Briq
/
multiparty-meeting
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
multiparty-meeting/HAproxy.md

2.9 KiB
Raw Blame History

Howto deploy a (room based) loadbalanced cluster

We use in this example an HA proxy loadbalancer to loadbalance between 3 backend server The static web will be loadbalanced rounrdobin, and the websocket(signaling) and the media will be loadbalnced based on roomId URL parameter.

IP and dns

In this basic example we use the following names and ips:

Backend

  • mm1.example.com <=> 192.0.2.1
  • mm2.example.com <=> 192.0.2.2
  • mm3.example.com <=> 192.0.2.3

Redis

  • redis.example.com <=> 192.0.2.4

LoadBalncer HAproxy

  • meet.example.com <=> 192.0.2.5

Deploy multiple backend/worker

For example with ansible Read more here: mm-ansible asciicast

Setup redis for central session store

Use one redis for all multiparty meeting

  • Deploy a redis cluster so use one redis HA cluster for all instances.
    • We will use in our actual example 192.0.2.4 as redis HA cluster ip. It is out of scope howto deploy it.

OR

  • Just for testing you can use one of the redis from the worker's. e.g. If you plan only for testing on your first worker

    • Configure redis configs/redis/redis.conf to not only bind to your loopback but also to your global ip address too:

      bind 192.0.2.1

      And use 192.0.2.1 where we use in this example 192.0.2.4

    • modify /etc/ferm/ferm.cfg or where ever your firewall config is to allow incoming redis

      chain INPUT {
        policy DROP;

        saddr mm2.example.com proto tcp dport 6379 ACCEPT;
        saddr mm3.example.com proto tcp dport 6379 ACCEPT;
    }

  • Use password or if you don't (like in this basic example) take care and use strict firewall rules

Setup backends/workers

Setup App config

mm/configs/app/config.js

multipartyServer : 'meet.example.com',

Setup Server config

mm/configs/server/config.js

redisOptions : { host: '10.0.2.4'},
listeningPort: 80,
httpOnly: true,
trustProxy           : ['10.0.2.5'],

Deploy host with HA proxy

  • configure cerificate / letsencrypt for your meet.example.com

    • in this example we put concat the privkey and full cert chain to /root/fullchain.pem.

  • Install and setup haproxy

    apt install haproxy

  • Add to /etc/haproxy/haproxy.cfg config

backend multipartymeeting
    balance url_param roomId
    hash-type consistent

    server mm1 192.0.2.1:80 check maxconn 20 verify none
    server mm2 192.0.2.2:80 check maxconn 20 verify none
    server mm3 192.0.2.3:80 check maxconn 20 verify none

frontend meet.example.com
    bind 192.0.2.5:80
    bind 192.0.2.5:443 ssl crt /root/fullchain.pem
    http-request redirect scheme https unless { ssl_fc }
    reqadd X-Forwarded-Proto:\ https
    default_backend multipartymeeting