Public IP vs Shared Load Balancer
The platform provides you with a Shared Load Balancer (resolver). Shared LB is a proxy server between client side (browser, for example) and your application deployed to PaaS. The platform Shared LB consists of a DNS Server, an NGINX balancer, a MySQL slave database and a health-checker.
Shared resolver processes all incoming requests sent to the domain name ({user_domain}.{hoster_domain}) where environment entry point (balancer, application server or even database) does not have a Public IP.
In order to be protected from DDoS attacks Shared LB is limited to 50 simultaneous connections per the source address of the request.
Tip: The DoS (Denial-of-Service) protection can be configured via the dedicated system settings in the admin panel:
- jelastic.nginx.limit.conn.enabled - enables (true) or disables (false) Anti-DoS protection for the platform (if disabled, the settings below will be ignored)
- jelastic.nginx.limit.conn.common.count - restricts a number of connections that are allowed per IP address
- jelastic.nginx.limit.conn.res.count - restricts a number of connections for static resources that are allowed per IP address
- jelastic.nginx.limit.conn.50x.count - restricts a number of connections to error pages that are allowed per IP address
- jelastic.nginx.limit.req.per.second - restricts a number of requests that are allowed per second
- jelastic.nginx.limit.req.common.burst.count - restricts a number requests that are allowed to be queued
- jelastic.nginx.limit.req.res.burst.count - restricts a number of requests for static resources that are allowed to be queued
To increase high availability of the system, the platform uses several Shared Resolvers for receiving requests simultaneously. As a result, there can be several entry points for users' environments used at the same time. In this way, the load can be effectively distributed. Follow the link to get more information about Resolver High Availability.
Using Shared LB is recommendable for your dev and test environments. As for production environments it is much more appropriate to use more secure way of getting and processing the requests - your own public IP. It’s more stable solution with less risk to be affected by many apps which use shared load balancer.
The Advantages of Public IP
- The application cannot be affected during the platform upgrades, even hypothetically, as all requests will bypass Shared LB.
- It allows you to get connection secured by means of Custom SSL feature. It means that SSL connection for your custom domain names can be established using your own custom certificates.
- It provides you with ability to have FTP add-on installed.
- If you attach Public IP to your database instance it provides you with the opportunity to work with your databases remotely. You can import and export dumps from your computer without having to login to our dashboard. And you are not restricted in data size uploading.
- Remote debugging is a pretty useful benefit. You can debug your code from your IDE.
- One more thing to consider is the capability that a Public IP lets you use web-sockets and polling. So, if you open a page with upcoming messages and expect them to be updated as soon as a new message arrives, a public IP is what you need. It is great for interactive applications.
Notes:
- If you have Public IP enabled for any node in your environment, you can’t swap domains.
- Public IP is a paid service, which is charged hourly. You can set the price per hour via the appropriate Tariff in admin panel, as well as control feature availability for users via the environment.externalip.* and environment.externalipv6.* quotas.
