From 35c2bc7dd84943eb966c065dfb80fec9d913439e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Tue, 31 Mar 2020 00:22:48 +0200 Subject: [PATCH] Add HAproxy doc --- HAproxy.md | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 HAproxy.md diff --git a/HAproxy.md b/HAproxy.md new file mode 100644 index 0000000..acc88e4 --- /dev/null +++ b/HAproxy.md @@ -0,0 +1,109 @@ +# Howto deploy a (room based) loadbalanced cluster + +We use in this example an HA proxy loadbalancer to loadbalance between 3 backend server +The static web will be loadbalanced rounrdobin, and the websocket(signaling) and the media will be loadbalnced based on roomId URL parameter. + +## IP and dns + +In this basic example we use the following names and ips: + +### Backend + +* `mm1.example.com` <=> `192.0.2.1` +* `mm2.example.com` <=> `192.0.2.2` +* `mm3.example.com` <=> `192.0.2.3` + +### Redis + +* `redis.example.com` <=> `192.0.2.4` + +### LoadBalncer HAproxy + +* `meet.example.com` <=> `192.0.2.5` + +## Deploy multiple backend/worker + +For example with ansible +Read more here: [mm-ansible](https://github.com/misi/mm-ansible) +[![asciicast](https://asciinema.org/a/311365.svg)](https://asciinema.org/a/311365) + +## Setup redis for central session store + +### Use one redis for all multiparty meeting + +* Deploy a redis cluster so use one redis HA cluster for all instances. + * We will use in our actual example `192.0.2.4` as redis HA cluster ip. + It is out of scope howto deploy it. + +OR + +* Just for testing you can use one of the redis from the worker's. +e.g. If you plan only for testing on your first worker + * Configure redis configs/redis/redis.conf to not only bind to your loopback but also to your global ip address too: + + ``` plaintext + bind 192.0.2.1 + ``` + + And use `192.0.2.1` where we use in this example `192.0.2.4` + + * modify /etc/ferm/ferm.cfg or where ever your firewall config is to allow incoming redis + + ``` plaintext + chain INPUT { + policy DROP; + + saddr mm2.example.com proto tcp dport 6379 ACCEPT; + saddr mm3.example.com proto tcp dport 6379 ACCEPT; + } + ``` + +* **Use password or if you don't (like in this basic example) take care and use strict firewall rules** + +## Setup backends/workers + +### Setup App config + +mm/configs/app/config.js + +``` js +multipartyServer : 'meet.example.com', +``` + +### Setup Server config + +mm/configs/server/config.js + +``` js +redisOptions : { host: '10.0.2.4'}, +listeningPort: 80, +httpOnly: true, +trustProxy : ['10.0.2.5'], +``` + +## Deploy host with HA proxy + +* configure cerificate / letsencrypt for your meet.example.com + * in this example we put concat the privkey and full cert chain to /root/fullchain.pem. +* Install and setup haproxy + + `apt install haproxy` + +* Add to /etc/haproxy/haproxy.cfg config + +``` plaintext +backend multipartymeeting + balance url_param roomId + hash-type consistent + + server mm1 192.0.2.1:80 check maxconn 20 verify none + server mm2 192.0.2.2:80 check maxconn 20 verify none + server mm3 192.0.2.3:80 check maxconn 20 verify none + +frontend meet.example.com + bind 192.0.2.5:80 + bind 192.0.2.5:443 ssl crt /root/fullchain.pem + http-request redirect scheme https unless { ssl_fc } + reqadd X-Forwarded-Proto:\ https + default_backend multipartymeeting +```