Monthly Archives: June 2010

sysadmin web

Reverse proxy for sharepoint on Linux using HAProxy

At Nakheel, we needed to load balance a new sharepoint instance. Our new sharepoint is single sign on, and was running on 2 web servers which needed to be load balanced. We played around with Apache for a while, and it’s awesome proxy balancer, but it gave us the problem that it was always asking for a username and password.

Apache was used, since I have a reasonable amount of experience with it load balancing servers such as Webrick, etc. After a few frustrating hours of messing with NTLM, Christian proposed a few alternatives for this.

Having this in mind, we decided to go for HAProxy, to provide load balancing and a reverse proxy for our sharepoint instance. The good this is that it is a very simple tool, it accept HTTP conenctions, and forward them.

Below is our simplified /etc/haproxy/haproxy.cfg file

global
        maxconn 4096
        user haproxy
        group haproxy
        daemon
        # debug

defaults
        mode    http
        option  forwardfor
        log     127.0.0.1 local0 notice
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

backend sharepoint
        balance roundrobin
        option redispatch
        cookie SERVERID insert nocache
        server sp1      172.30.16.11:80  cookie spsrv01 weight 30 check
        server sp2      172.30.16.12:80  cookie spsrv02 weight 30 check

frontend httpid
        bind *:80
        acl hosts_sharepoint hdr_end(host) -i intranet.domain.com
        acl hosts_sharepoint hdr_end(host) -i intranet.domain.com:80
        use_backend sharepoint if hosts_sharepoint
        default_backend sharepoint

The configuration is very straightforward, and it got rid of our continuous username/password boxes, especially under firefox.

Hope this helps,
Michael