Re: [I] Doubt - Balancing loads between managements [cloudstack]

Mon, 20 Nov 2023 17:23:24 -0800 


IgaoWolf commented on issue #8221:
URL: https://github.com/apache/cloudstack/issues/8221#issuecomment-1820064565

   Hello @zap51 , Everything alright? 
   
   As mentioned earlier, we were analyzing the choice between nginx and 
haproxy, and we ended up preferring the use of haproxy. So, I'll be setting up 
this proxy for load balancing between the managements and also for access via 
URL and the use of SSL certificates to access by name. I just had one doubt: I 
would like to know if it won't be necessary to configure port 8250 as well, in 
addition to the http/s ports.
   
   Team, I just set up this file for ports 8250, 8080, and 443.
   
   # Global config
   global
           log 127.0.0.1   local0
           log 127.0.0.1   local1 notice
           #log loghost    local0 info
           maxconn 8192
           chroot /usr/share/haproxy
           user haproxy
           group haproxy
           daemon
   
   defaults
           option http-server-close
           log global
           mode http
           option dontlognull
           retries 3
           option redispatch
           maxconn 2000
           timeout connect 5s
           timeout client  120s
           timeout server  120s
   
   # Stats page
   listen stats
           bind <HA-PROXY-02>:9245
           mode http
           stats hide-version
           stats enable
           stats uri /admin?stats
           stats realm Haproxy\ Statistics
           stats auth admin:<PASSWORD>.
   
   
   frontend vs-acs-gui-http
           bind <IP-MGMT>:80
           http-request redirect scheme https if !{ ssl_fc }
   
           bind <IP-MGMT>:443 ssl crt /etc/haproxy/certs/wildcard.crt
           mode http
           option httplog
           option forwardfor
           maxconn 2000
           acl path_root path /
           redirect location https://acs.<domain>.com.br/client/ if path_root
           default_backend pool-acs-gui-http
   
   frontend vs-acs-gui-https-int
           bind <IP-MGMT>:443 ssl crt /etc/haproxy/certs/wildcard.crt
           mode http
           option httplog
           option forwardfor
           maxconn 2000
           acl path_root path /
           redirect location https://acs.<domain>.com.br/client if path_root
           default_backend pool-acs-gui-http
   
   backend pool-acs-gui-http
           mode http
           option httplog
           option forwardfor
           balance leastconn
           fullconn 2000
           cookie SERVERID insert indirect
           server <NAME> <IP-MGMT>:8080 maxconn 1000 check inter 5s cookie 
<NAME>
           server <NAME> <IP-MGMT>:8080 maxconn 1000 check inter 5s cookie 
<NAME>
   
           frontend vs-acs-tcp-8250
           bind <IP-MGMT>:8250
           mode tcp
           option tcplog
           maxconn 2000
           default_backend pool-acs-tcp-8250
   
   backend pool-acs-tcp-8250
           mode tcp
           option tcplog
           balance source
           fullconn 2000
           hash-type consistent
           server <NAME> <IP-MGMT>:8250 maxconn 1000 check inter 5s
           server <NAME> <IP-MGMT>:8250 maxconn 1000 check inter 5s
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to