A Load Balancer / reverse proxy is installed in front of the application servers and serves, as the main connection point for all communication to Orchestra.
The Load Balancer must be configured with the Orchestra application servers in a hot / cold setup. Whereby all traffic is directed to the primary instance and the secondary is used a s a backup in case the primary fails.
It is recommended to use the same ports (e.g. 8080 for http traffic) in the Load Balancer frontend as in the Orchestra backend.
To support Qmatic hardware devices that communicate with the Queue Agent directly (e.g. GW1745, Intro 17), the Load Balancer will need to support the websocket protocol and be capable of directing websocket traffic to the backend instances, either at layer 7 or at least layer 4 TCP.
To prevent a SPOF (single point of failure) in the architecture, the Load Balancer / reverse proxy should be deployed in an HA configuration also. The setup of this configuration is specific for the selected HA solution and is not in the scope of this manual.
If HTTPS is required, it is advised that SSL be terminated at the Load Balancer and proxy HTTP to the application servers to offload the SSL processing.
The following HTTP headers should be configured at the Load Balancer to send to Orchestra application servers:
Header
Value
Comments
X-Forwarded-Proto
https
Use only when offloading SSL at Load Balancer.
X-Forwarded-For
<default>
Identifies the source client IP address.
Proxy-IP
Same as X-Forwarded-For
Used by Glassfish instead of ‘X-Forwarded-For’ in some places.
See “HA Proxy Example” , for an example configuration with a popular open source Load Balancer. In the example configuration for HAProxy is included a frontend for terminating SSL traffic at the Load Balancer.