I am a newbie in software architecture and I have some question:
I don't understand which requests is sent to the HAProxy on this image.
I mean: if one "Application" Server (backend) want to save data in the Galera Cluster
what is the request that will be sent to the HAProxy?
Is it an sql query "request"?
If it is an sql query should the HAProxy server needs a mysql-server to "handle" the connection?
Should Application Server needs to be configured to make an sql connection to the HAProxy?
from: https://fromdual.com/making-haproxy-high-available-for-mysql-galera-cluster
Thanks!
The application only needs to know the IP address of the VIP in this architecture. The app connects to that VIP using a MySQL connector, as if it is a MySQL Server.
The "requests" are then stateful TCP/IP connections using the MySQL protocol, just as if the app were connected directly to a MySQL node.
This is not a series of stateless http requests. You might be assuming that HAProxy is only for load-balancing http requests. In fact, HAProxy can be used for other protocols than http.
Related
I am trying to establish a SSL-encrypted connection to a my MySQL Docker service running on a AWS VPC (setup up by the Docker for AWS cloud formation template). The elastic load balancer is configured to redirect port 3306. There is no problem to connect to the container (e.g. by using MySQLWorkbench, mysql-client, ..) as long as SSL is not turned on (adding AWS's own certificates (ACM) or my custom certificates to the ELB listener). In case SSL is enabled, the client starts hanging / freezing, without returning a proper error. I added the ca-certs from ACM, generated my own certificates (with and without additonal key / cert for the client) but nothing seems to resolve my problem.
Now I am well aware of the fact, that this setup is not that usual. I guess the standard way of doing this is to configure the MySQL-Server itself. AFAIK, in this case only the connection between client and ELB is encrypted, but I do not understand why this causes a problem?
I am grateful for answers!
In MySQL's client/server protocol, the server talks first. It advertises its capabilities (including whether it supports SSL). Then the client requests that the connection switch to SSL mode. Only then does SSL negotiation take place.
For this reason, it is not possible to offload SSL in front of MySQL.
Your connection hangs because the client is waiting for the initial packet from the server, while the ELB is waiting for the client to start negotiating SSL -- because unlike the MySQL client/server protocol, the client talks first on standard SSL negotiation.
You have to have a certificate on the MySQL Server, and not on the ELB, for this to work.
An AWS Network Load Balancer is a more appropriate solution for exposing MySQL, but you still need the SSL cert on the MySQL Server itself.
I have a staging server on AWS where my web application is running.the application uses Dedicated Database server(mysql/linux) from other provider. i would like to spin a new server on a AWS that should act like a proxy server to connect with my Dedicated Database server.
please advise me how can i achieve.
You can proxy the traffic with HAproxy, you can have one DB in active mode and one in passive mode, when ready to cut over you take the active one offline and ha will start sending requests to the other DB server.
Additionally, HAproxy will allow you to send traffic to certain DB servers depending on a variety of criteria, like the source IP. So some web apps send to one DB and others send to another.
HA proxy is very lightweight, we use it and run hundreds of thousands of requests a day without any performance issues.
Take a look at MaxScale from MariaDB. it a DB proxy. the can do all this and more..
https://mariadb.com/products/mariadb-maxscale
What are the differences between a proxy, a port and a server. Also, what is the difference between local server and mysql sever and how we can differentiate among them ?
Thanks in advance.
Ports: connection between 2 computers/interfaces or more using ports is more like a gate where the IP addresses pass.
Server: give different services for one client or more over the network.
Proxy: middle station between the server and the client.
Local: internal network or using loop interface, network card can be a server and also a client in the same time without going out side the network.
Mysql server is service for database, using default port 3306, it's have is own IP address and you can connect him depends on the firewall rules and routing.
Knowing this topics is not enough you need to cover all the network theory it's combine a lot of parts that only when you connecting all of them together you getting the entire picture....
https://en.wikipedia.org/wiki/Proxy_server
https://en.wikipedia.org/wiki/Server_(computing)
https://en.wikipedia.org/wiki/MySQL
I'm running Tomcat 7/MySQL 5.6 on Centos 6. It's time to separate the database to another server. What is the best approach to securing the connection between Tomcat and the backend MySQL server. It's Virtualized and I don't want to run the connection open over a shared network.
I'm thinking tunneling through ssh. SSL seems a lot of work. But what's the "recommended" approach?
You're right to be careful about sending traffic over an open network. The MySQL protocol by default is not encrypted at all, so if someone can capture packets on your network, then they can see all your data.
I prefer using either an ssh tunnel or a vpn connection. I just find it easier to configure.
My colleague Ernie Souhrada at Percona posted a couple of really good blog articles about the efficiency of using an ssh tunnel versus using MySQL client options to connect via SSL and bear the overhead of handshaking on every connection.
http://www.mysqlperformanceblog.com/2013/10/10/mysql-ssl-performance-overhead/
http://www.mysqlperformanceblog.com/2013/11/18/mysql-encryption-performance-revisited/
The performance impact of SSL handshake that Ernie reports won't be quite a much of an issue for a Tomcat environment, since you would typically have a connection pool, and therefore new connections would be made less frequently.
I have a mysql server running on the standard port which is having data fed into it. I would like to capture this information using node.js as it goes into the server so my plan is to set node.js up on the mysql port and proxy the requests.
How easy would this be to do and could I easily sniff for the data?
Thanks