This example will show how to setup an HA proxy to provide load balancing between several multiparty-meeting servers.
In this basic example we use the following names and ips:
mm1.example.com
<=>192.0.2.1
mm2.example.com
<=>192.0.2.2
mm3.example.com
<=>192.0.2.3
redis.example.com
<=>192.0.2.4
meet.example.com
<=>192.0.2.5
This is most easily done using Ansible (see below), but can be done in any way you choose (manual, Docker, Ansible).
Read more here: mm-ansible
- Deploy a Redis cluster for all instances.
- We will use in our actual example
192.0.2.4
as redis HA cluster ip. It is out of scope howto deploy it.
- We will use in our actual example
OR
- For testing you can use Redis from one the multiparty-meeting servers. e.g. If you plan only for testing on your first multiparty-meeting server.
-
Configure Redis
redis.conf
to not only bind to your loopback but also to your global ip address too:bind 192.0.2.1
This example sets this to
192.0.2.1
, change this according to your local installation. -
Change your firewall config to allow incoming Redis. Example (depends on the type of firewall):
chain INPUT { policy DROP; saddr mm2.example.com proto tcp dport 6379 ACCEPT; saddr mm3.example.com proto tcp dport 6379 ACCEPT; }
-
Set a password, or if you don't (like in this basic example) take care to set strict firewall rules
-
mm/configs/server/config.js
redisOptions : { host: '192.0.2.4'},
listeningPort: 80,
httpOnly: true,
trustProxy : ['192.0.2.5'],
-
Configure certificate / letsencrypt for
meet.example.com
- In this example we put a complete chain and private key in /root/certificate.pem.
-
Install and setup haproxy
apt install haproxy
-
Add to /etc/haproxy/haproxy.cfg config
backend multipartymeeting balance url_param roomId hash-type consistent server mm1 192.0.2.1:80 check maxconn 20 verify none server mm2 192.0.2.2:80 check maxconn 20 verify none server mm3 192.0.2.3:80 check maxconn 20 verify none frontend meet.example.com bind 192.0.2.5:80 bind 192.0.2.5:443 ssl crt /root/certificate.pem http-request redirect scheme https unless { ssl_fc } reqadd X-Forwarded-Proto:\ https default_backend multipartymeeting