Linux reverse proxy
- Former user (Deleted)
- Former user (Deleted)
Owned by Former user (Deleted)
Ubisecure suggests you use HAProxy as reverse proxy, however you can use what product you want. Just keep in mind following principles:
- For High availability setup, SSO node 2 should be passive, so no queries there unless SSO node 1 fails
- For High availability, high performance setup, all SSO nodes are active
High Availability Setup (HAProxy example)
#---------------------------------------------------------------------
# backend servers
#---------------------------------------------------------------------
#
backend sso-backend
mode http
option forwardfor except 127.0.0.0/8
cookie SERVERID insert indirect nocache
option httpchk GET /uas/ping HTTP/1.1\r\nHost:\ login.custom.com
http-check expect status 200
balance roundrobin
#
server sso01.example.com sso01.example.com:8080 check cookie 270c5ec20f147b7fbb856c363a80f4b37073d342 weight 10000000
server sso02.example.com sso02.example.com:8080 check cookie 4bd383a4b37f314fcfc6791ecffa5e1b5474c6a4 weight 1
#
High Availability, High Performance Setup (HAProxy example)
#---------------------------------------------------------------------
# backend servers
#---------------------------------------------------------------------
#
backend sso-backend
mode http
option forwardfor except 127.0.0.0/8
cookie SERVERID insert indirect nocache
option httpchk GET /uas/ping HTTP/1.1\r\nHost:\ login.custom.com
http-check expect status 200
balance roundrobin
#
server sso01.example.com sso01.example.com:8080 check cookie 270c5ec20f147b7fbb856c363a80f4b37073d342 weight 10
server sso02.example.com sso02.example.com:8080 check cookie 4bd383a4b37f314fcfc6791ecffa5e1b5474c6a4 weight 10
#