Graylog cluster setup HA


I have 3 physical servers.
Each physical server is hosting graylog, mongodb, elasticsearch.

To achieve full HA, i’m also thinking about the load balancing part.
I have yet to decide on whether to use apache or nginx as load balancer.

My question is,
What if the server hosting the load balancer goes down? Wouldn’t that mean the entire cluster stops working?


I believe you would have the same amount of Apache/Nginx installations on each node (3).

At my job this question came up, so we took a different step. We used our Firewall’s (Fortinet firewall) we configured our load balancers there.
Hope that helps

thanks for the reply.

so u suggest to install nginx/apache load balancer on all 3 nodes?
1 primary load balancer and 2 backup.

the node 1 load balancer can either route to itself or node 2/3 depending on traffic.

if node 1 load balancer fails, node 2 load balancer takes over as primary.
this will be an active-passive setup.

am i right?

To be honest, I have not looked into it for almost 4 years. Hence why were using our firewall to load balance But it make seens that you would have Apache/Nginx installed on all three nodes for redundancy.

@syntax to start, I wouldn’t put nginx/apache on every single one of your graylog nodes. That’s a disaster waiting to happen IMHO. You’re better off creating an active/passive LB setup with the load balancers not colocated with Graylog. There are a number of tutorials out there about achieving an active/passive configuration with both of these web servers, so I’d recommend researching those and seeing which one makes the most sense for you to use.

can you elaborate why it’s a disaster waiting to happen? thanks

Let’s start with putting your load balancing software on all 3 nodes–that’s 3 configs you have to maintain. That’s a larger margin of error in terms of making a mistake. Also, it’s not a true HA setup if you’re installing 3 separate instances of Nginx/Apache on the 3 servers. Really, you’re just going to end up with reverse proxies on the nodes, not load balancing. You’re still going to have have to have some sort of mechanism for distributing the messages (and probably UI/API requests) between those 3 nodes.

You’re better off having a 2 node setup in front of those 3 nodes that are independent of your Graylog nodes.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.