New Project - Thoughts? (CentOS, HAProxy, Load Balance)...

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Yes, I get the merit of load balancing. If I am load balancing over multiple VMs on multiple physical boxes, as soon as a host/VM is dead, the load balancer takes the server/VM out of the pool of where to direct clients. One request or so dropped. Very small downtime.

No, you are mixing the concepts back together. He just split them out for you. Failover does what you want, LB does not.

scottalanmiller

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

Right, yes, and that's why HA-Proxy doesn't have Load Balancing in its name, but rather High Availability. Because failover is its primary use case.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

Right, yes, and that's why HA-Proxy doesn't have Load Balancing in its name, but rather High Availability. Because failover is its primary use case.

So NGINX over HAProxy? Or something else?

JaredBusch

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

scottalanmiller

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

JaredBusch

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

No Scott, multiple servers on the LAN behind only 2 WAN IP addresses. Cloudflare has no visibility into this. This is basic.

scottalanmiller

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

No Scott, multiple servers on the LAN behind only 2 WAN IP addresses. Cloudflare has no visibility into this. This is basic.

Oh, I missed that he had only two WAN IP addresses.

Jimmy9008

Hey folks,

I've got this working using CentOS and HAProxy. I also want to do this with Nginx, so will run with that as a lab next week. More I understand that the better. Thanks for sending me down a good path.

Ok, so, with Linux, what is best practice regarding security?
Using CentOS currently. I assume I need to install an AV, what options do I have? From a fresh install, do I need to close any holes? System update has been done already, but I reckon I am missing lots that is a best practice for Linux?

Like i'e said... totally new with Linux so any pointers would be great. Ive seen the guide to Linux admin posted on this site already and will work through that in the coming weeks... but anything I should be wary of? The 'whatever you do, don't do...' sort of thing...

Jimmy9008

In Windows, Remote Access/RDP etc is not enabled OOB. I assume the same in Linux? Unless you can connect to each through a command line/ssh or something, which maybe needs to be enabled/disabled etc...

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

In Windows, Remote Access/RDP etc is not enabled OOB. I assume the same in Linux? Unless you can connect to each through a command line/ssh or something, which maybe needs to be enabled/disabled etc...

Linux has no default, it is the distros here that would have a default. CentOS defaults to SSH enabled. Most places leave it enabled. But certainly not all.