HAproxy, how to use it and what exactly is it?

Discussion in 'Server & Community Management' started by AsssassinJianer, Aug 15, 2018.

  1. Hello,

    I'm John Cedeno and lately i've been having to deal with ddos attacks larger than 20gbps, my server only has 20gpbs protection, and that has lead me to try to figure out ways of fixing this issue. My temporal solution to this issue was to get a vps in OVH and put the proxy on that vps, although this is a valid solution since ovh's DDOS protection is really good, it's not permanent since it adds latency to the servers since the dedicated server that hosts all the real mc servers is located in Florida.

    I started doing some more research and i ended up finding something called "HAProxy" and i read it was useable with bungeecord, so i was wondering if y'all could help me to set it up.
     
  2. Update: Upon research i bumped into a forum which said that for this case scenario someone should perhaps use a tcp port forwarder, i tried to use it and seems just fine however, it adds a lot of latency to the servers too, is there a way too just redirect it and from then on let the Other ip handle all the traffic?
     
  3. That would in theory expose your internal IP. Someone could then just check where packets are going and see the backend IP. And if someone has your backend IP, no filtering on other services will save you.
     
  4. MiniDigger

    Supporter

    HAProxy is an efficient proxy, for proxying and load balancing all kind of traffic. it also provides a bit of filtering capabilities but since your attack is larger than your bandwidth thats useless.
    you could install it on a better protected server but that will not solve your latency problem, it will be the same as running bungee on an external server. why not get better protection on your game server directly?
     
  5. I thought it would just act kind of as how cloudflare does.

    A better DDOS protection in Miami FL could substantially increase the monthly cost of my service by a lot, is there any way to just have a server take the input and immediately transfer it to the server that should take care of it thereafter eliminating the latency problem?
     
  6. MiniDigger

    Supporter

    well, it can do a bit of filtering and can be quite affective against certain attack vectors, but if the attack is larger than your bandwidth, there is just not much you can do. you need to either get a second server with a higher bandwidth and filter yourself or get a second server with better protection by the host.
    the latency you face is just by distance I guess. if you would put bungee on a ddos protected server in the same DC or city as your game servers you shouldn't be able to see a high latency increase, just a couple ms.
     
  7. For some reason that i do not understand it adds about 15-25ms if i do the bungee somewhere else in Miami however, i got in contct with http://x4b.net/ and they claim that their services will not increase more than 2ms. Hope they’re right, I’ll get home and test it out
     
  8. MiniDigger

    Supporter

    you can ping your bungee server from your game server, then you multiply by 2 and thats how much latency you will have to deal with. 15ms doesn't sound that bad tho.
     
  9. I would not trust that website
     
  10. Strahan

    Benefactor

    I have no idea about the proxy, just felt like mentioning that temporal does not mean what you think it means :)