It doesn't seem particularly well known. It works fine with TLS, but the origin ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

toast0 on April 18, 2023 | parent | context | favorite | on: Load Balancing

It doesn't seem particularly well known. It works fine with TLS, but the origin servers need to do the TLS termination (IMHO, this is better for security than having your load balancers do it, but it does mean you have to work harder on key distribution). On a non-DSR load balancer, doing TLS termination on the origins means the load balancer has less application data to work with (request path, response status code, etc) in making load balancing decisions, but for DSR, the load balancer never had any of that, so adding TLS doesn't disadvantage the load balancer any more.

TLS session establishment is expensive, so why would I want my load balancers to do it anyway? :P

blipvert on April 18, 2023 [–]

Should you wish to give DSR load balancing a go without having to invest in hardware/licenses you could try https://github.com/davidcoles/vc5

Put that in front of some HAProxy servers to do TLS termination and farm out requests to another layer of NGINX/uWSGI boxes and Robert is your cousins father.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact