Eagle Router
Från Manual Nginx Configs → Till Intelligent Network Traffic Management med Auto SSL & Service Discovery
Advanced network routing and traffic management for multi-tenant infrastructure. Dynamic routing, load balancing, service discovery, and automatic SSL certificate management for 30+ production services. Zero-downtime deploys med intelligent traffic distribution.
Vem är Eagle Router för?
🔧 DevOps Teams med 10+ Microservices
Managing 30+ production services → manual nginx config för each service → tedious SSL certificate renewals (Let's Encrypt manual) → no load balancing (single instance bottlenecks) → downtime under deploys (service restart = 5-10 sec offline). Service discovery? Manual DNS updates när services scale. NIGHTMARE operationally.
Eagle Router automates EVERYTHING: Add new service → automatic routing rule creation via K8s annotations. SSL certificates → automatic Let's Encrypt provisioning + renewal (zero manual work). Load balancing → automatic traffic distribution across replicas. Zero-downtime deploys → rolling update traffic shifted gradually. Service discovery → Consul/K8s integration tracks healthy backends automatically.
Från: 4h/vecka manual config + SSL management (nginx updates, cert renewals, deploy coordination)
Till: 0h manual work → fully automated routing + SSL + load balancing
Savings: 200h/år × 1500 SEK/h = 300 000 SEK/år per DevOps team
🏢 SaaS Companies med Multi-Tenant Infrastructure
Multi-tenant SaaS → each customer separate subdomain (tenant1.example.com, tenant2.example.com) → route traffic till tenant-specific backends. Manual routing rules per tenant → nightmare when scaling to 100+ tenants. Custom domain support (customers want custom domains) → manual SSL cert provisioning + DNS setup. Blue/green deploys → traffic splitting 90/10 för canary testing → complex manually.
Eagle Router handles multi-tenant routing automatically: Subdomain-based routing → tenant1.example.com → Backend A, tenant2.example.com → Backend B (automatic pattern matching). Custom domains → customer adds CNAME → Eagle Router auto-provisions SSL cert via Let's Encrypt. Canary deployments → route 10% traffic till v2.0, 90% till v1.0 → gradual rollout. Header-based routing för A/B testing.
Från: 2h per new tenant setup (routing rules, SSL cert, DNS config) × 50 tenants/år = 100h/år
Till: 5 min automated setup per tenant → 4h/år manual work
Savings: 96h/år × 1500 SEK/h = 144 000 SEK/år saved manual tenant setup
BEFORE vs AFTER Eagle Router
BEFORE (Manual Configs)
- ❌Manual Nginx Configs
Every new service → manually edit /etc/nginx/sites-enabled/service.conf → add upstream block + proxy_pass rules → nginx reload. Error-prone, time-consuming, 30+ config files to maintain.
- ❌SSL Certificate Hell
Manual certbot för each domain → crontab renewal checks → certificates expire randomly → 3 AM alerts when cert expires → scramble to renew. No wildcard cert management → each subdomain = separate cert.
- ❌No Load Balancing
Single instance per service → bottlenecks under load → service crashes when traffic spikes. Manual setup of HAProxy/Nginx upstream groups → complex config för round-robin/least-connections algorithms.
- ❌Downtime During Deploys
Service deploy → stop old container → start new → 5-10 sec downtime → 502 Bad Gateway errors → users notice. Zero-downtime deploys = complex manual traffic shifting with weighted upstreams.
AFTER (Med Eagle Router)
- ✅Automatic Routing
Add K8s annotation → Eagle Router auto-creates routing rules. traefik.http.routers.service-name.rule = "Host(`api.example.com`) && PathPrefix(`/users`)" → service instantly accessible via HTTPS. Zero manual config.
- ✅Auto SSL (Let's Encrypt)
Eagle Router detects new domain → auto-requests Let's Encrypt cert → provisions SSL within 30 sec → automatic renewal 30 days before expiry. Wildcard certs för *.example.com → one cert för all subdomains. Zero manual work.
- ✅Dynamic Load Balancing
Service scales to 3 replicas → Eagle Router automatically distributes traffic round-robin across all 3. Health checks → unhealthy instance removed från pool → traffic only sent to healthy backends. No manual config needed.
- ✅Zero-Downtime Deploys
Rolling update → Eagle Router gradually shifts traffic från old pods → new pods. 90% old, 10% new → 50/50 → 10% old, 90% new → 100% new. Zero 502 errors → seamless user experience. Blue/green deployments trivial.
Hur Det Fungerar - Step by Step
SSL Termination & Certificate Management
Eagle Router handles ALL SSL/TLS traffic för entire infrastructure. När HTTPS request arrives (https://api.example.com) → Router performs SSL/TLS handshake → decrypts traffic → forwards plain HTTP till backend (backends don't need SSL → simplified deployment). Automatic Let's Encrypt integration: New domain detected → Eagle Router sends ACME challenge → receives cert → installs within 30 sec. Wildcard certs (*.example.com) → one cert covers all subdomains. Automatic renewal 30 days before expiry → zero manual cert management.
- •Let's Encrypt ACME protocol: Automatic cert provisioning via HTTP-01 eller DNS-01 challenges (supports wildcard certs)
- •Auto-renewal 30 days before expiry: Cron job checks cert expiry daily → renews automatically → zero downtime cert rotation
- •SNI (Server Name Indication): Single IP handles 100+ domains → Eagle Router selects correct cert based on hostname
- •TLS 1.3 support: Modern cipher suites (ECDHE-RSA-AES256-GCM-SHA384) → A+ SSL Labs rating → secure connections
Dynamic Routing Rules - Host, Path, Header-Based
Eagle Router matches incoming requests mot routing rules → determines which backend service handles request. Host-based routing: api.example.com → API Service, admin.example.com → Admin Service (subdomain routing). Path-based routing: example.com/api/users → User Service, example.com/api/orders → Order Service (URL path patterns). Header-based routing: X-Tenant-ID: tenant1 → Tenant1 Backend (multi-tenant routing). Regex support: /api/v[0-9]+/users → matches /api/v1/users, /api/v2/users (versioned APIs). Rules defined i K8s annotations eller Traefik config file → auto-reloaded when services update.
- •Host-based routing (subdomains): api.example.com → API Service, app.example.com → Frontend (100+ domains supported)
- •Path-based routing (URL patterns): /api/users → User Service, /api/orders → Order Service (PathPrefix, Path, PathRegex matchers)
- •Header-based routing (multi-tenant): X-Tenant-ID header → route till tenant-specific backend (A/B testing, feature flags)
- •Priority-based matching: Most specific rule wins (exact path > prefix > regex) → correct service selected automatically
Service Discovery & Load Balancing
Eagle Router queries K8s/Consul för healthy backend instances → gets list of IP:port för target service. Service scales från 1 → 3 replicas? Eagle Router auto-detects new instances → adds to load balancing pool within seconds. Health checks: Eagle Router pings each backend /health endpoint every 5 sec → removes unhealthy instances från pool → traffic only sent till healthy backends. Load balancing algorithms: Round-robin (default), Least-connections (send till backend med fewest active connections), Weighted (send 70% traffic till new version, 30% till old → canary deploys). Session affinity (sticky sessions) → same user always routed till same backend (stateful apps).
- •K8s Service Discovery: Eagle Router watches K8s API → auto-discovers new pods → adds to backend pool (no manual DNS updates)
- •Health checks (active + passive): Active: /health ping every 5s, Passive: detect 502/503 errors → mark instance unhealthy
- •Load balancing algorithms: Round-robin (equal distribution), Least-connections (best för long-running requests), Weighted (canary/blue-green deploys)
- •Session affinity (sticky sessions): Cookie-based routing → same user → same backend pod (stateful apps, WebSockets)
Metrics & Monitoring - Prometheus Integration
Eagle Router logs ALL request metrics → Prometheus scrapes /metrics endpoint every 15 sec → stores time-series data. Metrics tracked: Request rate (requests/sec per service), Latency percentiles (p50, p90, p95, p99 response times), Error rate (4xx, 5xx errors per service), Backend health (healthy vs unhealthy instances), SSL cert expiry (days until cert expires → alerts when < 7 days). Grafana dashboards visualize metrics → spot bottlenecks instantly. Alerts configured i Prometheus: High error rate (>5% 5xx errors) → alert DevOps, Latency spike (p95 > 500ms) → investigate, SSL cert expiry (< 7 days) → auto-renew triggered.
- •Request metrics: Requests/sec, Latency (p50/p90/p95/p99), Error rates (4xx/5xx), Bytes transferred (in/out)
- •Backend health tracking: Healthy vs unhealthy instances, Health check success rate, Failover events logged
- •Prometheus /metrics endpoint: Exposed on :8080/metrics → scraped every 15s → time-series data stored (30 days retention)
- •Grafana dashboards: Real-time request rate graphs, Latency heatmaps, Service health status → visual monitoring
Varför Eagle Router Är Bra - 9 Konkreta Fördelar
30+ Services Managed (Zero Manual Config)
Eagle Router manages 30+ production services i Eagle Labs infrastructure: TicketBird, WarehouseBot, Invoice Portal, Product Manager, etc. Add new service → K8s annotation → automatic routing + SSL. Zero manual nginx config files → fully automated.
ROI: 30 services × 15 min setup saved = 7.5h → 11 000 SEK saved initial setup + 200h/år maintenance
Auto SSL (Let's Encrypt) - Zero Manual Cert Work
Automatic Let's Encrypt cert provisioning för ALL domains. New domain added → cert issued within 30 sec → installed automatically. Wildcard certs (*.eagle.productions) → one cert för 50+ subdomains. Auto-renewal 30 days before expiry → zero 3 AM cert expiry alerts.
ROI: 50 domains × 30 min/år manual cert work = 25h/år saved × 1500 SEK = 37 500 SEK/år
<5ms Routing Latency (Sub-millisecond Overhead)
Eagle Router adds <5ms latency per request → negligible overhead. Traefik written i Go → high-performance routing. Request flow: Client → Eagle Router (SSL + routing) → Backend → Eagle Router → Client. Total overhead <5ms → 99% of latency is backend processing.
ROI: Sub-millisecond routing → no performance degradation → users don't notice proxy layer exists
Dynamic Load Balancing (Auto-scaling Support)
Service scales från 1 → 10 replicas under high load → Eagle Router auto-detects new pods → distributes traffic evenly. Round-robin default, least-connections för long-running requests. Health checks remove unhealthy instances → traffic only sent till healthy backends.
ROI: Handle 10x traffic spikes → no manual load balancing config → services auto-scale seamlessly
Zero-Downtime Deploys (Rolling Updates)
K8s rolling update → Eagle Router gradually shifts traffic från old pods → new pods. 90% old, 10% new → 50/50 → 10% old, 90% new → 100% new. Zero 502 errors → seamless user experience. Health checks ensure new pods healthy before routing traffic.
ROI: 50 deploys/år × 10 min downtime saved = 8h/år × 100 users affected = 80 000 SEK saved user frustration
Multi-Tenant Routing (Subdomain-Based)
Automatic subdomain routing för multi-tenant SaaS: tenant1.example.com → Backend A, tenant2.example.com → Backend B. Pattern matching → *.example.com routes till tenant-specific backends. Custom domains supported → customer adds CNAME → automatic SSL + routing.
ROI: 50 tenants × 2h manual setup = 100h/år saved × 1500 SEK = 150 000 SEK/år
Rate Limiting & DDoS Protection
Configurable rate limits per IP, user, or API endpoint → protect backends från overload. 100 req/min per IP → exceeding users get 429 Too Many Requests. Redis-backed rate limiting → shared across Eagle Router instances. Prevents DDoS → backends safe från abuse.
ROI: Prevent backend crashes från traffic spikes → 99.9% uptime maintained → zero emergency scaling costs
Prometheus Metrics & Monitoring
Real-time metrics på ALL traffic: Requests/sec per service, Latency percentiles (p50/p90/p95/p99), Error rates (4xx/5xx), Backend health. Grafana dashboards visualize → spot bottlenecks instantly. Alerts när services degrade → proactive monitoring.
ROI: Catch performance issues BEFORE users complain → 50% faster incident response → less user churn
Blue/Green & Canary Deployments
Weighted routing → send 10% traffic till v2.0 (canary), 90% till v1.0. Monitor metrics → om v2.0 OK → gradually increase to 100%. Blue/green deploys → instant rollback om issue detected. Feature flags via header routing → A/B testing trivial.
ROI: Safe deploys → catch bugs i 10% traffic → prevent 100% user impact → 90% reduction i deploy incidents
Nyckelmetrik - Vad Eagle Router Levererar
Tech Stack - Vad Eagle Router Använder
Core Components
- TraefikCloud-native edge router (written i Go för high performance)
- Nginx (fallback)Web server and reverse proxy (legacy services)
- HAProxy (optional)TCP/HTTP load balancer (specialized use cases)
- GoHigh-performance language för custom routing logic
Integrations
- Let's Encrypt (ACME v2)Automated SSL certificate provisioning + renewal
- PrometheusMetrics collection + alerting (scrapes /metrics endpoint)
- Consul (optional)Service discovery and KV store (alternative to K8s discovery)
- RedisRate limiting state + caching (shared across instances)
Deployment
- Kubernetes (K3s)Container orchestration (service discovery via K8s API)
- DockerContainerization (Eagle Router runs as K8s DaemonSet)
- GitLab CI/CDAutomated deployments (config updates trigger reload)
- TerraformInfrastructure as code (provision routers across nodes)
Common Use Cases
Multi-Tenant Applications
Route traffic to different tenant-specific backends based on subdomain or URL path. Each tenant isolated backend → data separation + custom configs.
tenant1.example.com → Service A
tenant2.example.com → Service BAPI Gateway
Centralized entry point for all microservices. Authentication, rate limiting, and request transformation handled by router → backends simplified.
api.example.com/users → User Service
api.example.com/orders → Order ServiceBlue/Green Deployments
Route percentage of traffic to new version for canary testing. Zero-downtime deployments med instant rollback capabilities om issue detected.
90% traffic → v1.0
10% traffic → v2.0 (canary)CDN Integration
Route static assets to CDN (CloudFlare), dynamic requests to backend. Optimize performance and reduce backend load → faster page loads.
/static/* → CloudFlare CDN
/api/* → Backend APIBehöver du intelligent routing för din infrastruktur?
Vi kan implementera liknande routing-lösning för din multi-service arkitektur. Load balancing, service discovery, och automatic SSL för alla dina services.