Load balancing adalah proses pendistribusian lalu lintas (traffic) ke beberapa server backend untuk meningkatkan ketersediaan (High Availability / HA) dan skalabilitas. Selain menggunakan HAProxy, Anda dapat memanfaatkan modul proxy dalam Apache sehingga tidak perlu menginstal layanan tambahan.
Mengaktifkan Modul Apache #
Aktifkan modul-modul proxy dan load balancer berikut:
a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html lbmethod_byrequestsKonfigurasi Reverse Proxy #
Buat atau edit file konfigurasi virtual host:
nano /etc/apache2/sites-available/web.confContoh konfigurasi dasar dengan dukungan WebSocket:
# -----------------------------
# HTTP → HTTPS REDIRECT
# -----------------------------
<VirtualHost *:80>
ServerName yourserver.com
<Location "/.well-known/acme-challenge/">
DocumentRoot /home/user/public_html
</Location>
Redirect permanent / https://yourserver.com/
</VirtualHost>
# -----------------------------
# HTTPS VirtualHost
# -----------------------------
<VirtualHost *:443>
ServerName yourserver.com
ServerAdmin [email protected]
# SSL/TLS Hardening
SSLEngine on
SSLCertificateFile /etc/ssl/certs/yourserver.com-combined.pem
SSLCertificateKeyFile /etc/ssl/private/yourserver.com.key
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder On
SSLCompression Off
SSLSessionCache shmcb:/var/log/apache2/ssl_gcache(512000)
SSLSessionCacheTimeout 300
# Security Headers
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json image/svg+xml
</IfModule>
# Proxy Settings
ProxyPreserveHost On
ProxyTimeout 300
ConnectionTimeout 10
# WebSocket / Socket.IO Support
RewriteEngine On
RewriteCond %{HTTP:Connection} "Upgrade" [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) "ws://127.0.0.1:30000/$1" [P,L]
# Exclude /.well-known from proxy
<Location "/.well-known">
ProxyPass !
</Location>
# Main Proxy
<Location />
ProxyPass http://127.0.0.1:30000/ timeout=300
ProxyPassReverse http://127.0.0.1:30000/
</Location>
# Logging
SetEnvIf Request_URI "^/health$" dontlog
SetEnvIf Request_URI "^/favicon\.ico$" dontlog
ErrorLog /var/log/apache2/yourserver.com.err
CustomLog /var/log/apache2/yourserver.com.log combined env=!dontlog
</VirtualHost>Konfigurasi Load Balancing #
Untuk menggunakan fitur load balancing di Apache, definisikan balancer dan daftar server backend:
# -----------------------------
# BALANCER CONFIGURATION
# -----------------------------
<Proxy "balancer://mycluster">
# Backend 1
BalancerMember http://127.0.0.1:8080 retry=5 timeout=15
# Backend 2
BalancerMember http://127.0.0.1:8081 retry=5 timeout=15
# Load balancing method (byrequests / bytraffic / bybusyness / heartbeat)
ProxySet lbmethod=byrequests
# Enable sticky session (JSESSIONID example)
# Replace with your app's session cookie.
# ProxySet stickysession=JSESSIONID
# Health Check
ProxySet status=+H
</Proxy>
# -----------------------------
# HTTP → HTTPS REDIRECT
# -----------------------------
<VirtualHost *:80>
ServerName yourserver.com
<Location "/.well-known/acme-challenge/">
DocumentRoot /home/user/public_html
</Location>
RewriteEngine On
RewriteRule ^/(.*)$ https://yourserver.com/$1 [L,R=301]
</VirtualHost>
# -----------------------------
# HTTPS VIRTUALHOST WITH BALANCER
# -----------------------------
<VirtualHost *:443>
ServerName yourserver.com
# SSL Certificates
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourserver.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
ProxyPreserveHost On
ProxyTimeout 300
ConnectionTimeout 10
SSLProxyEngine On
# Security Headers
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Frame-Options "DENY"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin"
Header always set X-XSS-Protection "1; mode=block"
# WebSocket support
RewriteEngine On
RewriteCond %{HTTP:Connection} "Upgrade" [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://balancer://mycluster/$1 [P,L]
# Exclude /.well-known from proxy
<Location "/.well-known">
ProxyPass !
</Location>
# Routing HTTP traffic to balancer
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
ErrorLog /var/log/apache2/web-error.log
CustomLog /var/log/apache2/web-access.log combined
</VirtualHost>
Sesuaikan address backend (8080, 8081, dll.) dengan aplikasi Anda.
Restart Apache #
Setelah konfigurasi selesai, restart Apache agar perubahan diterapkan:
systemctl restart apache2
