Powerschool is a popular Student Information System in use by many school districts. If your district is larger than a few thousands students, you will likely need to scale out your installation to include multiple application nodes. Often it will be recommended that you pay a consultant to perform a high availability setup, but in my opinion this is something that can be done in-house with open-source software. In this tutorial, we will use HAProxy 1.5 running on Ubuntu 14.04 to balance two applications nodes. This tutorial assumes that you have SSL setup on both of your application nodes already.
There are many tutorials out there covering how to setup HAProxy, so in this tutorial, we will focus on the setup with Powerschool.
We will do everything over SSL so you will need your PEM file.
Install Ubuntu 14.04 Server
To get started install Ubuntu 14.04 server, you don’t need a ton or memory of CPU power for this box, I would recommend 2GB of memory for most cases. Make sure during installation that you setup a static IP address on this box. If you miss the opportunity to configure a static IP address, here is how it can be done after installation is complete.
sudo nano /etc/network/interfaces
In this file you will want to enter something like this:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.2.77 netmask 255.255.255.0 network 192.168.2.0 broadcast 192.168.2.255 gateway 192.168.2.1 dns-nameservers 18.104.22.168 dns-search cwssoft.com
Make sure you update your server installation by running:
sudo apt-get update sudo apt-get upgrade
Upload your SSL PEM file
We need to get your SSL file on the server and the easiest way to do this is probably with openssh and a sftp client on your workstation.
Install openssh on the haproxy server with:
sudo apt-get install openssh-server
From your workstation you will need to install a sftp client (like filezilla) and transfer the file to your home directory on the server.
Once the file is on the server, you can transfer the file to its final location with:
sudo cp ~/[yourpemfilename].pem /etc/ssl/private/cert.pem
We want to use the latest version of HAProxy, which as of writing is 1.5. This version isn’t available on Ubuntu 14.04, so we will need to add a repo to install it.
sudo add-apt-repository ppa:vbernat/haproxy-1.5 sudo apt-get update sudo apt-get install haproxy
Let’s backup our HAProxy configuration file, this can be done with the following command:
sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig
Now let’s dig into the configuration file and setup our balancer.
sudo nano /etc/haproxy/haproxy.cfg
Make the following changes to the default file:
.... daemon # Default SSL material locations ....
.... daemon maxconn 4096 ssl-server-verify none tune.ssl.default-dh-param 2048 # Default SSL material locations ....
So what we did is increase the max connections to 4096, and disabled SSL cert verification on HAProxy.
In the defaults section, add the following:
option forwardfor option http-server-close
The forwardfor option allows Powerschool to see the IP address of the true client by adding the X-Forwarded-For header to the request being sent to Powerschool.
Now at the bottom of the file, we need to add our configuration for our application nodes that we would like to balance.
Add the following to the bottom of the config file, adding the correct IP addresses for your Powerschool application nodes.
frontend www-http443 bind *:443 ssl crt /etc/ssl/private/cert.pem reqadd X-Forwarded-Proto:\ https default_backend www-backend frontend www-http80 bind *:80 default_backend www-backend frontend reportworks8443 bind *:8443 ssl crt /etc/ssl/private/[yoursslpemhere].pem reqadd X-Forwarded-Proto:\ https default_backend reportworks8443-backend backend www-backend option httpchk GET /admin balance roundrobin cookie SERVERID insert indirect nocache server www-1 x.x.x.x:443 check cookie www1 ssl server www-2 x.x.x.x:443 check cookie www2 ssl backend reportworks8443-backend balance source server www-1 x.x.x.x:8443 check ssl server www-2 x.x.x.x:8443 check ssl listen stats *:8080 stats enable stats uri / stats realm Haproxy\ Statistics stats auth admin:supersecretpassword stats refresh 10s stats admin if TRUE
Now lets do some basic configuration on Powerschool. Log into Powerschool admin and navigate to:
System Administrator > System Settings > Edit Global Server Settings
You’ll want to setup your hostnames (ie: ps.yourdomain.com) and ports as follows:
Finish Things Up
So, let’s test everything out. First let’s make sure the HAProxy will restart with our new configuration.
sudo service haproxy restart
If that works, let’s see if we can log into the stats web interface, so open a browser and navigate to http://x.x.x.x:8080
You will be prompted to login, so enter the username and password that are present in your config file. If you can see the interface and the nodes under www-backend are green, then we should be able to access Powerschool through our haproxy server.
Lastly update your DNS records for Powerschool to now point to your HAProxy server. You should now be able to access Powerschool by DNS name and you should be load balanced and fault tolerant. You can now monitor connections through the stats interface running on port 8080 as well.
If you encounter SSL issues with PowerTeacher Gradebook, ensure that your SSL PEM file is complete with the intermediate certificates. If all else fails, checkout the haproxy log file in /var/log.