H
H
Hideez Authentication Service (EN)
v3.14
Search…
⌃K

Enable load balancing

Hideez Enterprise Server – Enable load balancing
In some cases, it is necessary to ensure that the HES server failure resistance.
In general, we can separate the fault tolerance of the database server (MySQL) and the fault tolerance of the HES itself.
As for the fault tolerance of databases, this process is described in detail in the relevant documentation - for example here.
Here we are talking only about HES, and then there is a small instruction on how to do it.
Consider an example where you have a separate MySQL server, three separate HES servers, and an Nginx proxy through which the end client has access to a group of HES servers.
Load balancing, in this case, will be that nginx will try to distribute requests evenly to the three HES servers, and fault tolerance is that if one of the servers crashes, users will continue to use the HES server.
In this case, in addition to our installation instructions, you need to do the following:
  • you need to allow remote user connection in the MySQL server settings. By default, only local users have access to the database, so the MySQL /etc/mysql/mysql.conf.d/mysqld.cnf configuration file needs to be modified - instead of
bind-address = 127.0.0.1
you have to setup
bind-address = 0.0.0.0
(you can simply add this line to the [mysqld] section if it is not there).
After restarting the MySQL server, you will be able to access it from remote HES servers.
  • when creating a MySQL user instead of a command
CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY '<user_password>';
should be used
CREATE USER 'user'@'%' IDENTIFIED BY '<user_password>';
this will allow the user ‘user’ to connect to the database from any computer.
  • the following should be done when editing the /opt/HES/appsettings.Production.json file:
1) in the row
"ConnectionStrings":
{
"DefaultConnection":
"server=127.0.0.1;
port=3306;
database=db;
uid=user;
pwd=<user_password>"
},
127.0.0.1 must be changed to the ip of your MySQL server.
appsettings.Production.json should be the same on all servers!
However, if you want to visually "see" which server is currently processing your data, there may be slight differences between ServerFullName and ServerShortName.
"ServerFullName": "Hideez Enterprise Server",
"ServerShortName": "HES",
2) by default, the HES server receives requests only from localhost, but since our proxy with nginx can be hosted at a different address, you need to allow access from other addresses. You can do this by adding the following lines to /opt/HES/appsettings.Production.json, after "AllowedHosts": "*" add the following (via comma):
,
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://0.0.0.0:5000"
}
}
}
3) in the nginx.conf file on the nginx server, you need to comment out the line
server localhost:5000;
and uncomment lines
#ip_hash;
#server <ip or name of hes1 server>:5000 weight=3;
#server <ip or name of hes2 server>:5000;
#server <ip or name of hes1 server>:5000;
and by entering the corresponding IP addresses of their three HES servers.
And of course, it is necessary to adjust the rules of firewalls. Note that MySQL typically uses TCP port 3306 and HES port TCP 5000.
Previous
How to manage Positions?
Next
Data Protection
Last modified 2mo ago