with the webserver through the proxy server.
Ip of the proxy server is 184.108.40.206 so we will use the URL as http://220.127.116.11:8080/ here we have used 8080 as our load balancer is working on this port.
Now we will refresh the webpage
These 172.31.32.158 and 172.31.39.203 are private IP of my webserver running on the AWS cloud so by this we can clearly verify our setup is working fine.
Here is the Github link of the playbook and other files used in this practice.
Here you have learned how we can and configure the load balancer and webservers dynamically on AWS cloud and we also learned how to use private key login method using ansible. Here you can add how many web servers you want, only write the information about the operating system in an inventory file, and run the playbook that's it rest ansible will take care. Automation also makes these tasks less error-prone and makes it easier to spot the error.
I tried to explain as much as possible. Hope You learned Something from here.
Thanks for reading this article !!