Briq
/
multiparty-meeting
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add HAproxy doc

master
Mészáros Mihály 2020-03-31 00:22:48 +02:00
parent 539813b464
commit 6c2efc6d04
1 changed files with 109 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
HAproxy.md 100644
View File

@ -0,0 +1,109 @@
# Howto deploy a (room based) loadbalanced cluster
We use in this example an HA proxy loadbalancer to loadbalance between 3 backend server
The static web will be loadbalanced rounrdobin, and the websocket(signaling) and the media will be loadbalnced based on roomId URL parameter.
## IP and dns
In this basic example we use the following names and ips:
### Backend
* `mm1.example.com` <=> `192.0.2.1`
* `mm2.example.com` <=> `192.0.2.2`
* `mm3.example.com` <=> `192.0.2.3`
### Redis
* `redis.example.com` <=> `192.0.2.4`
### LoadBalncer HAproxy
* `meet.example.com` <=> `192.0.2.5`
## Deploy multiple backend/worker
For example with ansible
Read more here: [mm-ansible](https://github.com/misi/mm-ansible)
[![asciicast](https://asciinema.org/a/311365.svg)](https://asciinema.org/a/311365)
## Setup redis for central session store
### Use one redis for all multiparty meeting
* Deploy a redis cluster so use one redis HA cluster for all instances.
* We will use in our actual example `192.0.2.4` as redis HA cluster ip.
It is out of scope howto deploy it.
OR
* Just for testing you can use one of the redis from the worker's.
e.g. If you plan only for testing on your first worker
* Configure redis configs/redis/redis.conf to not only bind to your loopback but also to your global ip address too:
``` plaintext
bind 192.0.2.1
```
And use `192.0.2.1` where we use in this example `192.0.2.4`
* modify /etc/ferm/ferm.cfg or where ever your firewall config is to allow incoming redis
``` plaintext
chain INPUT {
policy DROP;
saddr mm2.example.com proto tcp dport 6379 ACCEPT;
saddr mm3.example.com proto tcp dport 6379 ACCEPT;
}
```
* **Use password or if you don't (like in this basic example) take care and use strict firewall rules**
## Setup backends/workers
### Setup App config
mm/configs/app/config.js
``` js
multipartyServer : 'meet.example.com',
```
### Setup Server config
mm/configs/server/config.js
``` js
redisOptions : { host: '10.0.2.4'},
listeningPort: 80,
httpOnly: true,
trustProxy : ['10.0.2.5'],
```
## Deploy host with HA proxy
* configure cerificate / letsencrypt for your meet.example.com
* in this example we put concat the privkey and full cert chain to /root/fullchain.pem.
* Install and setup haproxy
`apt install haproxy`
* Add to /etc/haproxy/haproxy.cfg config
``` plaintext
backend multipartymeeting
balance url_param roomId
hash-type consistent
server mm1 192.0.2.1:80 check maxconn 20 verify none
server mm2 192.0.2.2:80 check maxconn 20 verify none
server mm3 192.0.2.3:80 check maxconn 20 verify none
frontend meet.example.com
bind 192.0.2.5:80
bind 192.0.2.5:443 ssl crt /root/fullchain.pem
http-request redirect scheme https unless { ssl_fc }
reqadd X-Forwarded-Proto:\ https
default_backend multipartymeeting
```