Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Question Regarding Reverse Proxy 2 Server Setups
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Question Regarding Reverse Proxy 2 Server Setups

In this scenario I have 2 servers. One big beefy server with NVMe drives, Many cores, etc. Beefy server has no real DDOS protection. One smaller server with great DDOS protection & filtering. They'll both be running Ubuntu Server 18.04 or Debian probably. They are obviously located on two different networks at two separate datacenters.

I have an entire website already setup and running on beefy server. Everything is perfect however the host has no DDOS protection. I want to use smaller server #2 that is currently sitting unused to act as reverse proxy / ddos protection for the bigger beefier server.

I know I can do this traditionally with NGINX. However I recently came across some interesting software...

https://www.envoyproxy.io & https://traefik.io & https://caddyserver.com

Now from my research it seems EnvoyProxy had a bit of speed/performance advantage in benchmarks, so I wanted to go with it. However I keep reading about an Ingress controller might be needed? I never even heard of that term really until today. Will I really need that just to act as reverse proxy and ddos shield? If so do you suggest I use https://github.com/heptio/contour or https://github.com/kubernetes/ingress-nginx ?

Next question...It seems like https://traefik.io & https://caddyserver.com won't require an ingress controller? or its already built in? If that's the case and Envoy is gonna be more complex to setup and maintain, I may focus on traefik or cadddy.

Between Traefik & Caddy, which would you choose & why? I like free SSL and speed. Which would be better for my use case? Thanks!

Comments

  • edited May 2019

    or should I use something like
    https://serversforhackers.com/c/letsencrypt-with-haproxy
    HAProxy (http://www.haproxy.org) with LetsEncrypt

    would like to hear some expert advice on this from the community. thanks again for your input.

  • LutungLutung Member

    +1 with haproxy

  • @Lutung said:
    +1 with haproxy

    Thanks for input. Will I need any other software of can just HAProxy handle what I am wanting? I also want it to force SSL, hopefully free letsencrypt SSL, and redirect www to non-www.

    Anyone have a sample config or guide they suggest?

  • ulayerulayer Member, Host Rep

    Personally, I would stick with nginx for such a basic setup. If you needed to load balance between multiple servers of course nginx can do this as well, but HAProxy is a nice alternative. Using more complex (and application aware) proxies like Traefik or Envoy are more suited for microservices/container (like Docker) networks.

    Caddy is nice from what I've read though. A solid alternative to nginx and has some nice built in features.

  • edited May 2019

    @ulayer said:
    Personally, I would stick with nginx for such a basic setup. If you needed to load balance between multiple servers of course nginx can do this as well, but HAProxy is a nice alternative. Using more complex (and application aware) proxies like Traefik or Envoy are more suited for microservices/container (like Docker) networks.

    Caddy is nice from what I've read though. A solid alternative to nginx and has some nice built in features.

    Yes everything I read about Traefik or Envoy talked about microservices/containers (like Docker).

    Maybe I'll just stick to a tried and tested method like NGINX. This config generator makes it stupidly easy to setup. https://nginxconfig.io

    Thanked by 1ulayer
Sign In or Register to comment.