1

We've developed a custom TCP protocol to interface with iPhone clients over sockets and I am looking to layout our production server. We'll be running our server written in erlang on a single debian EC2 instance as well as most likely running mysql on a separate instance (I'm guessing this would be recommended?).

I'm looking to secure and load balance connections to our TCP server and was looking at EC2's ELB, HAProxy, LVM and nginx. nginx seems to be http only, and since we're using a custom protocol I was looking for some input on the design of such a system. I am also wondering what the implications of router/firewall blocking on cellular networks ISPs will be.

My current design idea would be putting everything over port 80 to ELB and route this to the TCP server. I'm not completely sold on ELB, so I was wondering:

  1. What other options are out there for non http reverse proxy,
  2. Can SSL be run on the reverse proxy or does this also need to be run on the TCP server
  3. Any recommendations for firewall/router workarounds for cellular networks other than going over port 80.

2 Answers 2

1

Well, neither haproxy or ELB are HTTP only; they'll both do arbitrary TCP connection proxying. But why would you possibly want a proxy? Just run an L3 load balancer instead; it's much cleaner. It might not work in AWS, but I'd call that a limitation of AWS.

2
  • Sorry for the delay guys, I finally got a chance to play around with some stuff on the server. I was looking to proxy for an added level of security, but I guess there's really no point for that (I'm thinking I dont want to put apache on the net straight, but that doesnt fit in here). I looked into L3 balancer (I'm not a much of hardware esp in enterprise situations). I'm thinking this is a cisco box? It sounds much more sexy than what I've got right now, so I'll have to look into that later when funds are looking better (and hopefully off ec2). Thanks! Commented Aug 10, 2011 at 21:04
  • No, you can do L3 load-balancing using Linux Virtual Server, it works great and is free. Commented Aug 10, 2011 at 21:07
0
  1. HAProxy and ELB seem to both fit your needs well.
  2. Adding stunnel to your HAProxy solution would accomplish this, as should ELB (though it's not completely clear if the SSL offloading works on raw TCP connections).
  3. Depends on the cellular networks you need to work with, but I'd say avoid port 80 - some of them try to proxy those requests. If anything, run over 443 with your SSL stream - that should function for carriers with decently limited traffic interference.
1
  • Great! I got a chance to play around with ELB, looks like that's easier to setup but it seems to be pinging/connecting to my server ever so often which is a pain (prally design issue on my side). Great call on port 443, def going to use that. HAProxy + stunnel was what i was thinking if not using ELB, so great suggestion! I guess my only follow up is the suggestion from above, as to whether I really need a proxy (for added security?) or whether load balancer is enough. I guess if I don't go with ELB, HAProxy will do both for me. I'm totally new to this level of server, thanks for you're input! Commented Aug 10, 2011 at 21:09

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.