Linux reverse proxy - SSO
Ubisecure suggests you use HAProxy as reverse proxy, however you can use what product you want. Just keep in mind following principles:
- For High availability setup, SSO node 2 should be passive, so no queries there unless SSO node 1 fails
- For High availability, high performance setup, all SSO nodes are active
High availability setup (HAProxy example)
#--------------------------------------------------------------------- # backend servers #--------------------------------------------------------------------- # backend sso-backend mode http option forwardfor except 127.0.0.0/8 cookie SERVERID insert indirect nocache option httpchk GET /uas/ping HTTP/1.1\r\nHost:\ login.custom.com http-check expect status 200 balance roundrobin # server sso01.example.com sso01.example.com:8080 check cookie 270c5ec20f147b7fbb856c363a80f4b37073d342 weight 10000000 server sso02.example.com sso02.example.com:8080 check cookie 4bd383a4b37f314fcfc6791ecffa5e1b5474c6a4 weight 1 #
High availability, high performance setup (HAProxy example)
#--------------------------------------------------------------------- # backend servers #--------------------------------------------------------------------- # backend sso-backend mode http option forwardfor except 127.0.0.0/8 cookie SERVERID insert indirect nocache option httpchk GET /uas/ping HTTP/1.1\r\nHost:\ login.custom.com http-check expect status 200 balance roundrobin # server sso01.example.com sso01.example.com:8080 check cookie 270c5ec20f147b7fbb856c363a80f4b37073d342 weight 10 server sso02.example.com sso02.example.com:8080 check cookie 4bd383a4b37f314fcfc6791ecffa5e1b5474c6a4 weight 10 #