As a Mac deployment grows, eventually the JSS might become too overloaded for a single server to handle. When that happens, installing the JSS on multiple servers and load balancing between them becomes ideal. This has the advantage of having many servers on the back end, but having it appear and function as a single unified server.
Pound is a free reverse proxy that can be used for load balancing the JSS. It can be run on just about any flavor of Linux. I wouldn’t recommend it for a critical production environment, but for testing or learning, it’s a great option.
This guide is written for Ubuntu, but other distributions should be similar.
Prepare the Server
There really aren’t any prerequisites needed here, other than installing the core OS, configuring SSH (if needed) and setting a static IP.
On Ubuntu, Pound can be installed with this command
Allowing Pound to start
After the successful installation, edit /etc/default/pound and change the startup value from 0 to 1. Your file should look something like this.
Next, you’ll want to edit /etc/pound/pound.cfg.
Allow PUT and DELETE
## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 1
By default, it is set to 0. Changing to 1 allows PUT and DELETE requests, which are needed for full functionality. If everything appears to be working, but enrollment fails, this is likely the cause.
Configure HTTPS on port 8443
In /etc/pound/pound.cfg, you’ll want to update the ListenHTTP section to be ListenHTTPS. This will tell pound to listen for HTTPS traffic instead of HTTP.
You’ll want to modify the following lines under ListenHTTPS:
Address 127.0.0.1 Port 8080
You’ll want to change the address to the IP address that the server should be using to listen to connections. The port should be changed to 8443, which is the default HTTPS port for the JSS. You can alternatively set the port to 443, if you would prefer to run the JSS on the standard HTTPS port.
Immediately following the Address and Port entries, you’ll want to add the following entries.
HeadRemove "X-Forwarded-For" Cert "/etc/pound/cert.pem"
You’ll need to create and install an SSL certificate onto your server. Make sure to include the correct path in the Cert entry.
Forward to JSS servers
The next step is to configure pound to redirect to your JSS nodes. The port you redirect to will depend on your JSS configuration. By default, when hosted on Windows or Linux the default port is 8080, and when hosted on OS X the default port is 9006. Make sure to replace the Address with the IP of the JSS web app server, and repeat this for as many web app servers as needed.
BackEnd Address 10.0.0.2 Port 8080 End
Another important key to successful JSS load balancing is persistence. This makes sure that a single request will use the same web app server for a specified period of time. To enable persistence, establish a session type of IP and give it a TTL of 1000, like so. Make sure the Session section is within the ListenHTTPS section.
Session Type IP TTL 1000 End
You could raise the TTL if you find that longer requests are failing.
Putting it All Together
Your final pound.cfg file should look something like this.
Run the following command to start Pound