I have little experience in web site infrastructural architecture design. I know it might be situation specific. The web site is supposed to:
1) Need HTTPS support for some page (e.g. login page) while others are just HTTP page.
2) Need multiple web servers so that some load balancing is required.
3) Need HTTP caching and compression to boost performance.
4) Some requests (e.g. image uploading) should be routed to dedicated backend servers. So, URL-based balancing is required.
I know that NginX and HAProxy are both nice open-sourced Reverse Proxy and/or Load Balancer. Since HAProxy doesn't support SSL, while Nginx load balancing is not as good as HAProxy. I'll take both.
So, should I put Nginx (as reverse proxy) in the front of HAProxy (as load balancer), or opposite?
Thanks
Best Answer
If you plan to have every web server available over HTTPS, then you'll need to install Nginx in front of HAProxy. With that configuration, your Nginx will handle all the SSL work and send the decrypted HTTP traffic directly to the HAProxy frontend, which will then load-balance requests to your web servers based on the rules you specify.
The idea of using LVS, as mentioned by womble is that it's somewhat less intrusive since it doesn't hold a connection between your web server and the client accessing the site. On the other hand, LVS will only provide you with simple load-balancing and won't allow you to forward requests based on file extension, requested URL, headers, etc. That's why HAProxy is used in many situations.
If you only need SSL on one server (non load-balanced) then you're safe to use HAProxy for everything without using Nginx. On the other hand you'll have one issue with being unable to see the client's source IP address in the web server's HTTPS logs (because HAProxy rewrites that address). The IP will be in HAProxy logs if you enable it though ;)