HAProxy community

Migration from NGINX Plus to HAProxy for E-WorkBook


#1

Hi,
We are trying to migrate E-WorkBook application from NGINX Plus to HAProxy, they developers say that only NGINX Plus is supported, so I never translated a config before and I am not too familiar with it. Can anyone give me a hand? I think the tricky part comes with Upgrade protocol that I don’t really get.

Here is a link to the docu too https://knowledgebasecontent.s3.amazonaws.com/ProductDocumentation/EWB1040/E-WorkBook%2010.4.x%20White%20Paper%20-%20Load%20Balancer%20Configuration.pdf

upstream ewb_web {
    zone upstream_ewb_web 64k;
    sticky cookie srv_id path=/;
server <server 1 IP>:8443; 
server <server 2 IP>:8443; 
    keepalive 32;
}

upstream ewb_desktop {
    zone upstream_ewb_desktop 64k;
server <server 1 IP>:8443; 
server <server 2 IP>:8443; 

}



upstream ewb_web_ir {
    zone ewb_web_ir 64k;
server <server 1 IP>:8443; 
server <server 2 IP>:8443; 
    ip_hash;
 }

# We only set the "Connection" header to upgrade if the "Upgrade:" header is present (as it will be
# for web sockets and EWB Desktop Client connections)
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      '';
}

# Set a variable for whether a response code is considered a failure (and will not be cached)
map $status $status_is_failure {
    200 0;
    301 0;
    302 0;
    default 1;
}

proxy_cache_path /tmp/nginx-ewb-cache keys_zone=ewb-cache:1m inactive=1d;
proxy_no_cache $status_is_failure;

proxy_http_version 1.1;
proxy_pass_header Server;

# Pass on http Upgrade headers (WebSockets/EWB Desktop Client) so that protocol upgrades work.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

# Set up X-Forwarded headers so that WildFly interprets the client's IP correctly
# Note that X-Forwarded-For is set to a specific address, rather than adding the address to a list.
# This prevents an attack whereby a bogus X-Forwarded-For could be supplied in the initial request
# (overriding the client's real IP).
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;

# Pass on Host header so that upstream servers see the load balancer
proxy_set_header Host $http_host;

# Default timeouts of 20 minutes
proxy_read_timeout 20m;
proxy_send_timeout 20m;
send_timeout 20m;

server {
    listen      8443 ssl default_server;
    server_name <FQDN OF E-WORKBOOK>;
    status_zone eworkbook;

    ssl_certificate      /etc/nginx/ssl/<CDERTIFICATE FILE>.crt;
    ssl_certificate_key  /etc/nginx/ssl/<CERTIFICATE KEY>.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  10m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location = / {
        proxy_pass https://ewb_desktop;
        proxy_read_timeout 1h;
        proxy_send_timeout 1h;
	client_max_body_size 0;
    }

    location / {
        proxy_pass https://ewb_web;
        proxy_redirect https://ewb_web $scheme://$host:$server_port;
        proxy_cache ewb-cache;
        client_max_body_size 0;
    }



    location ~/instruments {
        proxy_pass https://ewb_web_ir;
        proxy_buffering off;
        proxy_ignore_client_abort off;
    }

    location /status {
        # If required, add allow/deny or password directives to restrict access to this status information
        status;
    }

    location = /status.html {
        alias /usr/share/nginx/html/status.html;
    }

}


#2

Hi,
Anyone that can explain me how this would look like in HAProxy ?

# Pass on http Upgrade headers (WebSockets/EWB Desktop Client) so that protocol upgrades work.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

# We only set the "Connection" header to upgrade if the "Upgrade:" header is present (as it will be
# for web sockets and EWB Desktop Client connections)
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      '';
}

Thanks!