Hi guys, Thanks for the responses, my replies are below!
On 2 May 2013 17:48, Lukas Tribus <luky...@hotmail.com> wrote: >> I always receive a HTTP 200 response to my browser > > How do you know that? tcpdump > In what condition does this happen (when you have less than 2 > backends alive or even with 2 or more backends alive?) With 2, 1, or 0 back ends alive (I have been adding iptables rules to the Apache servers [there are two] one at a time so that haproxy backend server checks fail, and I can see this reflected in the haproxy log) . >> default_backend http--servers >> [...] >> backend http-servers > The config doesn't seem to match That was just a typo from me copying the config into my original email, sorry about that! > Please post the output of haproxy -vv. sudo haproxy -vv HA-Proxy version 1.4.8 2010/06/16 Copyright 2000-2010 Willy Tarreau <w...@1wt.eu> Build options : TARGET = linux26 CPU = generic CC = gcc CFLAGS = -O2 -g OPTIONS = Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. On 2 May 2013 22:39, Bryan Talbot <btal...@aeriagames.com> wrote: > On Thu, May 2, 2013 at 8:55 AM, James Bensley <jwbens...@gmail.com> wrote: >> >> acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see >> lee than 2 backend servers >> monitor-uri /checkuri >> monitor-net 172.22.0.0/24 > > What's the address of the computer making the requests? If it's in the > 172.22.0.0/24 network, all responses for any URI will be 200 as long as > "monitor fail" is false. Ah! This was the information I was missing. I changed that to a /32 and tried from another machine and the behaviour is now more like what I expected is seen. The other machine passes through haproxy to the backends as it should, and requests to the monitor URL return 404, which is what I wanted. However I do still have another problem, I always get HTTP 200 from the machine in "monitor-net". I can add an iptables rules on either of my two Apache servers or both, to stop haproxy from contacting them (which I can verify via tcpdump on Apache and tcpump on the haproxy server. I can see it can't get past TCP syn because there is no syn-ack back from the apache servers). This first paste bin entry shows the haproxy server detecting the first Apache server as down, I browse to my monitor uri and as you can see from the tcpdump output, I get HTTP 200 back: http://pastebin.com/raw.php?i=va57gf0K In this second paste bin entry I have added the log line from haproxy after adding a drop rule to the second Apache server iptables config, you can see here that haproxy can now see neither Apache server. yet I still get HTTP 200; http://pastebin.com/raw.php?i=bPcNP8kH If anyone can shed any light on this I would be very grateful. Cheers, James.