Hello.
Sorry for my latency on the answer.
Thank you for the trick about the check. I will test it when i have times.
About the multi site question, i will explain because it's a bit
confusing. I have two agency at this time : one this 2 WEB/DNS server
(agency A) and the other with 1 WEB/DNSserver (agency B). Agency A have
two WAN line . My zones are configured with 3 NS record, 2 go on Agency
A via different public adress. My firewall NAT the public adress on 2
different private adress (on DMZ), and using view I adjust the response
. Today,in order to provide service continuity, I start the DNS
server of agency B when the DNS server of Agency A are down. But it's a
lose of power and server that i want to use now with haproxy.
Have i been clear?
Hello,
On 05/21/2010 03:15 PM, eni-urgence wrote:
Hello all.
I discover haproxy few weeks ago and I want to thanks willy for his
very good product.
I'm planing to integrate haproxy to our dmz.
I want to use haproxy for loadbalancing heavy secure php/ajax
applications with cookie persitence: a collaborate scheduler and a
image consult extranet.
stunnel service will handle https connections and forward decrypted
requests to haproxy on port 88. Then haproxy will forward
connections to web server on port 10088, 100089 (and so...) on a mass
virtual host configuration of apache (see below).
In /var/www/vhost-SSL/ on web server, there is some symbolic links to
the php sources. Some domains are not linked to same path because
they don't provide the same application. So i don't want to have to
delete/rename the "running.ok" file on every path when I want to
shutdown the webserver.
I want to use the httpcheck on port 10081 and the file "running.ok"
. But I want a soft stop of service. I want haproxy to stop
forwarding new connection if he don't find the "running.ok" file but
continue to forward connection if cookie is initialised. so i will
configure a backup server with same cookies (like said in Haproxy
documentation).
Use "http-check disable-on-404" for this
So now my questions :
- is it possible to check only the header like this /HEAD /
HTTP/1.0 /for backup server ?
option httpchk HEAD / HTTP/1.0
- Like said in the article of willy
(http://1wt.eu/articles/2006_lb/),it is good to load balance the
encryption/decryption flow too. So a haproxy instance in tcp mode
(layer 4), seems to be a good solution. But our applications have to
know the client IP for security reasons. I read that a recompiled
kernel with tproxy support will forward connections keeping the real
client IP. Is that true ?
Yes it is, tproxy has been included in mainstream >=2.6.28 kernel.
Usage of X-Forwarded-For header is preferred if you use stunnel.
- I want to manage a multi site configuration keeping the
session persistence. How can I manage to do so?
I don't understand this question :)
Regards,
Hervé.
