Installing and Configuring Alfresco Community Edition: A Comprehensive Guide — Parto 03

HAProxy Load Balancer with Alfresco Session Persistence

This document outlines the steps for installing, configuring, and managing HAProxy as a load balancer for your Alfresco servers, ensuring session persistence.

1. Installation and Configuration of HAProxy

1.1. Install HAProxy

• Explanation: This command installs the HAProxy package using the yum package manager. Adjust the command based on your Linux distribution (e.g., apt install haproxy for Debian/Ubuntu).

yum -y install haproxy

1.2. Edit the Configuration File (/etc/haproxy/haproxy.cfg)

• Explanation: This step involves editing the HAProxy configuration file. Make sure to back up the original file before making changes.

sudo nano /etc/haproxy/haproxy.cfg

• Add the following lines at the end:

frontend http-in
    bind *:80
    http-request redirect scheme https code 301  # Force HTTPS redirection

frontend https-in
    bind *:443 ssl crt /etc/haproxy/ssl force-tlsv12  # Secure HTTPS binding
    #mode http                                 # Uncomment for HTTP mode (optional)
    acl go_share hdr_beg(host) -i ecm.domain.com   # Allow traffic for ecm.domain.com host
    ### Access Control Lists (ACLs)
    acl robots           path_reg ^/robots.txt$
    acl alfresco_path    path_reg ^/alfresco/.*
    acl share_path       path_reg ^/share/.*/proxy/alfresco/api/solr/.*
    acl share_redirect   path_reg ^$|^/$
    acl cockpit_path     path_reg ^/cockpit/.*
    ###
    http-request deny if alfresco_path go_share  # Deny Alfresco requests for ecm.domain.com
    redirect location /share/ if share_redirect go_share  # Redirect root and empty paths to share
    use_backend share if share_redirect              # Use share backend for redirected paths
    use_backend cockpit if cockpit_path               # Use cockpit backend for cockpit paths
    default_backend share                            # Default backend for all other traffic
backend share
    stats enable
    stats hide-version
    stats uri /monitor
    stats refresh 2s
    balance roundrobin                                # Round-robin load balancing
    option httpchk GET /share                       # Health check for backend servers
    cookie JSESSIONID prefix                         # Maintain session IDs with prefix
    server ecm1.domain.com XXX.XXX.XXX.XXX:80 check cookie ecm1 check inter 5000  # Backend server definition
    server ecm2.domain.com XXX.XXX.XXX.XXX:80 check cookie ecm2 check inter 5000

Explanation of Configuration Options:

• frontend http-in: Defines a frontend that listens on port 80 and redirects all traffic to HTTPS.
• frontend https-in: Defines a frontend that listens on port 443 with SSL encryption using the certificate stored at /etc/haproxy/ssl. It enforces TLSv1.2 for secure communication (uncomment mode http for HTTP mode if necessary).
• acl directives: Define access control lists (ACLs) to route traffic based on path or host header.
• http-request deny if alfresco_path go_share: Prevents direct access to Alfresco paths on ecm.domain.com.
• redirect location /share/ if share_redirect go_share: Redirects root and empty paths to /share/.
• use_backend directives: Route traffic to specific backends based on ACL matches.
• default_backend share: Sets the default backend for unmatched requests.
• backend share: Defines a backend named "share" that uses round-robin load balancing, performs health checks using GET /share, and maintains session IDs with the JSESSIONID cookie prefix.
• server directives: Define the Alfresco servers (ecm1.domain.com and ecm2.domain.com) with their IP addresses, ports, and health check options.

Part 01 : https://medium.com/p/6ddd06416711

Part 02 : https://medium.com/p/8a95c6fbf117