Permanent mitigation OVH with HAProxy

Discussion in 'Systems Administration' started by Minemarc98, May 27, 2016.

  1. Hi, I'm having some problems.

    Several days ago buy a VPS to install a proxy (HAProxy) which served to protect the IP of my Dedicated Server hosted on Soyoustart and not have problems with DDoS attacks.

    I set the proxy for users of my minecraft server to connect and be redirecionados to the IP of my Dedicated Server, the problem I have is that when I do a DDoS is activated migration and mitigates all packages within the adding VPS packets haproxy connected to, in this case, users who are within the server and thus the server is disabled.

    Let's see if anyone happened (not with Minecraft) if not HAProxy in general and I can explain how it has solved

    Thank you,
     
  2. Just run bungee on the vps, or run a tcptunnel or gre tunnel.

    The reason you're using haproxy is not what it's intended for.
     
  3. He has multiple BungeeCord instances running on a host without DDoS protection, hence why he wanted haproxy.

    The best thing to do here if you can't get haproxy working is to set up multiple GRE/IPIP tunnels, one for each BungeeCord instance, and then round robin those by creating multiple A records.
     
  4. soyoustart uses the same ddos protection as OVH https://www.ovh.co.uk/anti-ddos/ (they are the same company)and they can handle really big ddos, if they cant handle the ddos, then there's noway your vps will be able to :p
    Also, if the vps is ddos and therefor is unavailable, your server would still be "down" as noone would be able to connect to it
    (except a few staff members, who knows the "real" ip)
     
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  5. It doesn't doesn't sound like that's ops intentions. But if it is, I doubt you need multiple instances and if you did you would need something like RedisBungee to sync counts and what not between servers.
     
  6. He posted this about a week ago: https://www.spigotmc.org/threads/haproxy-in-vps-ovh.148868
    Would probably be much easier to just move everything to a DDoS protected host such as OVH.
     
  7. I'm not sure why he's attempting to run 3 bungeecord instances, I don't believe that's necessary in his case.