Hey Aleksandar,
On 05-01-2018 22:05, Aleksandar Lazic wrote:
We run a lot of balancers with varnish+hitch+haproxy+corosync for
high-available loadbalancing. Perhaps high-availability is not a
requirement, but it's also nice to be able to do maintenance during
the day and have your standby node take over..
Just for my curiosity why hitch and not only haproxy for ssl termination?
I use varnish as a single point of entry for requests and for caching. I
guess because it's a really good product, and we've been using it for a
long time. It has some custom business logic built in our vcl as well,
and allows for a lot of http magic. I got training on varnish tuning and
monitoring, and all of our scripts revolve around varnish and its logs.
And they have very cool real-time analysis tools like varnishlog,
varnishhist, varnishstat, etc.
Varnish passes all requests to a local haproxy instance, which passes
requests to the right backends based on hostname. So we use haproxy for
balancing to backends.
When the time came we needed ssl termination, I wanted a simple solution
that does that one thing well, and I still wanted varnish as entry
point. We played around with different products (squid, nginx), but then
the varnish team forked stud and called it hitch. And the nice thing is
almost all varnish users use hitch for ssl termination, and the varnish
team is willing to offer commercial support for both.
I've been thinking about different setups as well, such as running one
haproxy instance for ssl termination, passing requests to varnish and
then pass it to another instance of haproxy that sends requests to the
backends, but I think my current setup serves us best and we use the
best tool for the jobs at hand. I think hitch is a great ssl terminator,
varnish is a great cache/spoonfeeder, and haproxy is the best balancer.
--
met vriendelijke groet,
Angelo Höngens