Hi Basil,
On Tue, Sep 11, 2012 at 07:40:07PM +0530, basil varghese wrote:
> 2 questions:
>
> *First question*:
>
> I have haproxy loadbalancer running with 2 backend servers. Both backend
> nginx servers have EXACTLY similar configurations.
>
> Here is my haproxy configuration:
>
> frontend regroup
> bind *:80
> bind *:443 ssl crt /etc/haproxy/test.pem
>
> acl is_test1 hdr_reg(host) -i test1.com
> acl is_test2 hdr_reg(host) -i test2.com
>
> block unless is_test1 or is_test2
> acl is_welcome path_beg /welcome
> use_backend wordpress if is_welcome
> default_backend main
>
> backend wordpress
> mode http
> balance roundrobin
> option httpclose
> option abortonclose
> option forwardfor
> option httpchk HEAD /welcome/check.txt HTTP/1.0
> fullconn 2000
> server backend1 10.0.0.1:8888 minconn 20 maxconn 400 check
> server backend2 10.0.0.2:8888 minconn 20 maxconn 400 check
>
> backend main
> mode http
> balance roundrobin
> option httpclose
> option abortonclose
> option forwardfor
> option httpchk HEAD /check.txt HTTP/1.1
> fullconn 2000
> server backedn1 10.0.0.1:8888 minconn 20 maxconn 400 check
> server backend2 10.0.0.2:8008 minconn 20 maxconn 400 check
>
>
> Now the problem is haproxy doesn't seems to identify individual websites in
> backend1 server, it takes only default one (takes first server_name in
> nginx to be exact no matter how many server_name are configured in backend1
> nginx).
What you're describing sounds like a missing Host header, and since your
configuration doesn't include any header manipulation, it would mean that
the request does not contain a Host header. If so, then all the requests
should be made via the "main" backend. Your configuration does not have
any log, you shuold add them and take a look to ensure that the requests
follow the path you think.
> So if someone request test1.com it look for the file
> /welcome/check.txt in wrong root folder and then mark backend1 as down.
No no, it doesn't work that way. Haproxy doesn't send health checks with
each request, it sends health checks in a parallel monitoring task, so
there is no relation between health checks and production traffic. BTW,
where do you observe the missing Host ? In nginx logs ? Wouldn't this
be for health check requests ? Your health checks use HTTP/1.1 and do
not have any Host header, which is not valid regarding the HTTP spec,
and it is very likely that nginx returns an error there, causing the
backends to be marked down.
Could you please change your health checks to use HTTP/1.0 instead of
1.1, or instead, force a valid Host header for your server, for instance
using this ugly trick :
option httpchk HEAD /welcome/check HTTP/1.1\r\nHost:\ www.example.com
> If I point the sites to nginx backend IP address, its working fine. So it
> looks either
>
> haproxy is not sending headers to backend1 server
I really think that this is only related to health checks.
> or
>
> backend1 server is unable to identify the headers sent by haproxy.
>
> PS: both backend servers has exactly same configuration.
>
> Hope I made the scenario clear.
>
>
>
> - *Second question*
>
>
> Many thanks to the team for setting up SSL support. I ran it on test
> environment and it works great so we are planning to move it to production.
>
> My question is, is there any way to redirect all http requests to https
> within haproxy.?
Could you describe what you'd like ? Many people use the "redirect" term to
mean different things. For me, "redirect" is what it means in HTTP, a 3xx
with a Location header. So if this is what you need, then yes, the following
line in your frontend should work :
redirect prefix https://test1.com if !{is_ssl} is_test1
redirect prefix https://test2.com if !{is_ssl} is_test2
( is_ssl returns true if the incoming connection was made over SSL )
Regards,
Willy
