Quantcast
Viewing all 4747 articles
Browse latest View live

Load balancer for proxies

April 6, 2020, 10:15 pm
$
0
0

@vicnick wrote:

Hi, I have a few custom-written HTTP proxies (CONNECTed by client). I want to have a round-robin load balancer (HAProxy) in-front of them so that a single IP address can be used by the client to access a pool of rotating backend HTTP proxies. HAProxy will mainly forward incoming requests to the backend proxies, and then relay the response back to the client.

I’m guessing that this can be done using the option http_proxy configuration. Is that correct?

I also want HAProxy to retry the next backend once only in case of a backend timeout or a specific status code (e.g. HTTP 520). How can I configure this custom rule?

Lastly, does it make sense (and is it possible) to explicitly gzip compress and keep-alive connection between HAProxy and backend proxies, or will it just pass the HTTP request as-is from the client, in which case the request will include compression headers.

Any tips or suggestions will be useful. Thank you!

Posts: 1

Participants: 1

Read full topic

Search

Unable to bind 3000 ports in haproxy

April 9, 2020, 6:56 am
$
0
0

@shetty wrote:

I want to bind 3000 ports in haproxy. Port number ranging from 400001 to 43000. But I am unable to do so. After adding the frontend and backend in haproxy.cfg file, I am unable to restart haproxy. It gives me the error Starting proxy mp40772: cannot bind socket [0.0.0.0:40772]. Could you please let me know if it is possible to bind 3000 ports in haproxy

Posts: 6

Participants: 2

Read full topic

HAProxy 2.0.14 (with vulnerability fix) package for ubuntu & debian stretch

April 9, 2020, 8:29 am
$
0
0

@tt100 wrote:

Could anyone please point me to from where I can download debian package for HAProxy 2.0.14 (2.0 version with the fix for HPACK vulnerability). Thanks.

Posts: 5

Participants: 2

Read full topic

Configure HA Proxy for domain name

April 9, 2020, 9:59 am
$
0
0

@abduljanjua wrote:

Hi,
I have a scenario,
I have the domain myapp.com (Appointed to HA PROXY server) and two other domains (myapp1.com and myapp2.com running on other servers)

In my configuration I am trying to add them as:
frontend www_frontend
bind *:80
acl host_web1 hdr(host) -i myapp.com
use_backend myapp if host_web1

frontend www_frontend_https
bind *:443
acl host_web1 hdr(host) -i myapp.com
use_backend myapp if host_web1

backend myapp
balance leastconn
http-request set-header X-Client-IP %[src]
server node1 myapp1.com cookie A check
server node2 myapp2.com cookie A check

But it gives me error that
server node1 has neither service port nor check port nor tcp_check rule ‘connect’ with port information. Check has been disabled.

myapp1.com and myapp2.com are only exessible through domain names not by IP addresses.

Also in my /etc/hosts I have the IP addresses and host names in all three server.

All the servers are running nginx.

My HAPROXY domain myapp.com is also using nginx.

This is my first time working with HA Proxy and help will be much appreciated.

Thank you!

Posts: 1

Participants: 1

Read full topic

Error : Unable to load certificate chain

April 10, 2020, 1:47 am
$
0
0

@vignesh-sp wrote:

I am trying to configure a backend with ssl, but it is failing with Unable to load certificate chain error.

This is a combined cert in the below format -

<PrivateKey>
<Cert>
<Cert>
<Cert>
<Cert>

When I try to reload with this config, it fails.

It works if I flip the format to -

<Cert>
<Cert>
<Cert>
<Cert>
<PrivateKey>

currently on HAproxy 2.1.3. When I add the cert in this format and reload the process, it works, but the cert format automatically flips back to -

<PrivateKey>
<Cert>
<Cert>
<Cert>
<Cert>

and the next reload will not work.

The same cert works in HAproxy 2.0.8 without any of the above problems.

I tested this 2.1.4 as well, the below format doesn’t work.

<PrivateKey>
<Cert>
<Cert>
<Cert>
<Cert>

The below works and stays the same even after the reload -

<Cert>
<Cert>
<Cert>
<Cert>
<PrivateKey>

My bad I’m repeating the format again and again, just wanted to be clear.

Can you guys shed some light on why the first format doesn’t work?

Posts: 1

Participants: 1

Read full topic

Exchange 2013, L7, Errors Resp

April 10, 2020, 5:52 am

Help me with ssl

April 11, 2020, 6:30 am
$
0
0

@dpardo wrote:

Hi everyone, can you help me ???

i have a problem because i have a frontend to receive https trafic but it has ssl cetificate for
one domain for example mydomain.com

frontend services_443
option forwardfor
bind *:443 ssl crt /etc/haproxy/star_mydomain_com_ec/star_mydomain_com_ec.pem alpn h2,http/1.1

and i need to accees to url that has other domain for example www.test.com
but i need that this url use https

I dont know if there is a way to use the same frontend to do it.

Thanks !!

Posts: 1

Participants: 1

Read full topic

Haproxy configuration for postfix synchronous or asynchronous

April 12, 2020, 10:12 am
$
0
0

@masuqur wrote:

Hi,
I configured haproxy 2.1 with postfix using the sample socket configuration found in example folder, socks4.cfg.

I managed to send mail. but it takes around 30 sec average to get a success response.

I observed that I get response near to same time when I get email. Is it working in a synchronous way. But If I call direct to one of the SMTP then it give me immediate response.

So how can I configure it in a asyn way to get immediate response

Thanks
Masuqur

Configuration file

global
log /var/log/haproxy local0
log /var/log/haproxy local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

listen smtp_back
bind :2525
mode tcp
option tcplog
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
option smtpchk
no option http-server-close
balance roundrobin
server SMTPS43 10...:25 send-proxy check
server SMTPS53 10...*:25 send-proxy check

frontend http_front
bind *:8081
stats uri /haproxy?stats
default_backend http_back

backend http_back
balance roundrobin
server local 10...*:8081 check

Posts: 1

Participants: 1

Read full topic

Search

Is there any equivalent of NGINX's `keepalive_requests` in HAProxy

April 12, 2020, 11:17 pm
$
0
0

@zeronone wrote:

We have multiple instances of HAProxy deployed. We have noticed that some clients send a large number of HTTP requests over a single persistent connection. It overwhelms one of the HAProxy instances while the others are sitting idle. Is there any way to limit the number of HTTP requests to be sent over one persistent connection (i.e: return Connection: close in the response after N requests)

NGINX keepalive_requests: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests

Posts: 1

Participants: 1

Read full topic

Use lua setting a server port

April 13, 2020, 5:12 am
$
0
0

@fsfs wrote:

we have a function to setting server ip address : set_addr
and we have a function to query server ip address and server port now : get_addr
but not have a setting server port function ,
Is it possible for set_addr to support setting ports?
like this:
set_addr(ip,port)
or
set_port(8443)

Posts: 1

Participants: 1

Read full topic

Using dynamic application session cookies with docker swarm backend services

April 13, 2020, 6:26 am
$
0
0

@yandok wrote:

Hi,

I’ve followed the guide at https://www.haproxy.com/blog/haproxy-on-docker-swarm-load-balancing-and-dns-service-discovery/ to setup a haproxy to load balance docker swarm backend services which works well.

I would like to introduce sticky sessions and found the dynamic cookie configuration at https://www.haproxy.com/de/blog/whats-new-haproxy-1-8/ which allows me to use

dynamic-cookie-key MYKEY
cookie SRVID insert dynamic

in this context.

Now to my question: is it possible to setup this kind of session persistence for the usage with application session cookies, like explained in this guide: https://www.haproxy.com/blog/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/

I’m searching for a way to configure a combination of

dynamic-cookie-key MYKEY
cookie SRVID insert dynamic
server-template server-template myapp- 3 myapp-Service:80 check resolvers docker init-addr libc,none

with

cookie JSESSIONID prefix nocache
server s1 192.168.10.11:80 check cookie s1
server s2 192.168.10.21:80 check cookie s2

Any hint very appreciated,

Br,

Klaus

Posts: 1

Participants: 1

Read full topic

LUA no field package.preload

April 13, 2020, 9:06 am
$
0
0

@Manic wrote:

Hi folks,

Pretty new to HaProxy. Installed with LUA and able to trigger lua functoins. But have an issue is loading LUA modules. Say i want to use sha1.lua, not able to load the module inspite of file available in the said location. Getting this error:

Apr 13 16:00:52 a3 haproxy: no field package.preload[‘sha1’]
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/share/lua/5.3/sha1.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/share/lua/5.3/sha1/init.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/lib/lua/5.3/sha1.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/lib/lua/5.3/sha1/init.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘./sha1.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘./sha1/init.lua’
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/lib/lua/5.3/sha1.so’
Apr 13 16:00:52 a3 haproxy: no file ‘/usr/local/lib/lua/5.3/loadall.so’
Apr 13 16:00:52 a3 haproxy: no file ‘./sha1.so’ from [C] global ‘require’, /home/xxxxxx/haproxy-plugin/dddd.lua:105 C function line 104.

I am using lua 5.3, haproxy 2.0.13 versions. To confirm its not a lua problem.

wrote a simple test.lua below:

local sha = require(“sha1”);
print(sha.sha1(“hello”));

on running this, command line , its perfect
[root@a3 haproxy-2.0.13]# lua test.lua
aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
[root@a3 haproxy-2.0.13]#

any ideas on what i am missing? your help is really appreciated.

Thanks,
Manic

Posts: 1

Participants: 1

Read full topic

Error 503 on frontend despite backend servers up

April 13, 2020, 10:51 pm
$
0
0

@bdben wrote:

I’ve just set up HAProxy on my pfSense router, and all of my requests are returning error 503: no server is available. When I check the logs, entries are showing up for the correct frontend with error 503, however the stats page shows the servers are up (and when I bypass HAProxy I have no issues connecting to them), and my frontend has a default backend set, so even if my ACLs are wrong I would expect a 404 in the worst case from sending the request to the wrong server.

I ran a packet capture between HAProxy and my only backend server that’s not on HTTPS to see what was getting sent between them, and the only traffic was the regular health check. That was while making requests from the internet (using my cell phone with wifi turned off). So it seems that requests are not being forwarded to the backend, which makes sense with the 503 error. How can I see what HAProxy is doing with the incoming requests? Is there a way to troubleshoot which ACL is being applied to incoming requests, or other logic?

This is what the log entries look like for each request:

Apr 13 22:48:57 haproxy[25781]: 123.123.123.123:34984 [13/Apr/2020:22:48:57.984] HTTPS-IN~ HTTPS-IN/ -1/-1/-1/-1/0 503 29 - - SC-- 1/1/0/0/0 0/0 “GET /index.html HTTP/1.1”

Posts: 1

Participants: 1

Read full topic

Haproxy TCP only rejecting for 3 seconds?

April 14, 2020, 12:10 pm

Say goodbye to this threead

April 14, 2020, 1:12 pm
Search

Chunked transfer encoding in haproxy

April 15, 2020, 1:47 am
$
0
0

@CipherC wrote:

Hi, devs,

Since haproxy support ‘mode http’ in frontend, does it support ‘Chunked transfer encoding’(which is only supported in http1.1) related configurations (disable/enable and so on)? I’ve found nothing about haproxy on this so far. Thanks in advance.

Posts: 1

Participants: 1

Read full topic

Request header being striped by haproxy

April 15, 2020, 8:35 am
$
0
0

@amnestor wrote:

Hi,
I have some tomcat servers where I set the x-dynatrace header in all the requests, when they pass through the haproxy to reach different tomcat servers the header is being striped.

I checked that the header was being sent with wireshark, but after reaching the haproxy the header wasnt present anymore.

So my question is, what setting should I add to my configuration to allow the haproxy to pass the header.

I have read similar post but none were of use to me, some saying that the server is to blame (not in this case because the header is expected in both ends) or that there was something else stripping it.

Thanks!

Posts: 1

Participants: 1

Read full topic

Help needed for Haproxy Response body rewrite

April 15, 2020, 11:23 am

Is it possible to get tcp connetion from http respons and do speed limit?

March 30, 2020, 6:22 am
$
0
0

@zenmaster wrote:

Hi Community,
I have a special request and just wonder if it is doable with haproxy.
Basically I want to limit the large object download speed for certain users, I can get the user info from http response, is there a way to get the underlying TCP from http response and do speed limit on the TCP connection? thanks.

Posts: 1

Participants: 1

Read full topic

Haproxy behind Cloudflare and cookie based stickiness

April 15, 2020, 5:29 pm
$
0
0

@pamamolf wrote:

Hello

I am testing HAproxy behind Cloudflare and i would like to ask if it is possible to use cookie based stickiness ( seems best way to do it? ) using TCP mode or not?

If http mode is needed is there any sample config that will work behind Cloudflare?

Also can i use ssl pass through and cookie based stickiness in http mode?

Thank you

Posts: 1

Participants: 1

Read full topic

Viewing all 4747 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>