Proxying

Elena Dvoryadkina

For balancing the load and distributing access to the ADQM database, you can use Chproxy. It is an HTTP proxy that can:

  • evenly distribute queries between all nodes of the ADQM cluster (all nodes are considered equal);

  • monitor health of cluster nodes and prevent from sending requests to unavailable nodes;

  • limit HTTP access by a list of allowed IP addresses/IP subnet masks;

  • authorize users safely — Chproxy can map users sending requests to users of the ADQM cluster without exposing real usernames and passwords used in ADQM.

Install Chproxy

The Enterprise edition of ADQM includes the Chproxy service (starting with version 22.3.7.28.1.b1) that you can install to an ADQM cluster as any other service. To do this, follow the steps below:

  1. Add the Chproxy service to a cluster.

  2. Add the service component to one or more hosts of the cluster.

  3. Configure the service.

  4. Install the service.

Configure Chproxy via ADCM

You can configure paramеters of the Chproxy service in the corresponding window of the ADCM web interface. The Configure services article includes detailed instructions on how to access this window.

Chproxy service configuration
Chproxy service configuration

The following parameters are available for the Chproxy service:

  • Network configuration:

    • Enable HTTP — listening for HTTP requests (enabled by default);

    • HTTP listen port — port to listen for HTTP requests (the default is 9090);

    • HTTP allowed networks — list of networks from which HTTP access is allowed (you can enter an IP address or IP subnet mask to define a network, the 127.0.0.1 value is added to the list by default);

    • Enable HTTPS — listening for HTTPS requests (disabled by default);

    • HTTPS listen port — port to listen for HTTPS requests (the default is 8543);

    • HTTPS allowed networks — list of networks from which HTTPS access is allowed (you can enter an IP address or IP subnet mask to define a network, the 127.0.0.1 value is added to the list by default);

    • Certificate file — path to the server SSL certificate file;

    • Private key file — path to the file with the private key of the server SSL certificate.

  • Proxy users configuration:

    • Clickhouse Proxy Users — users whose requests will be proxied to ADQM. Using the settings in this section, you can set up the configuration for each user separately: configure access restrictions based on a list of IP addresses or subnet masks, prohibit or allow HTTP and HTTPS connections, enable caching responses, set limits on the duration and frequency of requests, as well as limit the number of concurrent requests.

       
      To map multiple distinct input users to a single ADQM user, you can create a wildcarded user configuration. To do this, enable the wildcarded_user option, enter a Chproxy user name pattern (like <prefix>* or *<suffix>) in the user_name field, and specify an ADQM user in the clickhouse_target_user field. For example, if user_name = dba_* and clickhouse_target_user = db_admin (where db_admin is an existing ADQM user), then any user with a name matching this pattern (for example, dba_john and dba_mary) will be authorized in ADQM as db_admin.

    • Users/password map — passwords of users specified in Clickhouse Proxy Users.

  • Connection pool configuration:

    • Max idle connections — maximum number of idle connections in the pool;

    • Max idle connections per host — maximum number of idle connections per host.

  • ADQM cluster configuration:

    • Interval — interval for checking all cluster nodes for availability (the default is 5s);

    • Timeout — waiting time of response from cluster nodes (the default is 5s).

    These parameters are used for checking health of cluster nodes. Chproxy service components send a health check request to all nodes of the ADQM cluster at a frequency specified by the Interval parameter. If this request does not receive a response from some node of the cluster within the time specified by the Timeout parameter, Chproxy will stop sending queries to this node.

Found a mistake? Seleсt text and press Ctrl+Enter to report it