OK, so I finally settled on the following architecture: Stud -> HAProxy -> [NGinx ->] Node
Stud does SSL termination. HAProxy receives the IP address in the first PROXY line from Stud, and performs load balancing with other servers. It will work in both HTTP and TCP modes, HTTP for regular requests on one IP address, and TCP for Socket.io requests on a different IP address (or port, whatever works). Nginx is in front of the non-socket.io connections only, for those requests HAProxy has added X-Forwarded-For headers. Nginx is there for caching static file requests and transparent gzipping of content. Thanks a lot for all the help on this thread! Matt. On Tue, Aug 14, 2012 at 3:05 PM, Matt <[email protected]> wrote: > Ah the lightbulb is going on now. Thanks. > > Maybe Apache would be best (people forget it has a very scalable event > based MPM available now). > > On Tue, Aug 14, 2012 at 2:19 PM, Jimb Esser <[email protected]> wrote: > >> Stud just does SSL termination, absolutely no HTTP parsing, it has no >> idea if the stream underneath is HTTP or any number of other protocols that >> get used over SSL, so it has no idea how to add a header into an HTTP >> stream. Other more complicated SSL terminators and load balancers do, but >> they seem to mostly choke on WebSockets which is outside of the usual >> format of HTTP. >> >> I guess that brings up a good point... stud probably won't do any useful >> logging for you - it could log IP addresses and connection times, but not >> individual GET/POSTs, etc, as it has no idea what those are. >> >> On Tuesday, August 14, 2012 10:35:56 AM UTC-7, Matt Sergeant wrote: >> >>> On Tue, Aug 14, 2012 at 1:22 PM, Jimb Esser <[email protected]> wrote: >>> >>>> On Monday, August 13, 2012 3:01:38 PM UTC-7, Matt Sergeant wrote: >>>>> >>>>> Good to know. I probably don't need it on the node side though. It's >>>>> mostly just for logs, which stud can write. Am I missing a need for the >>>>> real IP in node? >>>>> >>>> >>>> If the stud logs are enough, and you don't use the IP for application >>>> logic, then there's probably no need for it in node. We need things like >>>> being able to ban abusive users by IP. Also, 90% of the interesting >>>> actions a user does on our service happens over the WebSocket link, so we >>>> want it for logging as well. >>>> >>> >>> Yes for us it'll only be a minimal percentage, so not a huge deal. >>> >>> If stud can get the IP via the first few bytes, why can't it then just >>> add an X-Forwarded-For header when proxying to node? >>> >>> Matt. >>> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
