We run a Java app on RHEL on port 8443 on multiple nodes and are also using a load balancer that's outside of our control. The app uses HTTPS and TLS and our users use the load balancer URL. Every now and then we need to take the app offline for maintenance, and we do that via iptables using the command below:
iptables -A INPUT -p tcp --dport 8443 -j DROP
What we would like to have for our users is to have a certain message displayed while the app is down for maintenance, something like: "The app is down and we know about it, do not raise any tickets and just wait patiently.". But we need to do this without touching the load balancer that's outside of our control. You probably get the idea at this point. I'm not an iptables or network expert and that's why I need your help. What would be the most elegant way to accomplish this? Thank you!
Point being, when a client hits LB IP addresss, it will direct him to a working backend application.
With your IP table rule, you DROP the packets, so any LB will not send traffic to that specific backend application server.
As far as LB is concerned that specific backend server is dead, and traffic is directed only to working ones.
So, i'm not quite sure what would you achieve to serve a web page saying "This specific node is not working" ?
Can you clarify on :
Does that mean all the backend application servers or just one ?
Then get a dummy web server up on port say, 8444, put your message under document root and using iptables redirect traffic from port 8443 to 8444, instead of DROP.
Could you elaborate on how configuring a reverse proxy could effectively address the special cases and potential issues between the load balancer and users?
How does this setup enhance overall system performance and user experience?