0

I am trying to use HTTP proxies to handle load balancing, but I'm not sure if it's wise to do so. My issue is that I need to have multiple private servers, serving through a load balancer, to multiple public IPs. I am using Amazon EC2s for my servers with elastic IPs.

My understanding of traditional load balancing, is that the resolving IP would be that of the server that the load balancer forwards to. If that is correct, I cannot use traditional load balancing, because each of my public IPs must appear unique to their attached domain. So if a reverse IP lookup occurred, it would not be easy to locate similar apps.

What kind of issues might this configuration face? Is there a better solution?

Thanks

EDIT: I am sharing some additional information, even though I have solved the issue, to perhaps help someone in the future.

Our situation is that we offer a service that is white labelled to each individual client. Our app is hosted on a singular server, with a singular IP. When new clients came aboard they would point a subdomain's @host at our server's IP.

The issue arose when you ping the domain, run a whois, or something that reveals the domain's IP. Since the IP was not unique to the domain, you could easily discover a list of domains using the app. With little effort you could use that domain list to find a list of clients.

Our solution was to stand up an EC2 and point an elastic IP per client. Which worked, until we found a need for load balancing.

I tried to configure Amazon's ELB to fit our needs, but I was unable to get a configuration that would utilize both the elastic IPs and the load balancer.

THE RESULT:

Our configuration now, is using an EC2 instance with Nginx configured to reverse proxy our set of app servers. The elastic IPs are tied to the Nginx load balancer instance that then forwards the request on to the corresponding app server.

It may not be the best configuration, but it suits our needs, and the latency difference is negligible.

Hope that clears things up, thanks again.

Improve this question
10
  • >each of my public IPs must appear unique to their attached domain. Can you clarify that? Commented Apr 24, 2017 at 17:36
  • Essentially I have an app that is white labeled to several customers. So we have several domains pointed to individual elastic ips that belong to a single server. So that if you check the whois, or reverse lookup the ip, you can't find a list of our app clients. Commented Apr 24, 2017 at 17:40
  • "So that if you check the whois, or reverse lookup the ip, you can't find a list of our app clients." <-- that's not how PTR records or whois records work. It's highly likely that you're over-complicating things with your unique IP requirement. Commented Apr 24, 2017 at 17:54
  • 1
    @EEAA - So, if I've understood the question, it seems to me a reverse proxy setup could meet the OP's needs. Do you agree, or do you see a problem with that? Commented Apr 24, 2017 at 18:36
  • 1
    @DiogenesdeLight Yes, absolutely. The unique IP-per SSL-secured domain is largely a non-issue now, unless for whatever reason one needs to support horribly ancient, end-of-life devices or operating systems. Commented Apr 24, 2017 at 18:38

1 Answer 1

Reset to default
0

As @EEAA and @DiogenesdeLight suggested I used Nginx reverse proxies to achieve my desired outcome.

I used this Nginx configuration: http://devblog.daniel.gs/2014/01/deploying-node-apps-on-aws-ec2-with.html

So far it seems to work fabulously, and it took all of five minutes to configure.

Thanks for the support.

Improve this answer
5
  • In AWS you (unless you do something exotic) won't have reverse-DNS anyway. Commented Apr 24, 2017 at 21:02
  • Why's that? My server has a reverse DNS result, and it returns the expected IP. Commented Apr 24, 2017 at 21:10
  • @JasonMartin public IPv4 addresses issued to EC2 instances do have a default generic hostname in reverse DNS in the general form ip-x-x-x-x.rr-rrrr-r.compute.amazonaws.com... but it doesn't matter. I'm not sure anything has been solved, here, since there is never a necessary correlation between relevant forward records and reverse records like seems to be assumed in the question. AWS IPs can actually be accessed from a browser using that hostname -- they have matching forward and reverse records... which doesn't matter, either. Commented Apr 25, 2017 at 1:01
  • Right, AWS provides a generic PTR record, but that won't leak the list of customers like the OP was concerned. Commented Apr 25, 2017 at 14:39
  • When we had a single elastic IP associated to multiple domains, you could ping the domain, get the server's IP, then simply Google the IP for a list of associated domains. With that set of domains, it would be simple in our situation, to ascertain a list of clients. Commented Apr 25, 2017 at 17:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.