[erlang-questions] Erlang & TLS Termination

Dave Cottlehuber dch@REDACTED
Wed Sep 5 17:17:24 CEST 2018


On Wed, 5 Sep 2018, at 15:19, Frank Muller wrote:
> Hi guys
>
> Would like to hear from your experience(s) on using Erlang with
> TLS/SSL.> The default Erlang stack doesn't perform well, Google says.
>
> Does anyone use Erlang in production behind:
>
> . Hitch: https://hitch-tls.org/
> . Envoy: https://www.envoyproxy.io/
> . HAProxy: http://www.haproxy.org/
> . ???

I’ve used haproxy to great effect handling all those messy acme/let’s
encrypt renewals and load balancing connections across multiple servers
for plain https, rabbitmq and socketio traffic. Roughly 50-80k https
txns  in and out per hour. The major win was matching up ibrowse
connection settings with http1.1 pipelined connections to a 3rd party
API. I think ferd’s tuning is a very similar outcome.
the most important things in hindsight were

- getting pipelining working to reuse TLS connections
- observabilty
- good logging
- predictable failure modes

I moved all services including DB and message brokers behind haproxy for
these reasons.
You should look very carefully at service discovery, and http2 support,
in all of the situations you intend to proxy, not all of these projects
have the same level of support.
Developing your own heroku style LB would be interest g for a bigger
organisation I think I needed something I could forget about.
A+
Dave






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180905/262d3507/attachment.htm>


More information about the erlang-questions mailing list