Hi Willy, Dan, Thanks for pointing out that I was still in http mode - that was an oversight, and should solve my problem for now. Long term, I'd rather use http mode over tcp for flexibility, but unfortunately I can't get away from having to support Shoutcast (and any other dodgy protocol you can think of!) :(
Dan - I guess we're stuck making backend decisions on destination IP only - any reason you're using Squid 3.0 over 3.1? I'll test in the lab tomorrow and report back results :) D On 10/03/11 9:43 PM, Florescu, Dan Alexandru wrote: > Hi David, > > I'm kind of amazed that we have both the same problem ( > http://www.formilux.org/archives/haproxy/1103/4397.html ) in almost the same > circumstances, and we both asked for help at the same time :) > > I too am performing LB between proxies. > The issue with ICY is also in Squid. You need the upgrade_http0.9 ( > http://www.squid-cache.org/Doc/config/upgrade_http0.9/ ) option. But this one > works only with Squid 2.7 and 3.1, not with 3.0. I myself have a 3.0 for the > main Squid, so I thought I would balance it with Haproxy (elegant solution) > to a Squid 3.1. > > If I try streaming directly on the 3.1 Squid, it will work, but through > Haproxy it will fail. > It will work through Haproxy if you enable mode tcp. Now, I see you have > enabled mode tcp in frontend, but you didn't do this for the backend aswell. > You also have a mode http in the defaults section, so if you don't explicitly > specify it in the backend, it will get the default-specified mode (http in > your case). > so: mode tcp in backend and you're ok. > > I myself have another issue, I cannot send the requests for ICY/radio > streaming through my second squid because I don't have any relevant options > to use in ACLs, so all requests are sent to the default_backend. > > > -----Original Message----- > From: David Young [ > Sent: Thursday 10, March 03, 2011 4:36 > To: [email protected] > Subject: How to deal with proxying shoutcast / ICY protocol > > Hi folks, > > First-time poster here - we've been working on implementing haproxy to > perform load balancing between our backend squid proxies. > > I stumbled across an issue today when I realized that I can't listen to > streaming radio via my haproxy instance, but that it works fine if I > direct my request to one of by backend proxies directly. > > A bit of searching lead me to the issue of HTTP/1.1 vs ICY as the > probable cause > (http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html#ss2.10). > > I thought that if I configured haproxy in "mode tcp" instead of "mode > http", that it'd behave more like a simple loadbalancer, and just pass > the request onto my squid backend verbatim, but that doesn't seem to > have worked either. > > An example URL I'm having trouble with is http://66.225.205.47/;stream.mp3 > > Even in "mode tcp", if I request that URL through by browser from > haproxy, I get a 502 error, whereas if I requested it directly from the > backend squid instance which services my request anyway, I get the > expected headers and stream. > > I thought I'd try telnetting to the haproxy / squid ports respectively, > to test, and I received differing output (below). > > Can anybody enlighten me? > > Many thanks, > David > > -- Relevant haproxy.cfg -- > > #--------------------------------------------------------------------- > # Global settings > #--------------------------------------------------------------------- > global > log 127.0.0.1 local2 > log /dev/log local2 > chroot /var/lib/haproxy > pidfile /var/run/haproxy.pid > maxconn 4000 > user haproxy > group haproxy > daemon > > #--------------------------------------------------------------------- > # common defaults that all the 'listen' and 'backend' sections will > # use if not designated in their block > #--------------------------------------------------------------------- > defaults > mode http > log global > option dontlognull > option http-server-close > option httplog > > # Log on start of connection, not completion > option logasap > > # log errors separately > option log-separate-errors > > option forwardfor > option redispatch > timeout connect 10000 # default 10 second time out if a backend is > not found > timeout client 300000 > timeout server 300000 > maxconn 60000 > retries 3 > > > #--------------------------------------------------------------------- > # main frontend which proxys to the backends > #--------------------------------------------------------------------- > frontend test_frontend *:5001 > mode tcp > option tcpka > default_backend test_backend > > > backend test_backend > balance roundrobin > server localhost localhost:3128 > > > > -- Telnet to haproxy infront of single squid tcp backend -- > > DavidBook:~ davidy$ telnet webscan-dev.blahblah.net 5001 > Trying x.x.x.x... > Connected to webscan-dev.blahblah.net. > Escape character is '^]'. > GET http://66.225.205.47/;stream.mp3 > HTTP/1.0 502 Bad Gateway > Cache-Control: no-cache > Connection: close > Content-Type: text/html > > <html><body><h1>502 Bad Gateway</h1> > The server returned an invalid or incomplete response. > </body></html> > Connection closed by foreign host. > DavidBook:~ davidy$ > > > -- Telnet to squid directly -- > > DavidBook:~ davidy$ telnet webscan-dev.blahblah.net 3128 > Trying x.x.x.x... > Connected to webscan-dev.blahblah.net. > Escape character is '^]'. > GET http://66.225.205.47/;stream.mp3 > ICY 200 OK > Date: Thu, 10 Mar 2011 02:25:55 GMT > icy-notice1: <BR>This stream requires <a > href="http://www.winamp.com/";>Winamp</a><BR> > icy-notice2: SHOUTcast Distributed Network Audio Server/Linux v1.9.8<BR> > icy-name: Family Friendly WBGL > icy-genre: Contemporary Christian > icy-url: http://www.wbgl.org > Content-Type: audio/mpeg > icy-pub: 1 > icy-br: 96 > X-Cache: MISS from webscan-dev.blahblah.net > X-Cache-Lookup: MISS from webscan-dev.blahblah.net:3128 > Via: 0.0 webscan-dev.blahblah.net (squid/3.1.11) > Connection: close > > 00/Ȯt?????sƸD?,?4A?Q`F??BA????B??@(???u??kTC??????? <binary stream > continues...> > > > The information contained herein is intended for its addressee(s) only and it > is privileged or otherwise confidential. Any unauthorized distribution, > amendment or disclosure hereof is strictly forbidden by the law. Please find > complete and translated versions at http://www.rompetrol.com/disclaimer.html
