Load Balancer

As part of High Availability and Disaster Recovery (HA/DR) best practices, we recommend deploying the Hyperscience application on multiple machines and using a load balancer to distribute web requests. 

Note that the trainer does not distribute any web requests and should not be included in your load balancer setup.

Supported Configurations

Hyperscience supports the following two configurations:

  • SSL passthrough

  • SSL/TLS offloading

SSL/TLS offloading

We strongly recommend SSL/TLS offloading to the load balancer. This configuration relieves the web configuration of the processing burden of decrypting and/or encrypting SSL/TLS traffic. The load balancer decrypts the data and sends it to the web server. To configure SSL/TLS offloading to the load balancer, you need to open port 80 on all machines where the application server is installed and route HTTP traffic to this port.

SSL/TLS passthrough

If you would like to configure SSL passthrough, you need to:

  1. Open port 443 on all application machines. 

  2. Configure the load balancer to route HTTP traffic to port 443 on all application machines.

  3. (Optional but recommended) Configure an HTTP ➜ HTTPS redirection rule. If you do not configure this redirection rule, some web browsers will fail to load the Hyperscience web application if the URL is not specifically prepended with “https://”. You can configure the redirection rule in one of the following ways:

    • Inside the load balancer

    • Inside Hyperscience. You need to open port 80 on all application machines. Configure the load balancer to route HTTP traffic to port 80 on all application machines. You can enable the HTTP ➜ HTTPS redirection rule in the “.env” file:

      NGINX_ENABLE_SSL_REDIRECT=yes

If you would like to make any SSL/TLS changes, you need to re-configure each machine separately. For example, if you need to change the SSL certificate, you need to update the certificate on each machine.

In v40 and later, you can choose the minimum level of severity that NGINX-related errors need to have in order to be logged by the syslog utility. To learn more, see Security.

Recommended Settings

We recommend using the following load balancer settings:

  • Set the load balancer’s healthcheck endpoint to /login.

  • Set your load balancer’s timeout settings to at least 30 minutes for HTTP requests. A 30-minute timeout ensures that all Hyperscience operations can be completed successfully.

  • Disable sticky sessions if your load balancer allows.

  • Use the load balancer’s default routing algorithm or choose one based on existing policies.