How to setup Envoy as a load balancer with Nexus 3

jnunez · November 20, 2020, 10:34pm

Hello all,

I’m trying to setup Envoy proxy with a Nexus 3 cluster but so far no luck. Nexus 3 offers some hints how to achieve this (not specific to any load balancer).

Has anybody got this done? Please share your experience, it doesn’t have to be with Envoy but can be with Nginx, etc.

Thanks.

h_o · November 23, 2020, 11:23pm

Like this one?
https://help.sonatype.com/repomanager3/installation/run-behind-a-reverse-proxy

jnunez · November 23, 2020, 11:42pm

Hello,

I got it to work with HA proxy. Below is the configuration that worked for me, sharing it here so others can benefit as well:

# Author: Jose Vicente Nunez
# https://www.haproxy.org/download/1.8/doc/configuration.txt

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend stats
    bind *:6666
    stats enable
    stats uri /stats
    stats refresh 10s
    stats admin if LOCALHOST

frontend main
    bind *:5000
    default_backend     registry
    option              forwardfor

backend registry
    mode http
    balance leastconn
    stick-table type string len 200 size 1m expire 30m
    stick on cookie(NXSESSIONID)

    option httpchk HEAD /web1 HTTP/1.0
    http-check expect ! rstatus ^5
    server  registry1 AAA.BBB.XXX.XX:5000 check cookie check
    server  registry2 AAA.BBB.YYY.YY:5000 check cookie check
    server  registry3 AAA.BBB.ZZZ.ZZ:5000 check cookie check

    option log-health-checks

    option redispatch
    timeout connect 1s
    timeout queue 5s
    timeout server 3600s

And my systemd unit, as icing on the cake

# /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=network.target

[Service]
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Type=notify

[Install]
WantedBy=multi-user.target