We have on-premise 3-nodes cluster for devs in our office: 6.1.467, WinSrv2016. Everything works fine. Now we need to configure built-in service fabric reverse proxy (port 19081). For example, increase proxy timeout (now it is 120s) or enable client affinity. But I cannot find any information about how to do it.
Can anyone help to solve this?
I dont think there is a configuration for client affinity.
I suggest you use dedicated load balancer for it. You can use naming service to query the address of your service and manage affinity at load balancer level.
Related
I am new to Weblogic.I was experimenting on the load balancing capabilities of WLS.I used a proxy plugin provided by default as a load balancer.
I want to check which server in a cluster gets the request from the proxy server every time I reload my site.
When I use "request.getServerPort()" I am getting the proxy server's port, but what I want is the managed server's port.
Have you tried request.getLocalPort()?
I was looking at Mesos + Marathon to manage Docker containers.
What we're trying to achieve is a way of getting an external DNS entry (test.example.com) to point to a specific set of docker containers.
The DNS entry for test.example.com points to a load balancer which translate and send the connection to one of our backend servers app.
To do this I looked into Mesos-dns. With mesos-dns I can get DNS name for each container and can resolve DNS with container IP but couldn't find out way to load balance between set of servers.
Can someone confirm if Mesos-dns provides load balancing? If yes, how can I achieve load balancing with it?
Do I need to use some other solutions like HAProxy or Bamboo to achieve this?
Thanks!!
Sumit
Yes with Mesos-DNS you can do load balancing, see for example the respective HTTP API endpoints, but it's really not recommended in the context of DC/OS: see the internal (Minuteman) and external (Marathon-lb, HAProxy-based) load balancing and service discover options in the docs.
i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)
We usually blacklist IPs address with iptables. But in Amazon EC2, if a connection goes through the Elastic Load Balancer, the remote address will be replaced by the load balancer's address, rendering iptables useless. In the case for HTTP, apparently the only way to find out the real remote address is to look at the HTTP header HTTP_X_FORWARDED_FOR. To me, blocking IPs at the web application level is not an effective way.
What is the best practice to defend against DoS attack in this scenario?
In this article, someone suggested that we can replace Elastic Load Balancer with HAProxy. However, there are certain disadvantages in doing this, and I'm trying to see if there is any better alternatives.
I think you have described all the current options. You may want to chime in on some of the AWS forum threads to vote for a solution - the Amazon engineers and management are open to suggestions for ELB improvements.
If you deploy your ELB and instances using VPC instead of EC2-classic, you can use Security Groups and Network ACLs to restrict access to the ELB.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/USVPC_ApplySG.html
It's common to run an application server behind a reverse proxy. Your reverse proxy is layer you can use to add DoS protection before traffic gets to your application server. For Nginx, you can look at the rate limiting module as something that could help.
You could set up an EC2 host and run haproxy there by yourself (that's what Amazon is using anyways!). Then you can apply your iptables-filters on that system.
Here's a tool I made for those looking to use Fail2Ban on aws with apache, ELB, and ACL: https://github.com/anthonymartin/aws-acl-fail2ban
Situation
I have a windows service which I would like to make highly available.
I have two unclustered servers (Windows server 2003 standard edition).
The question is:
What options do I have to make my service highly available in an automated way?
I can think of the asymmetric master-slave option which consists of keeping the service running on both machines with a communication heartbeat between them so one acts as the master and the slave takes over automatically whenever the master does not respond.
Do you know any other ways to implement this?
note: Please don't point me to this answer, I do NOT/won't/can't have clusters.
If you're windows service is hosting a web/wcf service, you can configure your client to have a primary service url and a secondary service url. Then you can modify the client connection logic to use the secondary service when connection to the primary service fails.
You can do this transparently by adding a router service which will do the logic above. Basically proxying the operations for whichever service it is connected to. But this adds another point of failure, the router service.
The simplest i cant think of is to make sure to set the service recovery options on your windows service/s. Something like this http://code.google.com/p/daemoniq/wiki/WindowsServiceRecoveryOptions
HTH
I suggest checking MS Patterns and Practices web site, there you could find advice on this topic (for example http://msdn.microsoft.com/en-us/library/ms998414.aspx)