Updated 2019-10-31

Sample Load Balancer Configurations

AWS

For AWS, we recommend the Classic Load Balancer. The Classic Load Balancer is the easiest to configure and work with. Register the Hyperledger Besu instances to the load balancer and use the liveness endpoint for health checks.

For finer grain control, use the Application Load Balancer:

  • Configure 1 target group with n nodes
  • Configure multiple listeners with one per port (for example, 30303, 8545) you’re using and route to the target group
  • Use the liveness endpoint for health checks
  • Register the Besu instances multiple times with different ports. Similar to configuring microservices on Elastic Container Service (ECS) or Elastic Kubernetes Service (EKS)

HTTPS Redirection

With either AWS load balancer, you can add certificates using ACM (Amazon Certificate Manager), add them to the load balancers, and redirect all http calls to https.

Elastic Kubernetes Service

For Elastic Kubernetes Service (AWS Kubernetes service) use the same load balancer configuration as when running nodes in Kubernetes. Use labels to specify nodes for the load balanced group.

Manual Configurations

Where applicable, we strongly recommend using service discovery. That is, pair your load balancer configuration with something that dynamically detects new nodes and removed failed nodes.

For nginx use multiple upstreams (one for each port). Pair each upstream with a separate server block.

Upstreams paired with server blocks

upstream discovery_tcp_30303 {
    server 10.0.1.1:30303;
    server 10.0.1.2:30303;
}

upstream rpc_tcp_8545 {
    server 10.0.1.1:8545;
    server 10.0.1.2:8545;
}

server {
    listen 30303;
    server_name some.host;
    location / {
        proxy_pass http://discovery_tcp_30303;
    }
}

server {
    listen 8545;
    server_name some.host;
    location / {
        proxy_pass http://rpc_tcp_8545;
    }
}
...

For HAProxy, create multiple backend and frontend sets.

Multiple backend and frontend sets

frontend discovery-tcp-30303
    bind *:30303
    acl ....
    ...
    default_backend back-discovery-tcp-30303

frontend rpc-tcp-8545
    bind *:8545
    acl ....
    ...
    default_backend back-rpc-tcp-8545

backend back-discovery-tcp-30303
    balance leastconn
    server node-01 10.0.1.1:30303 weight 1 check
    server node-02 10.0.1.2:30303 weight 1 check
    option ....
    timeout server 600s                 

backend back-rpc-tcp-8545
    balance leastconn
    server node-01 10.0.1.1:8545 weight 1 check
    server node-02 10.0.1.2:8545 weight 1 check
    option ....
    timeout server 600s 
...                

HTTPS Redirection

To add https capability, update the above server blocks to include the certificates and specific ciphers. If you require a http to https redirection, add separate blocks to return a 301 code with the new URI.