Setting up a load balancer on Windows Server
To ensure high availability and scalability of your IBM RPA server, you must set up a load balancer to distribute traffic among your server instances.
Prerequisites
- Windows Server 2012 or later
- Two or more servers with identical configurations and applications
- A network load balancing (NLB) cluster name
Procedure
Step 1: Install the Network Load Balancing Feature
- Open the Server Manager console.
- Click Add Roles and Features.
- Select Network Load Balancing and click Next.
- Choose the servers that will participate in the NLB cluster and click Next.
- Configure the NLB cluster settings, including the cluster name, IP address, and subnet mask.
- Click Install to install the NLB feature.
Step 2: Configure the NLB Cluster
- Open the Network Load Balancing Manager console.
- Right-click Network Load Balancing Clusters and select New Cluster.
- Enter the cluster name and IP address.
- Add the servers that will participate in the NLB cluster.
- Configure the cluster parameters, including the cluster operation mode and port rules.
Step 3: Create a Port Rule
- In the Network Load Balancing Manager console, right-click the NLB cluster and select New Port Rule.
- Enter the port number and protocol.
- Select the servers that will handle traffic for this port rule.
- Configure the port rule settings, including the filtering mode and affinity.
Step 4: Test the NLB Cluster
- Verify that the NLB cluster is functioning correctly by accessing the application or service from a client machine.
- Use the Network Load Balancing Manager console to monitor the NLB cluster and troubleshoot any issues.
Step 5: Configuring nginx for load balancing
IBM RPA uses nginx as the HTTP web server for both the IBM RPA API, IBM RPA Control Center, and the IBM WebSphere service.
You can use nginx as a load balancing service for your cluster. For more information about how to use nginx as a load balancer for IBM WebSphere applications, download the Using NGINX to Load Balance IBM WebSphere guide.
Configure your nginx.conf file according to your servers. The following sample file demonstrates how to configure nginx for 2 servers in the cluster.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
# proxy_cache_path NGINX_cache/ keys_zone=backcache:10m;
# map $http_upgrade $connection_upgrade {
# default upgrade;
# '' close;
# }
upstream apiserver {
server <SERVER1_IP>:<API_PORT>;
server <SERVER2_IP>:<API_PORT>;
}
upstream uiserver {
server <SERVER1_IP>:<CONTROL_CENTER_PORT>;
server <SERVER2_IP>:<CONTROL_CENTER_PORT>;
}
upstream chatbotserver {
server <SERVER1_IP>:<CHATBOTSERVER_PORT>;
server <SERVER2_IP>:<CHATBOTSERVER_PORT> backup;
}
upstream websphere {
ip_hash;
server <SERVER1_IP>:9443;
server <SERVER2_IP>:9443;
}
server {
listen <API_PORT> ssl;
ssl_certificate CERTIFICATE.pem;
ssl_certificate_key CERTIFICATE.key;
location / {
proxy_pass https://apiserver;
}
}
server {
listen <CONTROL_CENTER_PORT> ssl;
ssl_certificate CERTIFICATE.pem;
ssl_certificate_key CERTIFICATE.key;
location / {
proxy_pass https://uiserver;
}
}
server {
listen <CHATBOTSERVER_PORT> ssl;
ssl_certificate CERTIFICATE.pem;
ssl_certificate_key CERTIFICATE.key;
location / {
proxy_pass https://chatbotserver;
}
}
server {
listen 9443 ssl;
ssl_certificate CERTIFICATE.pem;
ssl_certificate_key CERTIFICATE.key;
ssl_client_certificate RootCA.pem;
ssl_verify_client optional;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
# proxy_cache backcache;
proxy_pass https://websphere;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Host $http_host;
proxy_set_header Host $host;
# proxy_set_header X-NginX-Proxy true;
# proxy_set_header Connection "";
# proxy_set_header X-SSL-CERT $ssl_client_cert;
# proxy_set_header X-SSL-CERT-CIPHER $ssl_cipher;
# proxy_set_header X-SSL-CERT-SSNID $ssl_session_id;
# proxy_http_version 1.1;
# proxy_read_timeout 630s;
# proxy_cache_key key$request_uri$scheme;
# include mime.types;
proxy_set_header "$WSSC" $scheme;
proxy_set_header "$WSPR" $server_protocol;
proxy_set_header "$WSRA" $remote_addr;
proxy_set_header "$WSRH" $host;
proxy_set_header "$WSRU" $remote_user";
proxy_set_header "$WSSN" $server_name;
proxy_set_header "$WSSP" $server_port;
# Note that these vars are only available if
# NGINX was built with SSL
proxy_set_header "$WSCC" $ssl_client_cert;
proxy_set_header "$WSCS" $ssl_cipher;
proxy_set_header "$WSSI" $ssl_session_id;
# No equivalent NGINX variable for these headers.
proxy_hide_header "$WSAT";
proxy_hide_header "$WSPT";
proxy_hide_header "$WSFO";
}
# location /wstunnel/ {
# proxy_pass http://websphere;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
# }
}
}
Remember:nginx requires certificate files to trust the servers. Follow the guide to set up nginx as a load balancer to IBM WebSphere to configure the certificates on ngnix.