Skip to content

Latest commit

 

History

History
109 lines (72 loc) · 2.93 KB

HAproxy.md

File metadata and controls

109 lines (72 loc) · 2.93 KB

Howto deploy a (room based) load balanced cluster

This example will show how to setup an HA proxy to provide load balancing between several multiparty-meeting servers.

IP and DNS

In this basic example we use the following names and ips:

Backend

  • mm1.example.com <=> 192.0.2.1
  • mm2.example.com <=> 192.0.2.2
  • mm3.example.com <=> 192.0.2.3

Redis

  • redis.example.com <=> 192.0.2.4

Load balancer HAproxy

  • meet.example.com <=> 192.0.2.5

Deploy multiple multiparty-meeting servers

This is most easily done using Ansible (see below), but can be done in any way you choose (manual, Docker, Ansible).

Read more here: mm-ansible asciicast

Setup Redis for central HTTP session store

Use one Redis for all multiparty-meeting servers

  • Deploy a Redis cluster for all instances.
    • We will use in our actual example 192.0.2.4 as redis HA cluster ip. It is out of scope howto deploy it.

OR

  • For testing you can use Redis from one the multiparty-meeting servers. e.g. If you plan only for testing on your first multiparty-meeting server.
    • Configure Redis redis.conf to not only bind to your loopback but also to your global ip address too:

      bind 192.0.2.1
      

      This example sets this to 192.0.2.1, change this according to your local installation.

    • Change your firewall config to allow incoming Redis. Example (depends on the type of firewall):

          chain INPUT {
              policy DROP;
      
              saddr mm2.example.com proto tcp dport 6379 ACCEPT;
              saddr mm3.example.com proto tcp dport 6379 ACCEPT;
          }
      
    • Set a password, or if you don't (like in this basic example) take care to set strict firewall rules

Configure multiparty-meeting servers

App config

mm/configs/app/config.js

multipartyServer : 'meet.example.com',

Server config

mm/configs/server/config.js

redisOptions : { host: '192.0.2.4'},
listeningPort: 80,
httpOnly: true,
trustProxy           : ['192.0.2.5'],

Deploy HA proxy

  • Configure cerificate / letsencrypt for meet.example.com

    • In this example we put a complete chain and private key in /root/certificate.pem.
  • Install and setup haproxy

    apt install haproxy

  • Add to /etc/haproxy/haproxy.cfg config

      backend multipartymeeting
          balance url_param roomId
          hash-type consistent
    
          server mm1 192.0.2.1:80 check maxconn 20 verify none
          server mm2 192.0.2.2:80 check maxconn 20 verify none
          server mm3 192.0.2.3:80 check maxconn 20 verify none
    
      frontend meet.example.com
          bind 192.0.2.5:80
          bind 192.0.2.5:443 ssl crt /root/certificate.pem
          http-request redirect scheme https unless { ssl_fc }
          reqadd X-Forwarded-Proto:\ https
          default_backend multipartymeeting