Op 05/01/2018 om 11:46 schreef Jonathan Matthews: > On 5 January 2018 at 10:28, Johan Hendriks <[email protected]> wrote: >> BTW if this is the wrong list please excuse me. > This looks to me like it might be the right list :-) > >> We have an application running over multiple servers which all have >> there own subdomain, there are about 12 of them. >> We can live without loadbalancing, so there is no failover, each server >> serves a couple of subdomains. > What protocols are these servers serving? > > - HTTP > - HTTPS > - if HTTPS, do you control the TLS certificates and their private keys? > - Something else? > - if something else, what? > All protocols are HTTP and HTTPS > >> At this moment every server has its own ip, and so every subdomain has a >> different DNS entry. What we want is a single point of entry and use >> haproxy to route traffic to the right backend server. > Are the DNS entries for every subdomain under your control? > How painful would it be to change one of them? > How painful would it be to change all of them? If we go for the one ip, then a simple wildcard would suffice. > >> Replacing an server is not easy at the moment. We have a lot of history >> to deal with. We are working on it to leave that behind but till then we >> need an solution. >> >> I looked at this and i think i have two options. >> Create for each server in the backend an ip on the haproxy machine and >> connect a frontend for that IP to the desired backend server. >> This way we still have multiple ipadresses, but they can stay the same >> if servers come and go. >> >> Secondly we could use a single ip and use ACL to route the traffic to >> the right backend server. >> The problem with the second option is that we have around 2000 different >> subdomains and this number is still growing. So my haproxy config will >> then consists over 4000 lines of acl rules. >> and I do not know if haproxy can deal with that or if it will slowdown >> request to much. > Haproxy will happily cope with that number of ACLs, but at first > glance I don't think you need to do it that way. > > Assuming you're using HTTP/S, you would probably be able to use a map, > as describe in this blog post: > https://www.haproxy.com/blog/web-application-name-to-backend-mapping-in-haproxy/ That looks like a good option indeed. > > Also, assuming you're using HTTP/S, if you can relatively easily > change DNS for all the subdomains to a single IP then I would > *definitely* do that. > > If you're using HTTPS, then SNI client support > (https://en.wikipedia.org/wiki/Server_Name_Indication#Support) would > be something worth checking, but as a datapoint I've not bothered > supporting non-SNI clients for several years now. > > All the best, > J Thank you Jonathan Matthews and Angelo Hongens for your prompt reply's. I now know that ACL won't be an issue and then there is mapping.
Time to start testing. Thanks again. Regards, Johan
