Configure HAProxy for RabbitMQ
Highly available BRIX cluster architecture involves the interaction of BRIX application microservices with a RabbitMQ message broker cluster. To evenly balance traffic between RabbitMQ cluster servers, install a HAProxy configuration. This will ensure stable system operation in case of a failure.
Example of a HAProxy configuration for RabbitMQ
This configuration is prepared for load balancing traffic in a RabbitMQ cluster deployed according to the instructions in RabbitMQ cluster. HAProxy is used for this, providing the following:
- Balancing client connections (AMQP) coming to
haproxy-server.your_domain:5672 across the cluster servers. - Proxying client connections to the RabbitMQ web interface (HTTP-based API) coming to
haproxy-server.your_domain:15672.
In order to create a HAProxy configuration for RabbitMQ, follow these steps:
- Open the
haproxy.cfg configuration file for editing using the following command:
sudo nano /etc/haproxy/haproxy.cfg
- Edit the
haproxy.cfg configuration file:
Configuration example:
### RabbitMQ ###
listen rabbitmq
bind haproxy-server.your_domain:5672
mode tcp
balance roundrobin
server rabbitmq-server1 rabbitmq-server1.your_domain:5672 check inter 2s rise 2 fall 3
server rabbitmq-server2 rabbitmq-server2.your_domain:5672 check inter 2s rise 2 fall 3
server rabbitmq-server3 rabbitmq-server3.your_domain:5672 check inter 2s rise 2 fall 3
listen rabbitmq_management
bind haproxy-server.your_domain:15672
balance source
server rabbitmq-server1 rabbitmq-server1.your_domain:15672 check inter 2s
server rabbitmq-server2 rabbitmq-server2.your_domain:15672 check inter 2s
server rabbitmq-server3 rabbitmq-server3.your_domain:15672 check inter 2s
### RabbitMQ ###
|
Example of a HAProxy configuration with SSL
Enabling SSL is possible if OpenSSL support is built in. In the crt parameter, specify the path to the PEM file containing the required certificates and associated private keys (fullchain certificate). If the file does not contain a private key, HAProxy will attempt to load the key from the same path with a .key suffix.
If a directory name is used instead of a PEM file, all files found in that directory will be loaded in alphabetical order, excluding files ending in .issuer, .ocsp, and .sctl (reserved solutions).
In the ca-file parameter, specify the path to the PEM file containing the root certificate. For more details, refer to the Configuration Manual for the used version of HAProxy. Example for HAProxy 2.5:
### RabbitMQ ###
listen rabbitmq
bind haproxy-server.your_domain:5671 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem
mode tcp
balance roundrobin
server rabbitmq-server1 rabbitmq-server1.your_domain:5671 check inter 2s rise 2 fall 3 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
server rabbitmq-server2 rabbitmq-server2.your_domain:5671 check inter 2s rise 2 fall 3 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
server rabbitmq-server3 rabbitmq-server3.your_domain:5671 check inter 2s rise 2 fall 3 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
listen rabbitmq_management
bind haproxy-server.your_domain:15671 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem
balance source
server rabbitmq-server1 rabbitmq-server1.your_domain:15671 check inter 2s ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
server rabbitmq-server2 rabbitmq-server2.your_domain:15671 check inter 2s ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
server rabbitmq-server3 rabbitmq-server3.your_domain:15671 check inter 2s ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem
### RabbitMQ ###
|
- Restart HAProxy to apply changes:
sudo systemctl restart haproxy
