@Matthieu_HPP wrote:

Hi,

I am upgrading my haproxy configuration to handle load balance with websockets. The new configuration is shown bellow. Modifications from previous configuration that was functional, are specified.

I do have the following error message once connected to corresponding website :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://helping-pong.com/socket.io/?EIO=3&transport=polling&t=LqQEI5-. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

Haproxy config file (global and defaults put at the end) :

#front-end
frontend https_app
        bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/letsencrypt
        default_backend  http_app

#back-end
backend http_app
        option httpchk
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        http-request set-header X-Forwarded-Port %[dst_port]

        ####### Code removed to handle balance
        server server_app_1  127.0.0.1:3001 maxconn 100

        ####### Code added to handle balance
        balance roundrobin
        cookie SERVERID insert indirect
        server server_app_1  127.0.0.1:3001 maxconn 100 weight 10 cookie server_app_1 check
        server server_app_2  127.0.0.1:3002 maxconn 100 weight 10 cookie server_app_2 check


global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        maxconn 10000
        debug

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES$
        ssl-default-bind-options no-sslv3

        ssl-default-server-options no-sslv3
        ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+$

defaults http
        log   global
        mode  http
        option  httplog
        option  dontlognull
        retries  3
        option  redispatch
        option  http-server-close
        option forceclose
        option forwardfor except 127.0.0.1
        timeout connect 5s
        timeout client 30s
        timeout client-fin 30s
        timeout tunnel 1h
        timeout server 30s

Help will be much appreciated

Posts: 4

Participants: 2

Read full topic

@Reiner030 wrote:

like here written:
http://www.haproxy.com/blog/emulating-activepassing-application-clustering-with-haproxy/

Tested an all versions of last ~ 6 months from debian Backport... actual this is

 # haproxy -v
 HA-Proxy version 1.7.5-2~bpo8+1 2017/05/27

My setup:

haproxy are each on same servers/different port as gearmand as frontend:

peers LB
        peer    gearman-jobserver-euc1-01               172.31.18.242:8999
        peer    gearman-jobserver-euc1-02               172.31.7.104:8999

backend BE_gearman-jobserver_staging
        mode                    tcp
        fullconn                10000
        email-alert             mailers sendmail
        email-alert             level   alert
        email-alert             from    haproxy@gearman-jobserver-euc1-01.xxx
        email-alert             to      sysops@xxx
        timeout                 client 60s
        timeout                 client-fin 60s
        timeout                 server 60s
        timeout                 tunnel 1h
        option                  tcp-check
        stick-table             type integer size 1 nopurge peers LB
        tcp-check               send STATUS\r\n
        tcp-check               expect string . comment Minimum\ empty\ response.
        stick on                dst_port
        server                  gearman-jobserver-euc1-01               172.31.18.242:40025 check inter 2s fastinter 1s downinter 20s fall 3 rise 2
        server                  gearman-jobserver-euc1-02               172.31.7.104:40025 check inter 2s fastinter 1s downinter 20s fall 3 rise 2 backup

and the default socket status is fine:

root@gearman-jobserver-euc1-01:~# echo "show table BE_gearman-jobserver_production" | socat unix:/run/haproxy/admin.sock -
# table: BE_gearman-jobserver_production, type: integer, size:1, used:1
0x5565daacc984: key=50005 use=0 exp=0 server_id=1

but the problem is that if server01 is down the stays on "server_id=1" and didn't switch as expected.to server_id=2.

Do I missed some requirements which weren't written in blog / I cannot find in documentation or is this a bug ?

Thanks and Bests

Reiner

Posts: 1

Participants: 1

Read full topic

@gianfcn wrote:

One question:

Is haproxy capable of working with multiple frontend/backand profiles?

Example:

-> if the request is from the network 192.168.1.X it sends to the configurations of frontendX / backendX;

-> And if the requests are from the 192.168.1.Y network, then it directs to the frontendY / backendY configurations.

Can you do that?

Posts: 2

Participants: 2

Read full topic

@amir wrote:

Hi ,
I have IMAP servers which configure to work in TLS.
1. I would like HAProxy to impelment SSL healthcheck to backend servers without
verifying the certificate .
2. I still would like IMAP client to perform SSL handshake before getting the imap banner
(greeting).

when i use "check ssl verify none" in the server line, IMAP client doesn't require to perform SSL handshake get the banner without SSL handshake .

"check ssl verify none":
root@t2-ngvm-proxy-au1 ~]# telnet 0 50443
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
* OK IMAP4 proxy ready (Multi Interface Supplementing Tunnel)

when i use "check verify none" (with out "ssl" string in the serve line) , IMAP client doesn't get the banner and require to perform SSL handshake (as expected).

"check verify none" (with out ssl string in the server line):
[root@t2-ngvm-proxy-au1 ~]# telnet 0 50443
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

My questions are:
1.Which configuration is the proper one for my needs ?(seems like with out ssl string in the server line)
2.when using "check verify none" (with out "ssl" string in the serve line) , does HAProxy
still check SSL (healthcheck) and banner toward the back-end servers ?

see the configuration below:

listen HAProxy_VVM
log global
option tcplog
mode tcp
bind :50443 name S_SSL
balance roundrobin
option tcp-check
tcp-check connect port 50443 ssl
tcp-check expect string *\ OK
maxconn 90096
timeout client 600000
timeout server 60000
timeout connect 5000
server T004-vi-cas-au1 10.45.156.252 check verify none inter 30000
server T004-vi-cas-au2 10.45.156.253 check verify none inter 30000

Thanks !

Posts: 2

Participants: 2

Read full topic

@lday wrote:

I have setup a haproxy config file as follow, and try to verify redispatch function, however, when i set the balance algorithm as source, i get 3 retry(from stats web page) and finally get a 503 error, the request does not redspatch to s2 when I kill s1, is anything wrong with my cfg, any helps are appricicated. I am using haproxy 1.6.10

global
# logging to rsyslog facility local3 [err warning info debug]
log 127.0.0.1 local1 notice
log 127.0.0.1 local3 warning
log 127.0.0.1
stats bind-process 4
stats socket /tmp/haproxy.sock mode 0600 level admin

maxconn  51200
ulimit-n 102434
pidfile /var/wd/ehaproxy/haproxy.pid
daemon
nbproc 4
#cpu-map TODO
spread-checks 5
user  haproxy
group haproxy

defaults
log global
mode http # [tcp|http|health]
backlog 10000
#retries 0
retries 3
maxconn 15000
balance roundrobin
errorfile 500 /var/wd/ehaproxy/conf/500.http
errorfile 502 /var/wd/ehaproxy/conf/502.http
errorfile 503 /var/wd/ehaproxy/conf/503.http
errorfile 504 /var/wd/ehaproxy/conf/504.http

no option httpclose
option log-separate-errors
option httplog
option dontlognull
option abortonclose
option redispatch

option forwardfor   # X-Forwarded-For: remote client ip


timeout client          10m
timeout server          10m
timeout connect         1s
#timeout tunnel          10m
timeout http-keep-alive 6m   # ?
timeout queue           1m
timeout check           5s
#timeout http-request    5s

default-server minconn 50 maxconn 5000 inter 80s rise 2 fall 3

listen 0.0.0.0:10910
bind 0.0.0.0:10910
bind-process 1
stats uri /stats

listen 0.0.0.0:10911
bind 0.0.0.0:10911
bind-process 2
stats uri /stats

listen 0.0.0.0:10912
bind 0.0.0.0:10912
bind-process 3
stats uri /stats

listen 0.0.0.0:10913
bind 0.0.0.0:10913
bind-process 4
stats uri /stats

listen sub
bind 0.0.0.0:19192
balance source
server s1 192.168.149.150:22222 weight 4
server s2 192.168.149.150:9192 weight 4

Posts: 2

Participants: 2

Read full topic

@Alex_loo wrote:

Hi to community. Want to ask some help, but we are faced with a simple problem, i hope.
HaProxy must Implement SSL termination and turn http to https, and stands between Nginx and the World.

The problem:
HAProxy returns to the World:

503 Service Unavailable
No server is available to handle this request.

But the backend is working and returns all pages correctly.

My software: nginx 1.11.7
HA-Proxy 1.7.2

config:

global
log /path/to/log local0 #(inside of chroot dir)
log /path/to/log local1 debug #(inside of chroot dir)
chroot /chroot/dir
stats socket /path/to/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group www
daemon

    ca-base /path/to/certs/dir
    crt-base /path/to/certs/dir

    ssl-default-bind-ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3D
    ssl-default-bind-options no-sslv3 no-tlsv10
    tune.ssl.default-dh-param 4096

defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend www-https
bind public_IP:80
bind public_IP:443 ssl crt /usr/local/etc/nginx/ssl/shandycraft/haproxy.pem
acl secure dst_port eq 443
redirect scheme https if !{ ssl_fc }
# rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
default_backend www-backend

backend www-backend
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server www-backend unix@/path/to/haproxy.sock maxconn 32 #(inside of chroot dir)
# server www-backend backend_IP - the simular result

---

NGINX listening haproxy.sock socket, and socket has a correct permissions, readable & writeable for user and group

And haproxy listens the corresponding ports:
....
haproxy haproxy 1997 5 tcp4 public_IP:80
haproxy haproxy 1997 6 tcp4 public_IP:443
....

---

The answer of server :

HTTP status 503 Service Unavailable
Answer time 143 мs
IP public_IP
Encoding UTF-8(unicode-1-1-utf-8, UTF8)
Page size 106 Б

Cache-Control: no-cache
Connection: close
Content-Type: text/html

This request Log:

Note: setting global.maxconn to 2000.
Available polling systems :
kqueue : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 3 (2 usable), will use kqueue.

Available filters :
[SPOE] spoe
[TRACE] trace
[COMP] compression
Using kqueue() as the polling mechanism.

00000000:www-https.accept(0006)=0009 from [93.158.152.108:61226]
00000000:www-https.clireq[0009:ffffffff]: GET /robots.txt HTTP/1.1
00000000:www-https.clihdr[0009:ffffffff]: Host: mydomain.com
00000000:www-https.clihdr[0009:ffffffff]: Connection: Keep-Alive
00000000:www-https.clihdr[0009:ffffffff]: user-agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
00000000:www-https.clihdr[0009:ffffffff]: from: support@search.yandex.ru
00000000:www-https.clihdr[0009:ffffffff]: Accept-Encoding: gzip,deflate
00000000:www-https.clihdr[0009:ffffffff]: Accept-Language: ru, uk;q=0.8, be;q=0.8, en;q=0.7, *;q=0.01
00000000:www-https.clihdr[0009:ffffffff]: Accept: /
00000000:www-backend.clicls[0009:000a]
00000000:www-backend.closed[0009:000a]
00000001:www-https.accept(0006)=0009 from [141.8.184.104:52667]
00000002:www-https.accept(0006)=000a from [141.8.184.109:37854]
00000001:www-https.clireq[0009:ffffffff]: GET / HTTP/1.1
00000001:www-https.clihdr[0009:ffffffff]: Host: mydomain.com
00000001:www-https.clihdr[0009:ffffffff]: Connection: Keep-Alive
00000001:www-https.clihdr[0009:ffffffff]: user-agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
00000001:www-https.clihdr[0009:ffffffff]: from: support@search.yandex.ru
00000001:www-https.clihdr[0009:ffffffff]: Accept-Encoding: gzip,deflate
00000001:www-https.clihdr[0009:ffffffff]: Accept-Language: ru, uk;q=0.8, be;q=0.8, en;q=0.7, *;q=0.01
00000001:www-https.clihdr[0009:ffffffff]: Accept: /
00000001:www-backend.clicls[0009:000b]
00000001:www-backend.closed[0009:000b]

---

I just in a deadlock, my brain does not working at all today .....

Posts: 2

Participants: 2

Read full topic

@prash.devops wrote:

I have a domain name which

https://abc.stg-repo.example.com/v1.
( The subdomain abc is the repository name and it is dynamic). I want to redirect to below URL using HAProxy

https://stg-repo.example.com/artifactory/api/docker/abc/v1

Posts: 1

Participants: 1

Read full topic

@maironcosta wrote:

Do I set up more than one balance for a backend?
Example: roundrobin and leastconn

Posts: 1

Participants: 1

Read full topic

@behinam wrote:

I deployed an loadbalanced infrustructure. I am using haproxy as the loadbalancer and cpanel as backend webservers. I created a test host on the cpanel, and I can see the site in browser when I configure the website in my /etc/host with the cpanel server ip address. But when I change the ip to the loadbalancer it forwards the requests to /usr/local/apache/htdocs/ and I get the default cpanel server page(defaultwebpage.cgi). What configurations should I use in haproxy to redirects requests correctly? Any help is appreciated.

Posts: 1

Participants: 1

Read full topic

@maironcosta wrote:

Do I set up more than one balance for a backend?
Example: roundrobin and leastconn

Posts: 2

Participants: 2

Read full topic

@Matthieu_HPP wrote:

Hi,

I am trying to use HAProxy on a VPS (debian 8). Iptables is used as firewall.
I can't modify /etc/sysctl.conf.
My application uses websockets and redis to share data among both backend servers.

When I connect to the the VPS, the web site works some minutes, then Error : 503
There is no reported error my application logs.

Am I doing something wrong ? Do I have to renounce to HAPproxy or the VPS to modify sysctl ?

Extract of HAProxy log files and conf files follow.

Many thanks for your help.

Matthieu

(IP address modified with xxx)

Extract of the Log file :

Jul 10 18:42:35 matthieu haproxy[558]: 149.91.89.xxx:46024 [10/Jul/2017:18:42:30.036] https_app~ http_app/server_app_2 0/4991/2/7/5007 400 228 - - --NI 690/690/687/100/0 0/466 "GET /socket.io/?EIO=3&tr$
Jul 10 18:42:35 matthieu haproxy[558]: 149.91.89.xxx:46008 [10/Jul/2017:18:42:30.036] https_app~ http_app/<NOSRV> 0/5007/-1/-1/5009 503 213 - - sQNN 689/689/687/0/0 0/472 "GET /socket.io/?EIO=3&transpo$
Jul 10 18:42:35 matthieu haproxy[558]: 149.91.89.xxx:46034 [10/Jul/2017:18:42:30.036] https_app~ http_app/<NOSRV> 0/5007/-1/-1/5009 503 213 - - sQNN 688/688/686/0/0 0/471 "POST /socket.io/?EIO=3&transp$

Config file :

global
            log /dev/log    local0
            log /dev/log    local1 notice
    #      log 127.0.0.1:8008 local0
            chroot /var/lib/haproxy
            stats socket /run/haproxy/admin.sock mode 660 level admin
            stats timeout 30s
            user haproxy
            group haproxy
            daemon
            maxconn 10000
            debug

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

        ssl-default-server-options no-sslv3
        ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

defaults http
        log             global
        mode            http
        option          httplog
        option          dontlognull
        retries         3
        option          redispatch
        option          http-server-close
#       option          forceclose
        option          forwardfor except 127.0.0.1
        timeout         connect 5s
        timeout         client 30s
        timeout         client-fin 30s
        timeout         tunnel 1h
        timeout         server 30s

#       default-server inter 1s rise 2 fall 1 on-marked-down shutdown-sessions
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

#front-end
frontend https_app
        bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/letsencrypt
        default_backend  http_app

#back-end
backend http_app
        option httpchk HEAD /health
        http-check expect status 200
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        http-request set-header X-Forwarded-Port %[dst_port]
        balance roundrobin
        cookie SERVERID insert indirect nocache
        server server_app_1  127.0.0.1:3001 maxconn 100 check cookie server_app_1
        server server_app_2  127.0.0.1:3002 maxconn 100 check cookie server_app_2

Posts: 3

Participants: 2

Read full topic

@b03rg3 wrote:

Hi,

Is it possible to send an errorfile to the remoteclients if the max_conn off the backend is reached?

Thanx!

Posts: 1

Participants: 1

Read full topic

@haproxy wrote:

our haproxy 1.5.19 is crashing, usually when we're having a large number of requests coming in. We've exhausted all our options to fix, so it's time to dig in a bit deeper. So I'd like to attach gdb to our currently running process - but there's three of them -

root 18700 1 0 10:07 ? 00:00:00 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
root 29141 18700 0 11:42 ? 00:00:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 28244
root 29142 29141 15 11:42 ? 00:59:56 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 28244

So, not sure which one to attach, I'm guessing the last one, PID 29142, but would like to know for certain. Thanks!

Posts: 1

Participants: 1

Read full topic

@cris wrote:

Hello,

We have two HA-Proxy working with keepalived for load balancing between our internal servers which they have connection to outside from ports 2811 and 12811. For this reason, we need monitoring both ports to know if they are down in some moment. We use this option in our backend servers in old versions of HA-Proxy:

backend backend_name1
mode tcp
source 0.0.0.0 usesrc clientip
balance leastconn
option abortonclose
option persist
option redispatch
option tcplog
option tcp-check
tcp-check connect port 2811
tcp-check connect port 12811
stick-table type ip size 10240k expire 60m peers HAPROXYPEERSPRE
stick on src
server name_internal_server IP check weight 1 maxconn 2000 inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

We had HA-Proxy versión 1.6.11 and this check works fine all time.

But when we have upgrade our HA-Proxy versión from 1.6.11 to 1.7.8 this check stop working, and we have received this error in haproxy-notice.log

HA-Proxy2 haproxy[4261]: Health check for server frontend_name1/backend_name1 failed, reason: Socket error, info: "No port available for the TCP connection", check duration: 0ms, status: 0/2 DOWN.

HA-Proxy2 haproxy[4261]: Health check for server frontend_name1/backend_name1 failed, reason: Socket error, info: "No port available for the TCP connection", check duration: 0ms, status: 0/2 DOWN.

HA-Proxy2 haproxy[4261]: Health check for server frontend_name1/backend_name1 failed, reason: Socket error, info: "No port available for the TCP connection", check duration: 0ms, status: 0/2 DOWN.

HA-Proxy2 haproxy[4261]: Health check for server frontend_name1/backend_name1 failed, reason: Socket error, info: "No port available for the TCP connection", check duration: 0ms, status: 0/2 DOWN.

We change line 1527 in checks.c (in /usr/src/haproxy-1.7.8/src/) as we have read in other topic from other web:

ORIGINAL:
if ((conn->addr.to.ss_family == AF_INET) || (conn->addr.to.ss_family == AF_INET6)) {
int i = 0;

MODIFIED:
if ((conn->addr.to.ss_family == AF_INET) || (conn->addr.to.ss_family == AF_INET6) || (check->port) {
int i = 0;

But we don't get any result. It stills failed with the same message in haproxy-notice.log

Our question is: there are some way to configure option tcp-check without error in HA-Proxy version 1.7.8?? Any solutions of that??

If you need more information you only have to request.

Thanks

Greetings.

Posts: 1

Participants: 1

Read full topic

@tapirath wrote:

I'm looking to rate limit calls to certain endpoints with different rates.

For example:

api.testserver.com/v1/accounts can be requested 1 time per second
api.testserver.com/v1/images can be requested only 1 time per 30 seconds
etc...

In addition, I would like to whitelist some IP addresses where there would be no rate limit at all.

Is this possible at all?
I would appreciate any kind of help.

Thank you

Posts: 2

Participants: 1

Read full topic

@silviu wrote:

It is possible to convert this line from Apache to HAproxy?
AddOutputFilterByType DEFLATE application/json application/json-rpc text/html text/plain text/xml text/css text/javascript application/javascript
I don't really understand what this line actually does.

Thanks,

Posts: 3

Participants: 2

Read full topic

@jtl wrote:

Running HAProxy version 1.7.5-2~bpo8+1 on Debian 8

What I'm trying to do is add HTTP headers with a http-request redirect to the response sent to the client. Above the http-request redirect I have http-response set-header Strict-Transport-Security 'foo bar', but the header is not set in the 302 response.

Thanks

Posts: 1

Participants: 1

Read full topic

@junaid wrote:

Hello Guys,

I am working on Haproxy to handle cases related to backend server up and down. I have handled some cases by reading documentation and some are still remaining. Please have a look below under heading "Remaining cases". Please also review "Cases handled successfully" and Github gist and suggest if something is missing.

Cases handled successfully
1- Backend should be down in case of health check error and notify us via email
2- Backend should be up in case of health check pass and notify us via email
3- Serve maintenance page 503 in case when all servers are down.

Configuration of Haproxy for handling about cases are listed here(https://gist.github.com/junaid-malik-confiz/541a3afdc9b395501daf828e299c2daf)

Remaining cases
1- Backend should be mark down if it gives lot of 500s either consecutive or not. -- This is not working.
2- Add authorization on the requests going for http checks, i tried solution mentioned here(https://stackoverflow.com/questions/13325882/haproxy-solr-healthcheck-with-authentication) and here(https://discourse.haproxy.org/t/haproxy-health-checks-with-authentication/94/2) but these didn't work.

Thanks & Regards,
Junaid

Posts: 2

Participants: 2

Read full topic

@isa wrote:

Hi

I am trying to rewrite a url and dont have an idea how this can be achieved.

current setup

1. client hits a url www.hello.com
2. this goes to the apache backend virtual host www.foo.com

What I want is
1. client hits a url www.hello.com
2. based on his IP we forward to different virtual hosts
3. E.g
client ip 10.0.0.1 this gets fowarded to virtual host www.foo.com
client ip 172.0.0.1 this gets forded to virtual host www.bar.com

Posts: 1

Participants: 1

Read full topic

@sattiwari wrote:

In our existing system, haproxy is used for load balancing requests from clients (spray based) to server (spray-can based). Config is following:

API Client
host-connector {
max-connections = 100
max-retries = 0
max-redirects = 0
pipelining = on
}

HA Proxy
defaults
mode http
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

API Server
server{
server-header=""
pipelining-limit=0
}

I am getting premature connection closed in this setting. I think this is coming because on the same connection HA Proxy sends more requests and my spray server has pipelining-limit 0.

Should i remove http-server-close from ha proxy because i dont want http-close on server side (This will put HA Proxy in tunneling mode where i dont see any disadvantage). Also, I will add increase pipelining-limit to 1024 in spray server.

Posts: 4

Participants: 2

Read full topic