Article Source: https://juejin.cn/post/7296076144448618506
Official Note from SafeLine: This tutorial was written in 2023. If you are using a 2024 or later version, please be aware that the configuration described here may be overwritten or become invalid after application changes or product upgrades. Proceed with caution.
To further enhance our internal network security, we added the open-source community version of SafeLine WAF on top of our existing hardware WAF as a software WAF at the application layer. This enabled a multi-layered WAF protection architecture.
After further exploration, we found that SafeLine WAF's upstream proxy forwarding is based on Tengine. This gave us the idea to use SafeLine not only for WAF protection but also for load balancing and automatic failover.
Step 1: Prepare a HTTP Server for test
We created a simple HTTP server with a /status route returning HTTP 200. Here's a basic Go example:
package main
import (
"os"
"fmt"
"net/http"
)
func Hello1Handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "I am 11111")
}
func Hello2Handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "I am 22222")
}
func check(w http.ResponseWriter, r *http.Request){
fmt.Fprintf(w, "check")
}
func main () {
if len(os.Args) > 1 {
http.HandleFunc("/hello", Hello1Handler)
http.HandleFunc("/status", check)
http.ListenAndServe(":8001", nil)
} else {
http.HandleFunc("/hello", Hello2Handler)
http.HandleFunc("/status", check)
http.ListenAndServe(":8002", nil)
}
}
Start two servers on ports 8001 and 8002 respectively.
Step 2: Create an App in SafeLine
Create a new application in SafeLine and set the upstream server to the first node (8001).
Verify that requests are correctly proxied to the HTTP server.
Step 3: Modify SafeLine Nginx Configuration
Locate the configuration files in:
/data/safeline/resources/nginx/sites-enabled
There will be several configuration files, named in the format: IF_backend_*
Each new app creates a file named like IF_backend_*.
Identify the correct file by checking the listening port using cat.
In my case, the file is IF_backend_2. Then start modifying the configuration inside this file.
Add a New Upstream Server
Configure load balancing based on health checks. The following is just a basic setup — you can modify or add configurations according to your specific needs.
Step 4: Test and Reload Configuration
Check the Nginx config:
docker exec safeline-tengine nginx -t
If you get the following output, it means the configuration test passed.
Restart SafeLine’s Nginx:
docker exec safeline-tengine nginx -s reload
Step 5: Test the Failover
- Load Balancing Test: With equal weight (1), requests are distributed evenly across the two nodes.
- Failover Test: Stop the HTTP server on port 8002.
After refreshing the page, you’ll see that all requests are now routed to the HTTP server on port 8001.
Conclusion
SafeLine’s built-in Tengine (Nginx) includes rich modules and can be configured for common load balancing and failover use cases. This setup enhances both availability and security, making SafeLine a robust choice for enterprise-grade web application protection.
SafeLine Website:https://ly.safepoint.cloud/ShZAy9x
Discord:https://discord.gg/dy3JT7dkmY
Github:https://github.com/chaitin/SafeLine
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.