Proxying

Elena Dvoryadkina

For balancing the load and distributing access to the ADQM database, you can use Chproxy. It is an HTTP proxy that can:

  • evenly distribute queries between all nodes of the ADQM cluster (all nodes are considered equal);

  • monitor health of cluster nodes and prevent from sending requests to unavailable nodes;

  • limit HTTP access by a list of allowed IP addresses/IP subnet masks;

  • authorize users safely — Chproxy can map users sending requests to users of the ADQM cluster without exposing real usernames and passwords used in ADQM.

Install Chproxy

The Enterprise edition of ADQM includes the Chproxy service (starting with version 22.3.7.28.1.b1) that you can install to an ADQM cluster as any other service. To do this, follow the steps below:

  1. Add the Chproxy service to a cluster.

  2. Add the service component to one or more hosts of the cluster.

  3. Configure the service.

  4. Install the service.

Configure Chproxy via ADCM

You can configure paramеters of the Chproxy service in the corresponding window of the ADCM web interface. The Configure services article includes detailed instructions on how to access this window.

Chproxy service configuration
Chproxy service configuration

The following parameters are available for the Chproxy service:

  • Network configuration:

    • Enable HTTP — listening for HTTP requests (enabled by default);

    • HTTP listen port — port to listen for HTTP requests (the default is 9090);

    • HTTP allowed networks — list of networks from which HTTP access is allowed (you can enter an IP address or IP subnet mask to define a network, the 127.0.0.1 value is added to the list by default);

    • Enable HTTPS — listening for HTTPS requests (disabled by default);

    • HTTPS listen port — port to listen for HTTPS requests (the default is 8543);

    • HTTPS allowed networks — list of networks from which HTTPS access is allowed (you can enter an IP address or IP subnet mask to define a network, the 127.0.0.1 value is added to the list by default);

    • Certificate file — path to the server SSL certificate file;

    • Private key file — path to the file with the private key of the server SSL certificate.

  • Proxy wildcarded users:

    • List of user names — list of values used as prefixes in names of wildcarded users that look like prefix_* patterns. For example, if the analyst item is added to this list, the analyst_* pattern is specified. In this case, Chproxy will not authenticate users whose names match this pattern (for example, analyst_john) — it will send user credentials from incoming requests to ADQM intact.

       
      Note that an ADQM user can be created via the CREATE USER query, for example:

      CREATE USER 'analyst_john' IDENTIFIED WITH PLAINTEXT_PASSWORD BY 'test';

  • ADQM cluster configuration:

    • Interval — interval for checking all cluster nodes for availability (the default is 5s);

    • Timeout — waiting time of response from cluster nodes (the default is 5s).

    These parameters are used for checking health of cluster nodes. Chproxy service components send a health check request to all nodes of the ADQM cluster at a frequency specified by the Interval parameter. If this request does not receive a response from some node of the cluster within the time specified by the Timeout parameter, Chproxy will stop sending queries to this node.

Found a mistake? Seleсt text and press Ctrl+Enter to report it