Reverse proxy without a single point of failure
-
[email protected]replied to [email protected] last edited by
Already considering using Kube, though I haven't read much about it yet. Does it support this specific use case (making multiple servers share a single LAN IP with failover), in a way that an ordinary router can use that IP without special configuration?
-
[email protected]replied to [email protected] last edited by
For what OP is asking DNS has no part in DNAT, they need a load balancer.
Personally, asking about high uptime on a residential ISP is the larger issue here, but alas.
-
[email protected]replied to [email protected] last edited by
My personal opinion, as soon as you’re charging and providing SLAs you’ve exceeded what you should be doing on a residential ISP.
I’d really recommend putting your app in a real cloud solution, which can provide actual load balancing via DNS natively for regional failover if you desire.
-
[email protected]replied to [email protected] last edited by
If your current router doesn't support static DNS entries or advanced management of them, you could run a DNS service, or just get a router that runs OpenWRT. GL.Inet makes solid devices for relatively cheap.
-
[email protected]replied to [email protected] last edited by
I get the sentiment but this depends on how important the use case of the software in question is. It's not like I'm planning on selling software to businesses or hosting anything that users would store critically important data in. The difference in cost between home servers and cloud hosting is MASSIVE. It's the difference between being able to make a small profit on small monthly subscriptions, versus losing hundreds or thousands per month until subscriber numbers go up.
-
[email protected]replied to [email protected] last edited by
Yes. Your machines would have one main IP address, and one virtual IP address that would be assigned to either machine depending on the priority or health check status. That IP can be on the same physical interface, or a separate one. It’s very flexible, pretty standard config for high availability setups.
-
[email protected]replied to [email protected] last edited by
OPNsense and HAproxy might be a place to start, they work well together. You can define a backend pool of servers for roundrobinning, and if you buy a block of IPs you can roundrobin the incoming requests as well. I run OPNsense as a VM so that I can use Proxmox's high availability service for the router and it'll failover or manually livemigrate if I'm doing maintenance.
-
[email protected]replied to [email protected] last edited by
I use k3s as my base with istio to handle routing, so each node then has the same ports open and istio is the proxy. Internally there's a load balancer to distribute to whatever pod the traffic needs to go to. Outside the cluster DNS is my only single point of failure but it routes to multiple hosts. I doubt you'd have trouble finding a way to have a DNS that can do that. I don't think you can get that much more separated from single points
-
[email protected]replied to [email protected] last edited by
Additional SPoFs: Your upstream internet connection, your modem/router, electricity supply, your home (not burning, flooded, collapsed, etc.). And you.
-
[email protected]replied to [email protected] last edited by
So you have 2, or 3 spof, your home internet, your home router, and your reverse proxy container.
You can solve most of that with a second internet connection on its own router and some k3s/k8s
Current router points to one container then you have your second router point to the other container. You can use DNS load balancing to share the connections over your 2 internet connections.
Depending on your monitoring system you if a connection goes down you could then trigger a DNS update to remove the offline connection from DNS. You will have to set the ttl of the record to facilitate the change more rapidly.
-
[email protected]replied to [email protected] last edited by
You just described a load balancer. The router doesn't know about DNS but clients using your service use DNS. You can do some simple load balancing behind DNS. If you want to do it by IP address you want a load balancer though.
-
[email protected]replied to [email protected] last edited by
I feel like op is about to find out why businesses pay for cloud services.
-
[email protected]replied to [email protected] last edited by
No, the router being the SPOF (single point of failure) is totally avoidable.
At mny home (no SaaS services offered, but critical "enough" for my life services) i have two different ISPs on two different tecnologies: one is FTTC via copper cable (aka good old ADSL successor) plus a WFA 5G (much faster but with data cap). Those two are connected to one opnSense router (which, indeed, is a SPOF at this time). But you can remove also this SPOF by adding a second opnSense and tie the two in failover.
Of course, my two ISPs are setup in failover on the opnSense.
So the setup would be:
FTTC -> ISP1 router -> LAN cable 1 to port 1 of opnSense n.1
FTTC -> ISP1 router -> LAN cable 2 to port 1 of opnSense n.2
FWA -> ISP2 router -> LAN cable 1 to port 2 of opnSense n.1
FWA -> ISP2 router -> LAN cable 1 to port 2 of opnSense n.2Then in both opnSense i would setup failover multi-WAN and bridge them together so that one diyng will trigger the second one.
-
[email protected]replied to [email protected] last edited by
I do this with HAProxy and keepalived. My dns servers resolve my domains to a single virtual ip that keepalived manages. If one HAProxy node goes down, the other picks right up.
And this is one of the few things I’ve got setup with ansible, so deploying and making changes is pretty easy.
-
[email protected]replied to [email protected] last edited by
SLAs?
You're going to need a redundant ISP and a generator. You've left the territory where it's economical to self host something if that's what you're looking at. You still have several other single points of failure.
And I'll be honest, your setup isn't ready for an SLA either. Just having a second machine is such a small part of what you need to do before doing any guarantees. Are you using a Dynamic DNS service? What's the networking setup look like? Router to Compute?
From the sounds of it, you're not a professional. It might be time to engage an expert if you want to grow this.
-
[email protected]replied to [email protected] last edited by
That's not the point. Its unprofessional. Someone is going to smash and grab OPs idea and actually have the skills to host it properly. Probably at a fraction of the cost because OP doesn't understand that hosting SaaS products out of his house isn't professional or effective.
Also; cloud is cheaper than self hosting at any small amount of scale. This wouldn't cost much to run in AWS if built properly. The people who struggle with AWS costs are not professionals and have no business hosting anything.
-
[email protected]replied to [email protected] last edited by
This is a rabbit hole that's going to be very expensive. Caddy isn't going to do what you are wanting. You likely need enterprise systems which are complex and require at least 3 machines.
I would use AWS or Azure instead
-
[email protected]replied to [email protected] last edited by
You aren't going to get high reliability unless you spend big time. Instead, could you just offer uptime during business hours? Maybe give yourself a window to do planned changes.
-
[email protected]replied to [email protected] last edited by
This is so true. You can't expect your home server to ever be compatible to enterprise setups. Companies who have stuff on prem are still paying for redundant hardware and software which requires money and skill to maintain.
-
[email protected]replied to [email protected] last edited by
This will blow up in your face. You know enough to be dangerous but no enough to know that uptime is very hard.
AWS or Azure really isn't that expensive if you are just running a VM with some containers. You don't need to over think it. Create a VM and spin up some docker containers.
