Configuring S3 load balancing
To efficiently distribute traffic between multiple S3 nodes with gateways, you can use an external load balancer such as HAProxy. HAProxy is an open-source, high-performance solution that provides high availability, load balancing, and proxying for TCP- and HTTP-based applications. It is scalable, supports multiple load-balancing algorithms, session persistence, and SSL certificate management.
Load balancing for S3
HAProxy supports several load-balancing strategies that can be used for S3 backends:
- Round robin
-
HAProxy forwards each new connection to the next backend server in sequence. Multiple HTTP requests can use the same connection, so individual requests may not appear to be distributed sequentially, but traffic is balanced across the pool over time. This algorithm works best when pool members are truly identical, requests are short-lived, and traffic is light or uniform enough that simplicity matters more than adaptive balancing.
balance roundrobin
- Least connections
-
HAProxy forwards new connections to the server with the fewest active connections. This is the recommended choice for S3 in most cases, especially when HTTPS is enabled, requests vary in duration, pool members are not perfectly identical, or connection fairness is more important than strict ordering.
balance leastconn
- Source (IP hash)
-
HAProxy hashes the client source IP address to select a backend server. This provides best-effort stickiness by sending connections from the same client IP to the same server while the pool membership remains unchanged, which can be useful when cookie-based persistence is unavailable or not preferred. Source IP hashing may distribute traffic unevenly if many clients connect through the same NAT gateway, proxy, or other shared source IP address. Client-to-server mappings can also change when backend servers are added, removed, go down, or come back up.
balance source
Health checks
Health checks are critical to ensure HAProxy routes traffic only to healthy nodes. If a node becomes unresponsive, HAProxy automatically redirects traffic to healthy nodes. The health-check settings include the following:
- HTTP checks
-
Periodically send an HTTP request to a specific endpoint (for example,
/?ostor-health) to verify the server is responsive.option httpchk http-check send meth GET uri /?ostor-health
- Check interval
-
Controls how often HAProxy checks each backend server.
server s3.source 10.136.21.80:80 id 101 check inter 5s
- Retries and timeout
-
Configure the number of failed attempts before marking a server as down and the timeouts for connecting or waiting for a response.
retries 3 timeout connect 30s timeout server 30s
- Logging health checks
-
Enables monitoring of health-check results for easier troubleshooting.
option log-health-checks
Example HAProxy configuration
global
maxconn 10000
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
server-state-file /tmp/haproxy_server_state
frontend s3_frontend
bind 10.136.20.226:443 name 10.136.20.226:443 ssl crt-list /var/etc/haproxy/s3_frontend.crt_list
mode tcp
log global
timeout client 30s
default_backend s3_backend_ipvANY
backend s3_backend_ipvANY
mode tcp
id 100
log global
option log-health-checks
option httpchk
http-check send meth GET uri /?ostor-health
balance leastconn
timeout connect 30s
timeout server 30s
retries 3
load-server-state-from-file global
server s3.source 10.136.21.80:80 id 101 check inter 5s
For a full list of available configuration options and advanced health-check settings, refer to the HAProxy documentation.