Cleaning

2020-03-31 21:27:21 +02:00 · 2020-03-31 21:27:21 +02:00 · bac00a87e1
parent 35c2bc7dd8
commit bac00a87e1
1 changed files with 41 additions and 41 deletions
--- a/HAproxy.md
+++ b/HAproxy.md
@ -1,9 +1,9 @@
-# Howto deploy a (room based) loadbalanced cluster
+# Howto deploy a (room based) load balanced cluster

-We use in this example an HA proxy loadbalancer to loadbalance between 3 backend server
-The static web will be loadbalanced rounrdobin, and the websocket(signaling) and the media will be loadbalnced based on roomId URL parameter.
+This example will show how to setup an HA proxy to provide load balancing between several
+multiparty-meeting servers.

-## IP and dns
+## IP and DNS

 In this basic example we use the following names and ips:

@ -17,37 +17,37 @@ In this basic example we use the following names and ips:

 * `redis.example.com` <=> `192.0.2.4`

-### LoadBalncer HAproxy
+### Load balancer HAproxy

 * `meet.example.com` <=> `192.0.2.5`

-## Deploy multiple backend/worker
+## Deploy multiple multiparty-meeting servers
+
+This is most easily done using Ansible (see below), but can be done
+in any way you choose (manual, Docker, Ansible).

-For example with ansible
 Read more here: [mm-ansible](https://github.com/misi/mm-ansible)
 [![asciicast](https://asciinema.org/a/311365.svg)](https://asciinema.org/a/311365)

-## Setup redis for central session store
+## Setup Redis for central HTTP session store

-### Use one redis for all multiparty meeting
+### Use one Redis for all multiparty-meeting servers

-* Deploy a redis cluster so use one redis HA cluster for all instances.
-  * We will use in our actual example `192.0.2.4` as redis HA cluster ip.
-    It is out of scope howto deploy it.
+* Deploy a Redis cluster for all instances.
+  * We will use in our actual example `192.0.2.4` as redis HA cluster ip. It is out of scope howto deploy it.

 OR

-* Just for testing you can use one of the redis from the worker's.
-e.g. If you plan only for testing on your first worker
-  * Configure redis configs/redis/redis.conf to not only bind to your loopback but also to your global ip address too:
+* For testing you can use Redis from one the multiparty-meeting servers. e.g. If you plan only for testing on your first multiparty-meeting server.
+  * Configure Redis `redis.conf` to not only bind to your loopback but also to your global ip address too:

    ``` plaintext
    bind 192.0.2.1
    ```

-    And use `192.0.2.1` where we use in this example `192.0.2.4`
+    This example sets this to `192.0.2.1`, change this according to your local installation.

-  * modify /etc/ferm/ferm.cfg or where ever your firewall config is to allow incoming redis
+  * Change your firewall config to allow incoming Redis. Example (depends on the type of firewall):

    ``` plaintext
        chain INPUT {
@ -58,11 +58,11 @@ e.g. If you plan only for testing on your first worker
        }
    ```

-* **Use password or if you don't (like in this basic example) take care and use strict firewall rules**
+  * **Set a password, or if you don't (like in this basic example) take care to set strict firewall rules**

-## Setup backends/workers
+## Configure multiparty-meeting servers

-### Setup App config
+### App config

 mm/configs/app/config.js

@ -70,29 +70,29 @@ mm/configs/app/config.js
 multipartyServer : 'meet.example.com',
 ```

-### Setup Server config
+### Server config

 mm/configs/server/config.js

 ``` js
-redisOptions : { host: '10.0.2.4'},
+redisOptions : { host: '192.0.2.4'},
 listeningPort: 80,
 httpOnly: true,
-trustProxy           : ['10.0.2.5'],
+trustProxy           : ['192.0.2.5'],
 ```

-## Deploy host with HA proxy
+## Deploy HA proxy

-* configure cerificate / letsencrypt for your meet.example.com
-  * in this example we put concat the privkey and full cert chain to /root/fullchain.pem.
+* Configure cerificate / letsencrypt for `meet.example.com`
+  * In this example we put a complete chain and private key in /root/certificate.pem.
 * Install and setup haproxy

  `apt install haproxy`

 * Add to /etc/haproxy/haproxy.cfg config

-``` plaintext
-backend multipartymeeting
+  ``` plaintext
+    backend multipartymeeting
        balance url_param roomId
        hash-type consistent

@ -100,10 +100,10 @@ backend multipartymeeting
        server mm2 192.0.2.2:80 check maxconn 20 verify none
        server mm3 192.0.2.3:80 check maxconn 20 verify none

-frontend meet.example.com
+    frontend meet.example.com
        bind 192.0.2.5:80
-    bind 192.0.2.5:443 ssl crt /root/fullchain.pem
+        bind 192.0.2.5:443 ssl crt /root/certificate.pem
        http-request redirect scheme https unless { ssl_fc }
        reqadd X-Forwarded-Proto:\ https
        default_backend multipartymeeting
-```
+  ```