APE Server on port 80 with HAProxy

Louis Charette edited this page Jun 10, 2016 · 1 revision

By default, APE Server run on port 6969. This can be a problem for some users behind strict firewall. To come around this limitation, APE must run on standard ports, one of the most common and open port being port 80 of course. But mort of the time, you'll have Apache or Nginx running on port 80 and running APE on a dedicated machine is not always a solution.

One workaround is to use a proxy to managed connection on port 80 and redistribute everything related to APE on port 6969 and the rest back to Apache or Nginx on another port like 8080. This page is there to show you how you can achieve that using HAProxy.

How it all works

The thing is you can't have two services running on the same port. It's like telephone extensions in a office. By default, you call a dedicated number (the server IP) and end up at the receptionist (Apache, on port 80) unless you explicitly specify the APE extension (Port 6969).

You can use Apache web proxy so that when people call your office at the office number (server IP), they are dispatched directly to Apache (port 80) which now act as the receptionist and transfert the call (proxy) to APE (at extention 6969) if Apache see that the call is for APE. The thing is, it does work for default connexion (Long pooling), but Apache is not handling web socket correctly.

Now comes HaProxy. HaProxy act as the receptionist. When someone call the office (server) on the office number (Server IP), the first person they get to is the receptionist (HaProxy, now at port 80) who dispatch the call to APE (at extention 6969) if the call is for APE (Either a websocket connexion or a specific subdomain) OR Apache (now moved at any extension, for example 8080) if the call is not for APE. It basically goes like this :

So you basically need to relocate Apache on port 8080 (or anything you want). This needs to be done for all the virtualhosts and there is also a global config I think for it (google it).

(And the nice thing about HaProxy: if you want to scale your office, it really act as a receptionist. If Apache is not avaiable for some reason or is overloaded, HA can take care of loadbalacing between multiple (apache) server. You also could, technically, even have APE on a different host with this).

Now let's do it!

Requirements

  • Ape Server running on port 6969
  • Apache or Nginx listening on port 8080
  • HAProxy

This guide don't show how to installed those requirements. Refer to the APE wiki or the proper documentation on how to achieve this.

Setup HAProxy

The way HAProxy will work, it will redirect everything that comes in throughout port 80 and related to a specific subdomain to APE Server on port 6969, leaving the rest for your webserver on port 8080. Furthermore, if the connexion is websocket, it will also be redirect to APE Server, regardless of the domain.

For this example, everything coming in port 80 from the subdomain ape.mydomain.com' and it's subdomain (*.ape.mydomain.com) will be redirected to APE Server. Don't forget to change the domain in the config file to match your own domain.

Open HAProxy config file (On Debian/Ubuntu, located in /etc/haproxy/haproxy.cfg). Find :

option redispatch
maxconn 2000
contimeout      5000
clitimeout      50000
srvtimeout      50000

And replace it to :

option redispatch
option forwardfor
option  http-server-close
maxconn 2000
contimeout      5000
clitimeout      50000
srvtimeout      50000

This tells HAProxy to ignore the servers keepalive setting. If it were not specified, then in some cases the conditional rules (used below) would not be re-evaluated every time there is a new request.

Next we add the subdomain and proxy detection. Add the fallowing code to the end of the file

frontend public
  bind *:80
  acl is_ape hdr_end(host) -i ape.mydomain.com #Change this your domain
  acl is_ape hdr(Upgrade) -i WebSocket

  use_backend ape if is_ape
  default_backend www

backend www
  timeout server 30s
  server www1 127.0.0.1:8080

backend ape
  timeout server 600s
  server ape 127.0.0.1:6969

Note: In this example, HAProxy will redirect to localhost, but you could easily plug in the IP to a different server.

Wrap up

Your HAProxy config file should now look like this

# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        option forwardfor
        option  http-server-close
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

frontend public
  bind *:80
  acl is_ape hdr_end(host) -i ape.mydomain.com #Change this your domain
  acl is_ape hdr(Upgrade) -i WebSocket

  use_backend ape if is_ape
  default_backend www

backend www
  timeout server 30s
  server www1 127.0.0.1:8080

backend ape
  timeout server 600s
  server ape 127.0.0.1:6969

Don't forget to restart HAProxy every time you change the config file.

Apache or Nginx should now be available as usual and if you point your browser to ape.mydomain.com, you'll find the APE Server page.

HAProxy troubleshoot

If HAProxy doesn't start, make sure it's enabled. Edit /etc/default/haproxy (on Debian) and make sure it has a line that says ENABLED=1 in it.

References

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.