detroitenglish commented on a change in pull request #318: Add Caddy Server reverse-proxy config examples incl. cluster load balancing URL: https://github.com/apache/couchdb-documentation/pull/318#discussion_r210104484
########## File path: src/best-practices/caddy.rst ########## @@ -0,0 +1,167 @@ +.. Licensed under the Apache License, Version 2.0 (the "License"); you may not +.. use this file except in compliance with the License. You may obtain a copy of +.. the License at +.. +.. http://www.apache.org/licenses/LICENSE-2.0 +.. +.. Unless required by applicable law or agreed to in writing, software +.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +.. License for the specific language governing permissions and limitations under +.. the License. + +.. _best-practices/Caddy: + +======================== +Caddy as a Reverse Proxy +======================== + +CouchDB recommends the use of `HAProxy`_ as a load balancer and reverse proxy. +The team's experience with using it in production has shown it to be superior +for configuration and monitoring capabilities, as well as overall performance. + +CouchDB's sample haproxy configuration is present in the `code repository`_ and +release tarball as ``rel/haproxy.cfg``. + +However, ``Caddy`` is a suitable alternative. Below are instructions on +configuring Caddy appropriately. + +.. _HAProxy: http://haproxy.org/ +.. _code repository: https://github.com/apache/couchdb/blob/master/rel/haproxy.cfg + +Basic configuration +=================== + +Here's a basic excerpt from a Caddyfile in +``/<path>/<to>/<site>/Caddyfile``. This will proxy all +requests from ``http(s)://domain.com/...`` to ``http://localhost:5984/...`` + +.. code-block:: text + + domain.com { + + import /path/to/other/config.caddy # logging, error handling etc. + + proxy / localhost:5984 { + transparent + } + + } + +Note that, because Caddy is https-by-default, you must explicitly include the +``http://`` protocol in the site address if you do NOT want Caddy +to automatically acquire and install an SSL certificate and begin accepting +``https`` connections on port 443. + +Reverse proxying CouchDB in a subdirectory with Caddy +===================================================== + +It can be useful to provide CouchDB as a subdirectory of your overall domain, +especially to avoid CORS concerns. Here's an excerpt of a basic Caddy +configuration that proxies the URL ``http(s)://domain.com/couchdb`` to +``http://localhost:5984`` so that requests appended to the subdirectory, such +as ``http(s)://domain.com/couchdb/db1/doc1`` are proxied to +``http://localhost:5984/db1/doc1``. + +.. code-block:: text + + domain.com { + + import /path/to/other/config.caddy # logging, error handling etc. + + proxy /couchdb localhost:5984 { + transparent + without /couchdb + } + + } + +Note that in the above configuration, the *Verify Installation* link in +Fauxton may not succeed. + +Reverse proxying + load balancing for CouchDB clusters +====================================================== + +Here's a basic excerpt from a Caddyfile in +``/<path>/<to>/<site>/Caddyfile``. This will proxy and evenly distribute all +requests from ``http(s)://domain.com/...`` among 3 CouchDB cluster nodes +at ``localhost:15984``, ``localhost:25984`` and ``localhost:35984``. + +Caddy will check the status, i.e. health, of each node every 5 seconds; +if a node goes down, Caddy will avoid proxying requests to that node until it +comes back online. + +.. code-block:: text + + domain.com { + + import /path/to/other/config.caddy # logging, error handling etc. + + proxy / http://localhost:15984 http://localhost:25984 http://localhost:35984 { + policy round_robin + health_check /_up + health_check_duration 5s + try_interval 500ms + timeout 1h Review comment: Confession: I've always had Caddy handle timeouts... 🙈 I use the default setting of 30s The PR-example in question was really my attempt to comply with the existing haproxy config 'spec'; obviously I mistranslated* the `timeout server 3600000` in haproxy. So the haproxy config's `timeout client 150000` i.e. 2.5 minutes setting is the recommended timeout duration? > Turns out that this is actually not a good option performance-wise for CouchDB right now \* In my defense, yeah, this ^ is kinda weird :) ------------ Below is the _actual_ config I'm running in prod commented with definitions and some defaults included for added clarity. ``` proxy /db 127.0.0.1:5984 {$REMOTE_COUCH_ONE} {$REMOTE_COUCH_TWO} { # My custom LB settings [Caddy default setting in brackets] policy least_conn # Select backend with fewest active connections [random] fail_timeout 30s # How long to remember a failed request to a backend [0s] max_fails 2 # Failed reqs within fail_timeout to consider a backend down [1] try_duration 10s # How long client may hang as proxy looks for a backend [0s] # Caddy default LB settings (included for reference) timeout 30s # duration before timing out the connection to upstream try_interval 250ms # how long to wait between selecting another upstream host # Health check settings health_check /_up # ... health_check_interval 10s # ... health_check_timeout 15s # Deadline to respond, otherwise req is a failure # Header settings for requests to CouchDB transparent header_upstream X-Forwarded-Ssl on header_upstream -Authorization # Header settings for response back to client header_downstream X-Lol-Its {$API_INSTANCE_ID} # ID for load testing header_downstream -Server # Remove server header without /db } ``` Here's the [documentation on Caddy's http.proxy](https://caddyserver.com/docs/proxy#syntax) directive, for further reference. It'd be great if we can knock out a high-performance example together - let me know what you think! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
