Hi Angelo.
------ Originalnachricht ------
Von: "Angelo Hongens" <ang...@hongens.nl>
An: "Aleksandar Lazic" <al-hapr...@none.at>; haproxy@formilux.org
Gesendet: 06.01.2018 18:20:47
Betreff: Re: haproxy without balancing
Hey Aleksandar,
On 05-01-2018 22:05, Aleksandar Lazic wrote:
We run a lot of balancers with varnish+hitch+haproxy+corosync for
high-available loadbalancing. Perhaps high-availability is not a
requirement, but it's also nice to be able to do maintenance during
the day and have your standby node take over..
Just for my curiosity why hitch and not only haproxy for ssl
termination?
I use varnish as a single point of entry for requests and for caching.
I guess because it's a really good product, and we've been using it for
a long time. It has some custom business logic built in our vcl as
well, and allows for a lot of http magic. I got training on varnish
tuning and monitoring, and all of our scripts revolve around varnish
and its logs. And they have very cool real-time analysis tools like
varnishlog, varnishhist, varnishstat, etc.
Varnish passes all requests to a local haproxy instance, which passes
requests to the right backends based on hostname. So we use haproxy for
balancing to backends.
When the time came we needed ssl termination, I wanted a simple
solution that does that one thing well, and I still wanted varnish as
entry point. We played around with different products (squid, nginx),
but then the varnish team forked stud and called it hitch. And the nice
thing is almost all varnish users use hitch for ssl termination, and
the varnish team is willing to offer commercial support for both.
I've been thinking about different setups as well, such as running one
haproxy instance for ssl termination, passing requests to varnish and
then pass it to another instance of haproxy that sends requests to the
backends, but I think my current setup serves us best and we use the
best tool for the jobs at hand. I think hitch is a great ssl
terminator, varnish is a great cache/spoonfeeder, and haproxy is the
best balancer.
--
met vriendelijke groet,
Angelo Höngens
Thank you very much for your detailed answer.
I fully agree with you, a specially as you have a working and supported
set-up.
It would be interesting if hitch can be replaced with haproxy without
any issues.
I plan to use haproxy in front of varnish and I would be very
appreciative for any hints, maybe off-list so that we don't upset the
haproxy list members.
Best regards
Aleks
