On 5 January 2018 at 10:28, Johan Hendriks <joh.hendr...@gmail.com> wrote:
> BTW if this is the wrong list please excuse me.

This looks to me like it might be the right list :-)

> We have an application running over multiple servers which all have
> there own subdomain, there are about 12 of them.
> We can live without loadbalancing, so there is no failover, each server
> serves a couple of subdomains.

What protocols are these servers serving?

  - if HTTPS, do you control the TLS certificates and their private keys?
- Something else?
  - if something else, what?

> At this moment every server has its own ip, and so every subdomain has a
> different DNS entry. What we want is a single point of entry and use
> haproxy to route traffic to the right backend server.

Are the DNS entries for every subdomain under your control?
How painful would it be to change one of them?
How painful would it be to change all of them?

> Replacing an server is not easy at the moment. We have a lot of history
> to deal with. We are working on it to leave that behind but till then we
> need an solution.
> I looked at this and i think i have two options.
> Create for each server in the backend an ip on the haproxy machine and
> connect a frontend for that IP to the desired backend server.
> This way we still have multiple ipadresses, but they can stay the same
> if servers come and go.
> Secondly we could use a single ip and use ACL to route the traffic to
> the right backend server.
> The problem with the second option is that we have around 2000 different
> subdomains and this number is still growing. So my haproxy config will
> then consists over 4000 lines of acl rules.
> and I do not know if haproxy can deal with that or if it will slowdown
> request to much.

Haproxy will happily cope with that number of ACLs, but at first
glance I don't think you need to do it that way.

Assuming you're using HTTP/S, you would probably be able to use a map,
as describe in this blog post:

Also, assuming you're using HTTP/S, if you can relatively easily
change DNS for all the subdomains to a single IP then I would
*definitely* do that.

If you're using HTTPS, then SNI client support
(https://en.wikipedia.org/wiki/Server_Name_Indication#Support) would
be something worth checking, but as a datapoint I've not bothered
supporting non-SNI clients for several years now.

All the best,
Jonathan Matthews
London, UK

Reply via email to