In the modern era of edge computing, microservices, and remote work, a single point of failure in your network gateway is no longer acceptable. Whether you are running a home lab, a corporate VPN, or a geo-distributed proxy mesh, downtime translates directly to lost productivity or revenue.
Enter Realm Host V2 combined with a High Availability (HA) Tunnel setup. While standard Realm Host provides a robust, cross-platform (Windows, macOS, Linux) reverse proxy and tunnel solution, the "V2 HA Tunnel" architecture elevates it into carrier-grade territory.
This article dissects every component of the Realm Host V2 HA Tunnel. You will learn what it is, how the architecture works, step-by-step configuration for active-passive and active-active clusters, and advanced troubleshooting.
Create /etc/systemd/system/realm-ha.service: realm host v2 ha tunnel
[Unit] Description=Realm Host V2 HA Tunnel After=network-online.target etcd.service keepalived.service[Service] Type=simple User=realm Group=realm ExecStartPre=/bin/mkdir -p /var/log/realm ExecStart=/usr/local/bin/realm -c /etc/realm/config.toml Restart=on-failure RestartSec=10 LimitNOFILE=65536
[Install] WantedBy=multi-user.target
Enable and start:
sudo systemctl enable realm-ha keepalived
sudo systemctl start realm-ha keepalived
Your local Realm client maintains two simultaneous TLS connections to two different backend servers (Server A & Server B). If Server A responds with 5xx or a connection timeout, Realm V2 automatically fails over to Server B without dropping the outer TCP session.
Instead of simple failover, you can configure Realm Host V2 HA to use weighted round-robin across multiple backends. This is done by running multiple Realm processes locally, each pinned to a different backend, and using haproxy or nginx in front with a least_conn algorithm. In the modern era of edge computing, microservices,
Example haproxy frontend:
frontend realm_ha_frontend bind *:8443 default_backend realm_backends
backend realm_backends balance leastconn server backend1 127.0.0.1:1080 weight 3 server backend2 127.0.0.1:1081 weight 2 server backend3 127.0.0.1:1082 weight 1