My thinking for having ELB -> HAProxy was so I’m not exposing the app servers directly to the outside world. And I could let the ELB do the SSL termination. I feel like that is a little bit more secure, vs using a DNS service to update the zone record with IP’s for the LB’s. I’m running a single HAProxy container on each of the app servers.
@nma How else would you run multiple apps on the same port. For example you have two apps running port 80 on a server. The way @chrisneal is setting it up so you could run app1 on port 81 and app2 on port 82. The AWS ELB’s would both run on port 80 and send it to port 81 and 82.
@chrisneal Try running your container without the HAProxy and make sure your ELB health checks pass. This way you can easily see access logs. You might be able to see access logs with HAProxy but I am not sure about that. Also you might have already read this but this is what your trying to do. http://x-team.com/2016/02/socket-io-haproxy-aws/
@Jlaird so this is standard operating procedures for AWS ELB -> Container Clustering computing? Okay, I work with a more traditional setup at my work place. Just ELBs -> AMIs for low moving parts since we only have 2 people on Pager Rotation and no dedicated infrastructure team, we only do changes when we are sure we can operate it properly.
Though back to the original topic, it also looks external ELB is a feature in the roadmap.
Worth taking a look, would be interesting to see how the Rancher team addresses the connectivity issues with this.
@chrisneal I would think that in order for your ELB to health check your App Servers you will need to check that your ELB can access the App Server’s exposed public ports directly. So for example if your App servers have exposed port 8090:8080 then your ELB should check for 8090, make sure that your security group/network ALC allows for that.
I don’t think you need to do it this way though. I have a very similar setup and what i do is my ELB (actually i am using ALB now) do health check on the HAProxy’s listening port, HAProxy itself will route to healthy App Services only.