Configure Load Balancer

Load Balancer (LB) balances the load among multiple network components and optimizes resource usage to avoid system malfunctions caused by overload. LB is not a mandatory component in EMQX, but it can bring some obvious system benefits, for example:

  • Balance the load of EMQX to avoid single node overload;
  • Simplify client configuration, the client only needs to connect to the LB and need not worry about the scaling within the cluster;
  • Reduce the load of EMQX clusters by TLS/SSL termination;
  • Improve cluster security, with LB configured at the front end of the cluster, unwanted traffic can be blocked to protect the EMQX cluster from malicious attacks.

This chapter introduces how to configure LB in EMQX.

Architecture

For an EMQX cluster configured with LB, the LB handles the incoming TCP traffic and then distributes the received MQTT connection requests and messages to different EMQX nodes. The typical deployment architecture is as follows:

TLS termination

If SSL/TLS is enabled, it is recommended to terminate the SSL/TLS connection at LB, that is, to use SSL/TLS to secure the connection between clients and LB and then use TCP connection between LB and EMQX nodes, maximizing the performance of the EMQX cluster. The architecture is as follows:

image

TIP

You can also use DNS polling for load balancing for test or development purposes.

Select an LB Product

Many load-balancing products are currently available, including open-source and commercial editions, and public cloud providers also have their load-balancing services.

LB products for public cloud:

Cloud providerSSL TerminationLB Product
AWSConfigure Load Balancer - 图3 (opens new window)Yeshttps://aws.amazon.com/elasticloadbalancing/?nc1=h_lsConfigure Load Balancer - 图4 (opens new window)
AzureConfigure Load Balancer - 图5 (opens new window)Unknownhttps://azure.microsoft.com/en-us/products/load-balancer/Configure Load Balancer - 图6 (opens new window)
Google CloudConfigure Load Balancer - 图7 (opens new window)Yeshttps://cloud.google.com/load-balancingConfigure Load Balancer - 图8 (opens new window)

LB products for private cloud:

Open-Source LBSSL TerminationDOC/URL
HAProxyConfigure Load Balancer - 图9 (opens new window)Yeshttps://www.haproxy.com/solutions/load-balancing.htmlConfigure Load Balancer - 图10 (opens new window)
NGINXConfigure Load Balancer - 图11 (opens new window)Yeshttps://www.nginx.com/solutions/load-balancing/Configure Load Balancer - 图12 (opens new window)

The following section takes the HAProxy or NGINX as an example to illustrate how to configure an LB in EMQX cluster.

Configure HAProxy/NGINX in EMQX

Suppose you have a cluster with 2 EMQX nodes, with emqx1 on 192.168.0.2 and emqx2 on 192.168.0.3, you can follow the steps below to add HAProxy or NGINX as the LB.

Enable Proxy Protocol

To configure the HAProxy or Nginx on port 1883, you first need to enable the configuration item proxy_protocol in emqx.conf by setting it to true, also specify the true source IP and the port number of the client:

Code Example:

  1. listeners.tcp.default {
  2.   bind = "0.0.0.0:1883"
  3.   proxy_protocol = true
  4. }

Where:

  • listeners.tcp.default is the name or identifier of the TCP listener configuration.
  • bind is the network interface and port the LB is bound, default: 1883
  • max_connections is the maximum number of concurrent connections allowed by the listener, default: infinity
  • proxy_protocol is to enable/disable the proxy protocol, it is a boolean, default: false.

TIP

For proxy protocols and that used in Nginx, see:

Configure HAProxy/NGINX

Prerequisite: HAProxy installed. For detailed introduction and installation of HAProxy, see HAProxy websiteConfigure Load Balancer - 图14 (opens new window).

To configure HAProxy as the LB for EMQX and terminate the SSL connection, you can modify /etc/haproxy/haproxy.cfg following the code example below.

In this example, you have a cluster that handles a maximum of 50,000 concurrent connections (maxconn). You want to configure the HAProxy to monitor all incoming traffic encrypted in SSL (with SSL certificate located at /etc/ssl/emqx/emq.pem) on port 8883 and also to terminate the SSL connectoin, using the source load balancing algorithm.

  1. listen mqtt-ssl
  2.   bind *:8883 ssl crt /etc/ssl/emqx/emq.pem no-sslv3
  3.   mode tcp
  4.   maxconn 50000
  5.   timeout client 600s
  6.   default_backend emqx_cluster
  8. backend emqx_cluster
  9.   mode tcp
  10.   balance source
  11.   timeout server 50s
  12.   timeout check 5000
  13.   server emqx1 192.168.0.2:1883 check inter 10000 fall 2 rise 5 weight 1
  14.   server emqx2 192.168.0.3:1883 check inter 10000 fall 2 rise 5 weight 1

Note: The file path may differ based on your installation mode.

Prerequisite: NGINX installed. For detailed introduction and installation of HAProxy, see Nginx websiteConfigure Load Balancer - 图15 (opens new window).

In this example, you want to configure the NGINX LB that listens for incoming connections on port 8883 encrypted in SSL and also to terminate the SSL connection, and then it will forward those connections to one of two upstream servers using the stream module.

To configure NGINX as the LB for EMQX and terminate the SSL connection, you can modify /etc/nginx/nginx.conf following the code example below.

  1. stream {
  2.   upstream stream_backend {
  3.       zone tcp_servers 64k;
  4.       hash $remote_addr;
  5.       server 192.168.0.2:1883 max_fails=2 fail_timeout=30s;
  6.       server 192.168.0.3:1883 max_fails=2 fail_timeout=30s;
  7.   }
  9.   server {
  10.       listen 8883 ssl;
  11.       status_zone tcp_server;
  12.       proxy_pass stream_backend;
  13.       proxy_buffer_size 4k;
  14.       ssl_handshake_timeout 15s;
  15.       ssl_certificate     /etc/emqx/certs/cert.pem;
  16.       ssl_certificate_key /etc/emqx/certs/key.pem;
  17.   }
  18. }

Note: The file path may differ based on your installation mode.