HAProxy Aloha¶

HAProxy Aloha is the enterprise load balancer that serves as the entry point for all API traffic.

Architecture Diagram¶

graph TB
    subgraph INTERNET["Internet"]
        CLIENTS["B2B Clients<br/>Travel Agents, OTAs"]
    end

    subgraph HAPROXY_CLUSTER["HAProxy Aloha Enterprise Cluster"]
        subgraph ACTIVE["Active Node"]
            HAP1["HAProxy Master<br/>10.32.8.36<br/>VM on Proxmox-1"]
        end

        subgraph STANDBY["Standby Node"]
            HAP2["HAProxy Standby<br/>10.32.8.38<br/>VM on Proxmox-2"]
        end

        VIP["Virtual IP<br/>89.149.192.33<br/>Floats between nodes"]
    end

    subgraph API_BACKEND["API Backend Pool"]
        API1["API-1: 10.32.8.134"]
        API2["API-2: 10.32.8.135"]
        API3["API-3: 10.32.8.139"]
        API4["API-4: 10.32.8.137"]
        API5["API-5: 10.32.8.35"]
        API6["API-6: 10.32.8.166"]
        API7["API-7: 10.32.8.167"]
    end

    CLIENTS -->|"HTTPS :443"| VIP
    VIP --> HAP1
    VIP -.->|"Failover"| HAP2
    HAP1 & HAP2 -->|"Round-robin"| API1 & API2 & API3 & API4 & API5 & API6 & API7

    style HAP1 fill:#90EE90
    style HAP2 fill:#FFE4B5
    style VIP fill:#87CEEB

Server Details¶

Component	IP Address	Type	Host
HAProxy Master	10.32.8.36	VM	Proxmox-1
HAProxy Standby	10.32.8.38	VM	Proxmox-2
Public VIP	89.149.192.33	Virtual	Floating

Configuration¶

Setting	Value	Description
Public VIP	89.149.192.33	Floating IP for client access
Master Node	10.32.8.36	Active load balancer
Standby Node	10.32.8.38	Passive failover node
Hosting	Proxmox Cluster	VMs on Proxmox 1 & 2
Edition	Aloha Enterprise	Licensed enterprise version
Management UI	haproxy-ui.withinearth.com	Web-based configuration
Protocol	HTTPS (TLS 1.2+)	SSL termination at HAProxy
Backend Algorithm	Round-robin	Even distribution across API servers
Health Checks	HTTP /health	Every 5 seconds
Session Persistence	None	Stateless API design

Purpose	URL	Description
Aloha Admin Panel (Master)	http://10.32.8.36:4444	Master node admin interface
Aloha Admin Panel (Standby)	http://10.32.8.38:4444	Standby node admin interface
Aloha Stats Page	http://10.32.8.38:45001	Real-time HAProxy statistics
Central Monitoring	https://central.withinearth.com	Click "Aloha" section for comprehensive monitoring
Client Management UI	https://haproxy-ui.withinearth.com	Add/remove clients, manage mappings
Client Performance Reports	https://report.withinearth.com	Client performance analytics
Aloha ELK Logs	https://elk.withinearth.com	HAProxy log analysis

SSL Certificate¶

Setting	Value
Certificate Type	Wildcard SSL (*.withinearth.com)
Expiry Date	February 9, 2026
Renewal Required	Before Feb 9, 2026
Applied To	All HTTPS traffic through HAProxy

SSL Certificate Renewal

The wildcard SSL certificate expires on February 9, 2026. Ensure renewal is scheduled before this date to avoid service disruption.

Dynamic Configuration Services¶

HAProxy Aloha uses Dynamic Updates for three critical services. Configuration files are hosted on a central server and HAProxy updates its config dynamically without restart.

graph TB
    subgraph CONFIG_SERVER["Configuration Server (10.32.8.235:9000)"]
        MAPPING["frontend_backend_mapping.txt<br/>URL to Backend Mapping"]
        WHITELIST["ip_whitelist.txt<br/>IP Restriction/Whitelist"]
        RATELIMIT["rate_limit.txt<br/>Per-Client Rate Limits"]
    end

    subgraph HAPROXY_UI["HAProxy UI (haproxy-ui.withinearth.com)"]
        UI["Web Interface<br/>Manages all config files"]
    end

    subgraph ALOHA["HAProxy Aloha Cluster"]
        MASTER["Master 10.32.8.36"]
        STANDBY["Standby 10.32.8.38"]
    end

    UI -->|"Updates"| MAPPING & WHITELIST & RATELIMIT
    MASTER & STANDBY -->|"Fetches dynamically"| CONFIG_SERVER

    style CONFIG_SERVER fill:#FFE4B5
    style HAPROXY_UI fill:#90EE90

1. URL to Backend Mapping¶

Maps client URLs/domains to their specific backend API pools.

Setting	Value
Config File	http://10.32.8.235:9000/frontend_backend_mapping.txt
Purpose	Route client requests to correct backend
Management	https://haproxy-ui.withinearth.com
Update Method	Dynamic (no restart required)

How it works:

Each client has a unique subdomain/URL
Mapping file contains URL → Backend Pool entries
HAProxy-UI manages this file when adding/removing clients
HAProxy fetches updates dynamically

2. IP Restriction / Whitelist¶

Controls which IPs can access the API for each client.

Setting	Value
Config File	http://10.32.8.235:9000/ip_whitelist.txt
Purpose	IP-based access control per client
Management	https://haproxy-ui.withinearth.com
Update Method	Dynamic (no restart required)

How it works:

Each client can have whitelisted IPs
Add IPs via HAProxy-UI
Config file updates automatically
HAProxy applies changes without restart

3. Rate Limiting¶

Per-client rate limiting for search endpoint protection.

Setting	Value
Config File	http://10.32.8.235:9000/rate_limit.txt
Purpose	Control request rate per client
Applied To	Search endpoint only
Management	https://haproxy-ui.withinearth.com
Update Method	Dynamic (no restart required)

How it works:

Each client has configurable rate limits
Limits set via HAProxy-UI
Config file stores per-client limits
HAProxy enforces limits in real-time

Dynamic Update Architecture¶

sequenceDiagram
    participant Admin as Admin User
    participant UI as HAProxy-UI<br/>haproxy-ui.withinearth.com
    participant Config as Config Server<br/>10.32.8.235:9000
    participant HAP as HAProxy Aloha

    Admin->>UI: Add/modify client config
    UI->>Config: Update config file<br/>(mapping/whitelist/ratelimit)
    Config-->>UI: File updated

    loop Every few seconds
        HAP->>Config: Fetch latest config
        Config-->>HAP: Return config file
        HAP->>HAP: Apply changes dynamically<br/>(No restart needed)
    end

Service	Config File URL
URL Mapping	http://10.32.8.235:9000/frontend_backend_mapping.txt
IP Whitelist	http://10.32.8.235:9000/ip_whitelist.txt
Rate Limits	http://10.32.8.235:9000/rate_limit.txt

Failover Behavior¶

sequenceDiagram
    participant M as HAProxy Master<br/>10.32.8.36
    participant S as HAProxy Standby<br/>10.32.8.38
    participant VIP as Virtual IP<br/>89.149.192.33
    participant C as Clients

    Note over M,S: Normal Operation
    M->>M: Heartbeat active
    C->>VIP: HTTPS Request
    VIP->>M: Route to Master
    M->>C: Response

    Note over M,S: Failure Scenario
    M->>M: Master fails
    S->>S: Detects failure (2-3 sec)
    S->>VIP: Claims VIP
    C->>VIP: HTTPS Request
    VIP->>S: Route to Standby
    S->>C: Response

Master monitors: HAProxy Master sends heartbeats
Failure detection: Standby detects master failure within 2-3 seconds
VIP migration: Virtual IP moves to standby automatically
Traffic resumes: Clients reconnect to same VIP, traffic flows to new active

Backend Pool¶

Server	IP Address	Status
API-1	10.32.8.134	Active
API-2	10.32.8.135	Active
API-3	10.32.8.139	Active
API-4	10.32.8.137	Active
API-5	10.32.8.35	Active
API-6	10.32.8.166	Active
API-7	10.32.8.167	Active

Last Updated: 2025-12-02

HAProxy Aloha¶

Architecture Diagram¶

Server Details¶

Configuration¶

Related Links¶

SSL Certificate¶

Dynamic Configuration Services¶

1. URL to Backend Mapping¶

2. IP Restriction / Whitelist¶

3. Rate Limiting¶

Dynamic Update Architecture¶

Failover Behavior¶

Backend Pool¶