Load balancing the load balancers [closed] - load-balancing

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 months ago.
Improve this question
Currently I have a system where I have installed HAProxy on one machine and my other 3 machines serves the webapps and the fourth machine for the database. Now I need to add another load balancer in my system so that any one of the load balancer could pick the request and process it.
But I don't understand how exactly are we going to configure a second load balancer if my domain say example.com is pointing to the IP address which is the load balancer currently. When I add a second load balancer
Will there be any third machine where something needs to be installed so that it can redirect the request to one of my load balancer? Again if this is so, it again is a single point of failure and creates a bottle neck.
If at all I am going to have 2 machines running load balancers then how exactly is the request going to come in because both machines will anyway have different IP.

This sort of thing is generally achieved by either putting both load balancers in DNS ("round-robin DNS") so a lookup for app.example.com might resolve to either lb1.example.com or lb2.example.com, or by having an anycast IP address that can route to any individual load balancer (where the one chosen depends on the network topology between a client and the load balancer).

Related

DNS - Pointing A Record to new IP for SSL Certificate [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I have a subdomain sub.domain.co.uk that points to my server ip address lets say 192.0.2.1 currently this just uses http.
I have a need to make this use https/ssl so I have purchased my SSL but my server host have advised I need to point my url sub.domain.co.uk to a different IP in order for the SSL to work so I can hook it up in IIS.
So now I need to point sub.domain.co.uk to 192.0.2.2
So the only way forward I can see is that I go into my DNS settings in 123 reg and change my sub.domain.co.uk A record from 192.0.2.1 to 192.0.2.2
And incurr the downtime/propagation that comes with that.
Am I missing something, is there a better way to do this without incurring downtime?
For example, could I just add a second A NAME, for the same sub domain, e.g...
sub 192.0.2.1
sub 192.0.2.2
and in IIS just point my SSL to the second one, or would that confuse browsers?
Any help appreciated in advance
I believe I have solved this myself after a little research.
So I have two websites in IIS with an SSL that are using * as the ip address, meaning use any unassigned ip's.
So when I tried to add the SSL to the second website it complains saying that cause issues with the bindings on the first.
So if I just tick the little box that says 'Require Server Name Indication' on my second IIS bindings (when applying the SSL) it works perfectly.
Great article on Server Name Indication below (SNI)
https://www.cloudflare.com/learning/ssl/what-is-sni/

Packet loss for custom domain [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I have a custom domain (busymusic.ga) for php-javani.rhcloud.com domain. Because I want a https connection and don't have this feature with custom domain Openshift (that's right?) used CloudFlare. Set CloudFlare DNS address in domain panel, then create a cname record in CloudFlare like this:
But know when pinging busymusic.ga about 91% of packets lost (test it for long time) while when pinging php-javani.rhcloud.com I don't have this problem.
Could you please help me to solve this problem?
You'll want to open a support ticket directly with CloudFlare so our support team can look into this further. P.S. I work at CloudFlare.
Also, to note: ping won't be an accurate measurement if network quality. See: https://support.cloudflare.com/hc/en-us/articles/200169826-Why-am-I-seeing-timeouts-pinging-my-site-on-CloudFlare-
We ratelimit ICMP traffic, but that in no way indicates an actual problem.

I'm thinking of blocking access to every part of my site other than these (SSH/HTTP). Is this a good idea? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I think this should be standard for everybody to do anyway, but maybe I'm missing something.
I want to block access to my site through every port/method/protocol except a select few methods:
This includes blocking use of the IP address rather than the domain name. So visits to 123.55.123.66 and ssh://123.55.123.66 will always fail.
Also, blocking all FTP access
These only will be allowed:
(1) http://domain.com
(2) https://domain.com
(3) ssh://ssh-access.domain.com
So SSH is only available at this subdomain, so people can't hit SSH from the IP or the same domain that is publicly available.
Also, http://ssh-access.domain.com would fail.
No access to FTP, Telnet anything.
Is this a good idea?
Because I can't even think of all the different ports/protcols available, I think it's best to block all except the above listed (rather than block all FTP, SSH etc.).
Also, if anyone has any pointers as to how I would code this, that would be great. I'm guessing it's best to do it in Apache (or Ubuntu).
You cannot "visit" ssh://123.55.123.66 in the proper sense (i.e. with a web browser) and, although some file browsers offer this extension, Apache is not involved in the connection (instead, the SSH daemon is). Moreover, SSH daemon has no notion of "(sub)domain".
That said, you can configure SSH daemon to listen only on the "remote access" IP address (bind it to that address).
For the website, you can adapt the appropriate Mod-Security rules to deny access to people/bots trying to access the website by IP address, rather than by web address.

Can't browse to my EC2 Instance [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've just (about 1 hour ago) associated an Elastic IP to my instance at Amazon EC2. If I SSH into my instance and type lynx localhost I can see that apache is responsive because I see the It works page.
However, If I browse into my instance (both via the IP itself and via the public DNS Amazon has created for me), I get Oops! Google Chrome could not connect to.. bla bla...
Should I wait some more time (in case it's due to some DNS thing) or does this indicate something is wrong?
Thanks in advance
EDIT: When I ssh into my instance, I use the full IP address and it works... (the Elastic IP I mean).
You must config the firewall to open the HTTP port.
To be more specific, for AWS this is done via Security Groups. You should create one with the ports you need opened. In most cases that's the por 80 for TCP.
You can see how to achieve this on the documentation http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
First identify the security group of the Ec2 instance.
Next click on the security groups link in the bottom left nav.
Select the security group under which this EC2 instance lies,
and add Inbound rules by specifying the port or a custom port range.
For those of you using Centos (and perhaps other linux distibutions), you need to make sure that its FW (iptables) allows for port 80 or any other port you want.
See here on how to completely disable it (for testing purposes only!).
And here for specific rules

nginx and apache web servers [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
This question is not nginx vs apache. I am more interested in the architectural advantages of NGinx over Apache. As I was able to understand -
nginx is an asynchronous, event-driven, web-server which outperforms Apache by a huge margin.
Why is this? Where does Apache fall behind?
There is no single reason why nginx strictly "outperforms" Apache. For many load patterns you may configure Apache so that it handles this load. For some (very busy) load patterns nginx in default configuration can exhibit performance degradations, and can require fine tuning to work right.
However, it has been the experience of many, that nginx actually works "better" out of the box, or with simple tuning. Many systems' performance clearly improved when nginx was installed as a front-end, with Apache moved to back end.
The primary reason is that nginx is event-driven, and contains the state machine which handles the lifecycle of connections. That way, you can have very few "worker" processes, each handling many hundreds or even thousands of connections simultaneously. For Apache you will have to run the same number of child processes (or threads) as the number of connections.
It is obvious that three processes against a thousand processes should be a huge win, at very least.
In particular, nginx easily allows to greatly reduce the load of serving static files (images, Javascript, CSS). Handling each additional connection in nginx is very cheap, so as the static files are usually a majority in terms of number of requests, you get efficient processing.
Also, nginx performance is better for "slow clients". When you have Apache looking straight to the Internet, and clients send requests over (congested) lines, your (fast) server will have to patiently feed the (slow) client, waiting until it consumes the entire response. Thus the Apache child (or thread) cannot do anything useful. Nginx worker, on the other hand, simply keeps this slow connection in epoll set of descriptors, all the while processing other connections.
From the conceptual point of view, you should always try to separate the "classes" of requests, with their own performance profile and demands. E.g., serving small static files is one of such classes; serving dynamic pages is another such class; serving huge static files is yet another. Introducing nginx to your system implicitly handles this separation.