Configure Load Balancer
Load Balancer (LB) balances the load among multiple network components and optimizes resource usage to avoid system malfunctions caused by overload. LB is not a mandatory component in EMQX, but it can bring some obvious system benefits, for example:
- Balance the load of EMQX to avoid single node overload;
- Simplify client configuration, the client only needs to connect to the LB and need not worry about the scaling within the cluster;
- Reduce the load of EMQX clusters by TLS/SSL termination;
- Improve cluster security, with LB configured at the front end of the cluster, unwanted traffic can be blocked to protect the EMQX cluster from malicious attacks.
This chapter introduces how to configure LB in EMQX.
Architecture
For an EMQX cluster configured with LB, the LB handles the incoming TCP traffic and then distributes the received MQTT connection requests and messages to different EMQX nodes. The typical deployment architecture is as follows:
Deployment Architecture
EMQX cluster can be deployed as an IoT access service (IoT Hub). Currently, EMQ provides free software images out of the box on cloud service providers such as QingCloud, Aliyun, and AWS. For special hardware platforms and system versions such as Raspberry Pi and Linux ARM, source code compilation and installation can be used.
If SSL/TLS is enabled, it is recommended to terminate the SSL/TLS connection at LB, that is, to use SSL/TLS to secure the connection between clients and LB and then use TCP connection between LB and EMQX nodes, maximizing the performance of the EMQX cluster. The architecture is as follows:
TIP
You can also use DNS polling for load balancing for test or development purposes.
Select an LB Product
Many load-balancing products are currently available, including open-source and commercial editions, and public cloud providers also have their load-balancing services.
LB products for public cloud:
| Cloud provider | SSL Termination | LB Product |
|---|---|---|
| AWS | Yes | https://aws.amazon.com/elasticloadbalancing/?nc1=h_ls |
| Azure | Unknown | https://azure.microsoft.com/en-us/products/load-balancer/ |
| Google Cloud | Yes | https://cloud.google.com/load-balancing |
LB products for private cloud:
| Open-Source LB | SSL Termination | DOC/URL |
|---|---|---|
| HAProxy | Yes | https://www.haproxy.com/solutions/load-balancing.html |
| NGINX | Yes | https://www.nginx.com/solutions/load-balancing/ |
The following section takes the HAProxy or NGINX as an example to illustrate how to configure an LB in EMQX cluster.
Configure HAProxy/NGINX in EMQX
Suppose you have a cluster with 2 EMQX nodes, with emqx1 on 192.168.0.2 and emqx2 on 192.168.0.3, you can follow the steps below to add HAProxy or NGINX as the LB.
Enable Proxy Protocol
To configure the HAProxy or Nginx on port 1883, you first need to enable the configuration item proxy_protocol in etc/listeners.conf by setting it to on
Code Example:
listener.tcp.external.proxy_protocol = onTIP
For proxy protocols and that used in Nginx, see:
Configure HAProxy/NGINX
Prerequisite: HAProxy installed. For detailed introduction and installation of HAProxy, see HAProxy website.
To configure HAProxy as the LB for EMQX and terminate the SSL connection, you can modify /etc/haproxy/haproxy.cfg following the code example below.
In this example, you have a cluster that handles a maximum of 50,000 concurrent connections (maxconn). You want to configure the HAProxy to monitor all incoming traffic encrypted in SSL (with SSL certificate located at /etc/ssl/emqx/emq.pem) on port 8883 and also to terminate the SSL connectoin, using the source load balancing algorithm.
listen mqtt-ssl
bind *:8883 ssl crt /etc/ssl/emqx/emq.pem no-sslv3
mode tcp
maxconn 50000
timeout client 600s
default_backend emqx_cluster
backend emqx_cluster
mode tcp
balance source
timeout server 50s
timeout check 5000
server emqx1 192.168.0.2:1883 check inter 10000 fall 2 rise 5 weight 1
server emqx2 192.168.0.3:1883 check inter 10000 fall 2 rise 5 weight 1Note: The file path may differ based on your installation mode.