Hi Sebastian, I think Cyril's email is full of advices for you, explaining you where your problem may be. Basically you have several options for your configuration. Either you turn all your listeneners to tcp, removing the http health checks, HAProxy will do basic tcp. Or you can also splitting your configuration based on the frontend port: http vs https. If you need affinity per user on http and https, you can use this configuration example: http://blog.exceliance.fr/2011/07/12/send-user-to-the-same-backend-for-both-http-and-https/
And the second example below will show you how to do persistence based on the SSL id: http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ cheers On Mon, Jan 30, 2012 at 1:14 AM, Sebastian Fohler <i...@far-galaxy.com> wrote: > Where is the problem? > As I already said before, it's my first haproxy config. I only used hardware > loadbalancing before. > Any help would be appreciated. > > Best regards > Sebastian > > > On 29.01.2012 23:27, Cyril Bonté wrote: >> >> Hi Sebastian, >> >> Is this really your configuration ? >> I'm afraid to say that it can't work the way it is done (or I missed >> something). >> >> For those reasons : >> >> Le 29/01/2012 14:09, Sebastian Fohler a écrit : >>> >>> Sure no problem, here is my config: >>> the points the points >>> # cat haproxy.cfg >>> global >>> maxconn 99999 >>> log 127.0.0.1 local0 >>> uid 80 >>> gid 80 >>> nbproc 1 >>> chroot /var/empty >>> daemon >>> >>> listen adserver.adworxs.local >>> bind 192.168.10.68:80 >>> bind 192.168.10.68:443 >>> mode http >> >> >> First of all, haproxy doesn't understand HTTPS natively. >> I guess that if you bind on port 443 this is because you want haproxy to >> receive HTTPS, but it can't. >> If you want to use haproxy in HTTP mode, you'll have to decode HTTPS into >> plain text HTTP with a ssl termination such as stunnel or stud. >> => Don't bind on port 443 with "mode http" enabled. >> >>> log global >>> option dontlognull >>> option httpclose >>> option forwardfor >>> maxconn 10000 >>> clitimeout 30000 >>> balance roundrobin >>> contimeout 30000 >>> srvtimeout 30000 >>> retries 10 >>> option httpchk HEAD /www/admin/index.php HTTP/1.0 >>> stats enable >>> stats uri /haproxy?stats >>> stats realm adserver.adworxs.local >>> stats auth admin:<password> >>> stats show-node >>> stats refresh s >>> server adserver1 192.168.10.61:80 check inter 1000 weight 10 >>> server adserver1 192.168.10.61:443 check inter 1000 weight 10 >> >> >> Here, several issues occur : >> >> - You shouldn't use several times the same server name, this is maybe what >> made your diagnostics difficult in the stats page and in the logs. >> (In your first post, you said : >> "The first problem I had was, while checking the haproxy stats, that they >> show every backendserver is at least the same time DOWN as it is UP") >> >> - You've mixed HTTP servers and HTTPS ones in the backend : >> haproxy will load balance the incoming connections on them (in round robin >> as you've configured it some lines before). >> >> Those connecting to port 443 will probably be always DOWN so you'll think >> it works if you only send HTTP requests. But as soon as you try to send >> HTTPS requests, you'll get in trouble. >> >> - You can't use "check" on your https server because you've configured >> "option httpchk" : haproxy will try to send plain text HTTP where the server >> is waiting for HTTPS. >> >>> server adserver2 192.168.10.62:80 check inter 1000 weight 10 >>> server adserver2 192.168.10.62:443 check inter 1000 weight 10 >>> server adserver4 192.168.10.67:80 check inter 1000 weight 120 >>> server adserver4 192.168.10.67:443 check inter 1000 weight 120 >>> server adserver5 192.168.10.66:80 check inter 1000 weight 120 >>> server adserver5 192.168.10.66:443 check inter 1000 weight 120 >> >> >> ...same issues for each "adserver" >> >>> listen adserver.dev.adworxs.local >>> bind 192.168.10.70:80 >>> bind 192.168.10.70:443 >>> mode http >>> log global >>> option dontlognull >>> option httpclose >>> option forwardfor >>> maxconn 6000 >>> clitimeout 30000 >>> balance leastconn >>> contimeout 30000 >>> srvtimeout 30000 >>> retries 10 >>> option httpchk HEAD /www/admin/index.php HTTP/1.0 >>> stats enable >>> stats uri /haproxy?stats >>> stats realm adserver.dev.adworxs.local >>> stats auth admin:<password> >>> stats show-node >>> stats refresh m >>> server adserver1.dev 192.168.10.41:80 check inter 10 weight 100 >>> server adserver1.dev 192.168.10.41:443 check inter 10 weight 100 >> >> >> and same issues for this proxy. >> >> I'd suggest you to remove every lines containing a reference to port 443 >> (binds and servers) and add stunnel or stud in front of haproxy, configured >> to receive incoming HTTPS request on port 443 and forward the plain text >> HTTP request to haproxy on port 80. >> >> Hope this helps. >> > >
