![]() ![]() You can use the ip_hash module ↗ to encourage session persistence and split the load evenly (more like proper active load balancing than the failover scenario above) - however this module has a few drawbacks listed in an article here ↗:Ĭollisions as it only uses the 3 first numbers of the IP for the hash. ![]() You can of course add more upstream servers by simply adding them to the upstream section - you will also notice we are running in active-backup, this is important to preserve sessions otherwise logins don’t work as the requests get split across the two servers. # enable reverse proxy proxy_redirect off proxy_set_header Host $http_host proxy_set_header X-Real-IP $remote_addr proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for client_max_body_size 10 m client_body_buffer_size 128 k client_header_buffer_size 64 k proxy_connect_timeout 90 proxy_send_timeout 90 proxy_read_timeout 90 proxy_buffer_size 16 k proxy_buffers 32 16 k proxy_busy_buffers_size 64 k upstream hrz-view-cluster I assume you have your linux VM installed (say Ubuntu), static IP assigned and DNS setup point to this address. So to get down to it, here’s a rough topology of what your config would look like: Why is this important? It means you can use one address e.g: to act as a proxy for all the backend security and/or connection servers for your users, one address is simpler to use and remember, for you, it streamlines configuration. For our case, using NginX is more than adequate - please note some people use HAProxy, I don’t recommend this as it does not have native SSL (so HTTPS) support until v1.5 which is yet to be released. You could buy a hardware or VM load balancer from F5, Citrix, Barracuda but that will run into the £1,000’s if not £10,000’s. The best way I have found to load-balance incoming connections (both internally and externally) is to set up a linux VM and run NginX ↗, which is a reverse caching proxy - it allows us to terminate the SSL connections and load-balance across our backend View Security Servers in a DMZ. I have been deploying a VDI solution recently based on the fantastic VMWare Horizon Suite ↗, one of the important points of deploying the Horizon View ↗ component of this is making it highly available and accessible from the outside for on-the-road users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |