I have 3 web servers (Apache) which are behind vip (Apache, serving as a reverse proxy). We dont want LB to serve traffic if the anyone of web server which has 501 error.
How can I do that automatically.
PS: I am thinking is to use health checks as part of mod_proxy (under balancemember attribute).
I afraid you use wrong tool for LB. Apache can do that but it's not designed specially for that. My suggestion is to use HAProxy which is typical software for that situation.
If you need help with HAProxy just write. I could try to help but not ealier then on weekend.
ps. I created this account just to answer you :) I really know what I'm talking about. You want to use HAProxy instead of apache.
Related
I have a nodeJS web application with Express running on a Digital Ocean droplet.The nodeJs application provides back-end API's. I have two react front-ends that utilise the API's with different domains. The front-ends can be hosted on the same server, but my developer tells me I should use another server to host the front-ends, such as cloudflare.
I have read that nginX can enable hosting multiple sites on the same server (i.e. host my front-ends on same server) but unsure if this is good practice as I then may not be able to use cloudflare.
In terms of security could someone tell me If I need nginx, and my options please?
Thanks
This is a way too open-ended question but I will try to answer it:
In terms of security could someone tell me If I need nginx, and my
options please?
You will need Nginx (or Apache) on any scenario. With one server or multiple. Using Express or not. Express is only an application framework to build routes. But you still need a service that will respond to network requests. This is what Nginx and Apache do. You could avoid using Nginx but then your users would have to make the request directly to the port where you started Express. For example: http://my-site.com:3000/welcome. In terms of security you would better hide the port number and use a Nginx's reverse proxy so that your users will only need to go to http://my-site.com/welcome.
my developer tells me I should use another server to host the
front-ends, such as cloudflare
Cloudflare does not offer hosting services as far as I know. It does offer CDN to host a few files but not a full site. You would need another Digial Ocean instance to do so. In a Cloudflare's forum post I found: "Cloudflare is not a host. Cloudflare’s basic service is a DNS provider, where you simply point to your existing host.".
I have read that nginX can enable hosting multiple sites on the same
server
Yes, Nginx (and Apache too) can host multiple sites. With different names or the same. As domains (www.my-backend.com, www.my-frontend.com) or subdomains (www.backend.my-site.com, www.my-site.com) in the same server.
... but unsure if this is good practice
Besides if it is a good or bad practice, I think it is very common. A few valid reasons to keep them in separated servers would be:
Because you want that if the front-end fails the back-end API continues to work.
Because you want to balance network traffic.
Because you want to keep them separated.
It is definitively not a bad practice if both applications are highly related.
when https is used on openshift, is my tomcat behind an apache server?
I mean does my clients connect to my tomcat directly or they connect to the apache server, and then the apache server connect to my tomcat through AJP connector?
If apache is the man in the middle, then I will not get my clients' IP address directly, but with x-forward http header. And I lose the control over certificate verification and trust management. At present, I am using mochahost's server. https does not get to my tomcat, but intercepted by an apache. I hate this.
Previously, I used another hosting service, even 2 apache servers are at front of my tomcat server. Even more ridiculous that 2 apache servers and my tomcat servers are on the same machine. This kind of configuration can only show the system architecture does not have the right ability to manage the whole thing.
By the way, I am talking about the Bronze/Silver plan. I guess Openshift is not different though I have not tried it yet. Anyone has a clear answer to my question?
https is against the man in the middle, but with tomcat server, in this world, there is no service that you can avoid the man in the middle. It is not because technology does not allow, but the people in charge does not really understand the thing, so not able and not willing to provide the right service.
I want to ask: if you use tomcat server, is there any hosting service provider who does not act as a man in the middle? No. There is none on this world at present (May 2014)!
jack
There is an apache reverse proxy located in front of your tomcat instance that does ssl termination. The Apache instance is at the node level, then tomcat runs on your gear.
I have a setup, with tomcat running on port 8080 and apache webserver running on port 80.
So if I access http://localhost:8080/myapplication/ , it works.
But I need to be able to make it like : http://localhost/application/, but since my http web server runs on port 80, it seems that i need some re-direction logic or changes at the tomcat to achieve this.
Can anyone please suggest i way out. Thanks.
UPDATE:
Just found that there is already a solution provided here: How do I redirect from Apache to Tomcat?
You need to look at the Tomcat-Apache HOWTO.
It is entirely possible and in fact quite common for apache and tomcat to be used in combination by the tactics described in this page.
And this question really probably belongs on serverfault...
Since you mentioned about "users", I am guessing you are implying "hostname", when you mention "localhost". If you have a Load Balancer and a user friendly DNS name that you would give to the users, you can configure your Load Balancer software to route all requests to "hostnameyougavetotheUsers" to "yourinternalhostname:8080".
I am hosting two web pages in my server. One is running on Apache and the another one on Glassfish. By now I solve the redirection problem making the Glassfish server to listen on a port distinct than the 80. The problem is that I think my web users have a firewall blocking those ports so they can´t access the GlassFish web. Which way would you recommend me to take in order to make a URL request-based redirection? I want to make the glassfish web a subdomain of the Apache one, being both running at the same IP.
If I have not been sufficiently clear with my question, please let me know
Thank you for your time.
Have you tried modifying the domain or using subdomains? If one application is eg. at http://subdomain1.yourdomain.net and another at http://subdomain2.yourdomain.net it should do the trick without any problems. Or try http://yourdomain.net for your main program and http://yourdomain.net/somecontext for sub program. That looks meaningful also for the service user.
Tick the answer if you got help :)
I have been looking around to figure out how to configure Glassfish front ended with Apache. And most of the tutorials using the load balancing plug in is making me enable SSL on Apache. I am trying to understand the connection. I should be able to do non SSL communications when I dont have a need for SSL.
There are several blog posts showing how you can use Apache in front of Glassfish. There are several options and depending on your needs, different strategies might be the most appropriate.
I've used Apache with mod_jk which forwards requests to Glassfish - both https and regular http. Lots of good references here.
It's possible to use other modules in Apache also like mod_proxy, but again the requirements you have will flesh out the most appropriate.
Glassfish also have pretty good http engine inside of it where you can configure virtual hosts like in apache. If the load on the Glassfish server isn't to big, you might consider just using Glassfish without anything in front of it.
You can also use the Sun Java System Web Server SJSWS instead of Apache. Despite it's atrocious name, it is just Sun's web server (free to use). It can be used as a reverse proxy (PDF). The SJWS/Glassfish combination is presumably tested really well by Sun.