Hey guys,
If I setup many servers behind a load balancer to handle incoming http requests, how can i get cron api calls from ANY one server to appear to come from the ONE internet address?
The reason for the same internet address is to allow it through a firewall at an external site. If i add/drop servers I want to be able to continue query the external firewall api without bugging there security admins to allow a new IP. A single IP setup will allow me to scale and ensure some levels of HA.
I hope that makes sense. Any help would be greatly appreciated.
Cheers, Trav.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Hi Trav,
I am not sure I did understand clearly your question, but I think you can configure iptables post routing and masquerading rules to make your api cron requests from a single IP.
If you have a local network configured between the 3 servers on 10.10.10.0/24 range + a load balancer, then all servers can have a public IP (eth0) and a local IP (eth1). You just need to update the /etc/network/interfaces file to get the eth1 IP up with static IPs and set the new interfaces up.
Next, you can configure your load balancer in that network to masquerade requests thanks to an iptables rule of that kind :
The kernel route of the load balancer server keeps a route going through eth0, but can access the local network. The load balancing might be done using that local IP to reach backend IPs.
On the 3 other backend servers, you can configure the kernel routes to use eth1 device as default interface to go out of the network, using the load balancer local IP as gateway address.
In the situation each VM can ping the load balancer other through the local IP, and if the masquerading rule was set successfully, the the load balancer will make all requests directly to the external site using the public IP configured on the Load Balancer.
I believe this was the kind of configuration you were looking for. You should be able to use those informations to design your load balancing using masquerading for backend servers requests.
Hope this could help.
– rustx