Balance traffic by request URL
You can direct traffic to different target groups servers depending on which domain and path are specified in the request.
Control panel
OpenStack CLI
-
В control panels go to Cloud platform → Balancers.
-
Open the tab Balancers → balancer page.
-
Click Create a rule.
-
Select HTTPS as the protocol to receive traffic. The default port 443 will be automatically selected, on which the balancer will listen for traffic.
-
Select a certificate to terminate HTTPS traffic on the balancer — select a certificate from the Secrets Manager or download a new one. If the rule will accept traffic for multiple domains, the certificate must be valid for all domains, or add multiple certificates.
-
Select the default target group — this is where traffic that does not fall under the HTTP Policies. Select a group from the list or create a new target groupSpecify the HTTP traffic destination protocol and port 80 for it. If you want to discard traffic that does not fall under the HTTP policy, select Without a target group.
-
Mark it HTTP request headersthat will be transmitted to the servers.
-
Create HTTP policyThe traffic will be balanced according to this value. To do this, press Add a new policy.
-
To balance the request by domain name, select a validation condition: HOSTNAME — EQUAL TO.
-
Enter the domain name without the protocol, e.g.
example.com
. -
Click New condition.
-
To balance the query along the path, select a validation condition: PATH — STARTS WITH..
-
Enter the text where you want the query path to begin, e.g.
/api
. -
Select an action Direct to the target group.
-
Select the target group to which traffic that is subject to the policy will be directed. To create a new target group, click New target group и create a task force with the HTTP protocol and port 80. If you want to discard traffic that does not fall under the HTTP policy, select Without a target group.
-
Optional: change the policy name or leave the default one generated.
-
Click Add.
-
Optional: open the unit Advanced rule settings and specify connection settings:
- for incoming requests to the balancer — specify the connection timeout and maximum connections;
- for requests from the balancer to servers — specify the connection timeout, inactivity timeout and TCP packet waiting timeout.
-
Click Create.
-
If you don't already have target groupwhere the traffic will be balanced, create it:
openstack loadbalancer pool create \
--name <pool_name> \
--lb-algorithm <algorithm> \
--loadbalancer <loadbalancer> \
--protocol HTTPSpecify:
<pool_name>
— the name of the target group;<algorithm>
— algorithm name:ROUND_ROBIN
orLEAST_CONNECTIONS
<loadbalancer>
— ID or name of the load balancer. The list can be viewed byopenstack loadbalancer list
-
If you created a target group in step 2, add a server to it:
openstack loadbalancer member create \
--subnet-id <subnet_uuid> \
--address <server_ip_address> \
--protocol-port 80 \
<pool>Specify:
<subnet_uuid>
— The ID of the server's private or public subnet. The list can be viewed using the commandopenstack subnet list
;<server_ip_address>
— the private IP address of the server, can be viewed in the control panels under Cloud platform → Servers → server page → tab Ports;<pool>
— ID or name of the target group you created in step 2.
-
Create rule for a balancer with the TERMINATED_HTTPS protocol and port 443:
openstack loadbalancer listener create \
--name <listener_name> \
--protocol TERMINATED_HTTPS \
--protocol-port 443 \
--default-tls-container=<certificate_uuid> \
--default-pool <default_pool> \
<loadbalancer>Specify:
<listener_name>
— NAME OF RULE;<certificate_uuid>
— The ID of the TLS(SSL)-certificate for terminating traffic on the balancer. You can copy it to control panels: under Cloud platform → The manager of secrets → tab Certificates → in the menu of the certificate, select Copy UUID. If the rule will accept traffic for multiple domains, the certificate must be valid for all domains, or add multiple certificates;- optional:
--default-pool <default_pool>
— The default ID or name of the default target group to which traffic that does not fall under the HTTP Policies in the rule. The list of groups can be viewed withopenstack loadbalancer pool list
. If you don't have the right target group, create it. If you do not specify a parameter, traffic not caught by the policies will be discarded; <loadbalancer>
— ID or name of the load balancer. The list can be viewed byopenstack loadbalancer list
-
Create HTTP policy in the rule:
openstack loadbalancer l7policy create \
--action REDIRECT_TO_POOL \
--redirect-pool <pool> \
--name <policy_name> \
<listener_name>Specify:
<pool>
— ID or name of the target group. You can view the list withopenstack loadbalancer pool list
<policy_name>
— L7-policy name;<listener_name>
— the name of the rule you set in step 4.
-
To balance the request by domain name, create a condition in the HTTP policy to check the domain:
openstack loadbalancer l7rule create \
--compare-type EQUAL_TO \
--type HOST_NAME \
--value <domain_name> \
<policy>Specify:
<domain_name>
— type domainexample.com
;<policy>
— ID or name of the L7 policy. The list can be viewed withopenstack loadbalancer l7policy list
-
To balance the request by path, create a condition in the HTTP policy to check the path:
openstack loadbalancer l7rule create \
--compare-type STARTS_WITH \
--type PATH \
--value <path> \
<policy>Specify:
<path>
— the text where the query path should begin, e.g.,/api
;<policy>
— ID or name of the L7 policy. The list can be viewed withopenstack loadbalancer l7policy list