Haproxy support

[Imptovskii]

Hello, I would like to see support for Haproxy balancing proxy, as it is done in BungeeCord, Velocity, Paper.

[RhysB]

Just curious, what is the use case of a load balancer support for Poseidon. I could understand on a modern network utilizing it to distribute load across multiple Bungeecord servers, however, that seems like a bad idea for the server itself as your players would end up on completely different worlds. Are you just utilizing it as a TCP forwarder or a proxy for DDOS protection?

[moderatorman]

I have similar concerns as Johny. I don't see any practical use cases for load balancing on this version, especially when the community isn't large enough to warrant such a technology being used by servers anyway. Even despite that fact, would Poseidon even be capable of efficiently serving large numbers of clients?

As for DDOS protection, seems like alternative solutions should be looked at first.

[Imptovskii]

Yes, I need Haproxy for DDoS protection, and balancing between 2 IP addresses. I'm doing this right now for my Self-Host server on the release version of Minecraft. I have when 1 Internet provider is unstable, then all traffic goes to another.

[moderatorman]

I have two suggestions. The first is to look into CloudFlare. Next, why not always have traffic go through the reliable connection? I can't imagine why you'd need an entire load balancing mechanism for 2 addresses, especially if it's self-hosted.

I believe your ISP would null route any malicious packets, would they not? Seems like they'd have an interest in doing so, considering a DDoS attack would put unnecessary stress on their network. If your ISP does not have any denial of service mitigation, you may want to look into putting your services on a remote host, such as a VPS or dedicated server.

[Chew]

Cloudflare doesn't support servers, unless you mean spectrum, which would also have proxy protocol, assuming you have enterprise to warrant using spectrum at all.

[moderatorman]

I do mean CloudFlare. It's 100% possible to route your traffic through their network. I don't use it currently for various reasons regarding our domain & web configurations, but if all you have is a domain pointing to a standard MInecraft server, there's no reason why that wouldn't work. Edit: unless I'm mistaken.

[Chew]

As I said, Cloudflare only supports HTTP apps for free, you'd need their Spectrum service to protect all other TCP stuff like Minecraft servers.

[moderatorman]

I literally just got a CloudFlare domain pointed to OSM and working. Dunno what you're talking about. Proxy option is enabled and everything.

[RhysB]

Unfortunately, I don't see us adding support as I doubt many people will need it, however, if you want to pull request the support then you are more than welcome to. Unfortunately, Cloudflare won't work for proxying traffic to the Minecraft server unless you invest in one of their enterprise offerings such as Spectrum like Chew said, however, I don't think that will be able to swap between IPs seamlessly. I hate to say, but your best bet is to host your server with a proper host so you can avoid using your unreliable connections.

[moderatorman]

Ah yeah I was mistaken about CloudFlare, it tricked me into thinking it was working + I found several forum posts saying it works. Though to be fair, nobody is gonna DDoS you, and even if they did, the attack isn't likely to be serious enough to impact connectivity. That's especially true on any decent connection of around 100 to 150+ Mbps.

In my opinion, you should never run public services on your home network. Not unless you are willing to accept network instability & denial of service as an unavoidable aspect of it. There are several services that I would consider to be relatively cheap, and ought to provide you with good enough protection. For now I can only vouch for OVH, and their other networks such as Souyoustart. The DDoS protection is more than adequate for our needs, and we get denial of service attacks fairly frequently. None of them have managed to take down our services.

Edit: Don't some ISPs have fees for using large amounts of bandwidth as well? I know Comcast/Xfinity does that on some of their plans, so you should definitely look into that and make sure you don't drain your wallet.

[ghost]

Since it's a wontfix, I'd just close this unless there's someone willing to add support for HAProxy.

[RhysB]

I won't add this personally, but if someone wants to make a pull request, I am happy with that.