Configuring an External Load Balancer for a SAFR Cluster

When deploying SAFR in a cluster of 3 or more servers, its important to use an external load balancer in order to leverage the full benefits of a SAFR Cluster.  While its possible to use software load balancing available in the SAFR Primary server, a failure of the primary will result in a failure of the system until traffic is either routed to the node that is elected as the new primary server or the primary server is restored.

This article provides guidance on setting up an external load balancer for a SAFR cluster and implementing healthchecks.  It assumes the reader is familiar with and has a hardware or virtual load balancer.

There are several ports that need to be load balanced against for each node in the backend SAFR server cluster that will be setup.  Each service has both an HTTP and HTTPS listener.
 
Most of the services use /version as the healthcheck URL except for 8085/Virga, which uses /health.

COVI API service
HTTP Port: 8080
HTTPS Port: 8081
Healthcheck URL: /version
Event API service
HTTP Port: 8082
HTTPS Port: 8083
Healthcheck URL: /version
Object Storage API service
HTTP Port: 8086
HTTPS Port: 8087
Healthcheck URL: /version
Virga API service
HTTP Port: 8084
HTTPS Port: 8085
Healthcheck URL: /health

We’re assuming that the load balancer be HTTPS on the ports listed above and will terminate the HTTPS session on the load balancer and host the SSL certificate.  You can then load balance the request to the backend servers over either HTTP or HTTPS ports.
 
Round robin or least connection traffic routing is fine, and stickiness/affinity for clients is not required.
 
The backend servers HTTPS ports by default host a self-signed certificate, or you can use your own certificate.