Close
Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

PIVOTAL LABS
[SF] Standup 4/25/2012: Haproxymations

Ask for Help

What’s the best way to think about redirects for API calls? e.g. You post to create an object, what should you get in return?

The crowd: Some concensus emerged around: send back a 201 with a location header pointing to the url for the object and a body containing the object itself.

Mongoid’s atomic operations don’t trigger hooks (before_save, after_save, etc…)

The crowd: Crickets…

haproxy, like nginx, can pass http connection through with the header ‘X-Forwarded-For’ set so that it is possible for the app to know the original client IP. But haproxy doesn’t have support for serving as an SSL endpoint, so https:// connections are proxied in tcp mode instead of http mode. And no headers can be added because the request remains encrypted.

Some solutions:

  • Terminate the SSL connection in front of haproxy. PIvots suggested doing this via an additional nginx instance. Online resources show how to do this using stunnel. (http://www.completefusion.com/ssl-load-balancing-with-haproxy-and-stunnel-on-debian/)

  • Use nginx as the load balancer and discontinue using haproxy, or find a load balancer that fully supports SSL.

  • Build HAProxy with TPROXY support. http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/

Comments
  1. Cody says:

    The Bump guys released STUD which they use as an SSL/TLS terminator.

    https://github.com/bumptech/stud

Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *