Scaling Otoroshi
Using multiple instances with a front load balancer
Otoroshi has been designed to work with multiple instances. If you already have an infrastructure using frontal load balancing, you just have to declare Otoroshi instances as the target of all domain names handled by Otoroshi
Using master / workers mode of Otoroshi
You can read everything about it in the clustering section of the documentation.
Using IPVS
You can use IPVS to load balance layer 4 traffic directly from the Linux Kernel to multiple instances of Otoroshi. You can find example of configuration here
Using DNS Round Robin
You can use DNS round robin technique to declare multiple A records under the domain names handled by Otoroshi.
Using software L4/L7 load balancers
You can use software L4 load balancers like NGINX or HAProxy to load balance layer 4 traffic directly from the Linux Kernel to multiple instances of Otoroshi.
- NGINX L7
-
upstream otoroshi { server 192.168.1.40:8080 max_fails=1; server 192.168.1.41:8080 max_fails=1; server 192.168.1.42:8080 max_fails=1; } server { listen 80; # http://nginx.org/en/docs/http/server_names.html server_name otoroshi.oto.tools otoroshi-api.oto.tools otoroshi-admin-internal-api.oto.tools privateapps.oto.tools *-api.oto.tools; location / { # SSE config proxy_buffering off; proxy_cache off; proxy_set_header Connection ''; proxy_http_version 1.1; chunked_transfer_encoding off; # websockets config proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # other config proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://otoroshi; } } server { listen 443 ssl; # http://nginx.org/en/docs/http/server_names.html server_name otoroshi.oto.tools otoroshi-api.oto.tools otoroshi-admin-internal-api.oto.tools privateapps.oto.tools *-api.oto.tools; ssl_certificate /etc/letsencrypt/wildcard.oto.tools/fullchain.pem; ssl_certificate_key /etc/letsencrypt/wildcard.oto.tools/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location / { # SSE config proxy_buffering off; proxy_cache off; proxy_set_header Connection ''; proxy_http_version 1.1; chunked_transfer_encoding off; # websockets config proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # other config proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://otoroshi; } }
- NGINX L4
- HA Proxy L7
- HA Proxy L4
Using a custom TCP load balancer
You can also use any other TCP load balancer, from a hardware box to a small js file like
- tcp-proxy.js
-
const proxy = require("node-tcp-proxy"); const hosts = ["192.168.1.40", "192.168.1.41", "192.168.1.42"]; const portsHttp = [8080, 8080, 8080]; const portsHttps = [8443, 8443, 8443]; const proxyHttp = proxy.createProxy(80, hosts, portsHttp, { tls: false }); const proxyHttps = proxy.createProxy(443, hosts, portsHttps, { tls: false });
- tcp-proxy.rs