This is the haproxy configuration file. I don't know if the acl or the use-server do not match... I do not have any tool to check what of two does not work.
Example URL to use server web1: http://www.mydom1.net/app1/app_ass_UNIQUE_web1_ Example URL to use server web4: http://www.mydom1.net/app1/app_ass_UNIQUE_web4_ Example URL to use server web10: http://www.mydom1.net/app1/app_ass_UNIQUE_web10_ Thank you for your help... #--------------------------------------------------------------------- # Global Settings #--------------------------------------------------------------------- global log 127.0.0.1:514 local0 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 10000 daemon quiet tune.ssl.default-dh-param 2048 # turn on stats unix socket stats socket /var/lib/haproxy/stats ssl-default-bind-options no-sslv3 #--------------------------------------------------------------------- # Common Defaults that all the listen and backend # will use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 5m timeout http-keep-alive 10s timeout check 10s maxconn 10000 stats enable stats uri /haproxy_Stats #--------------------------------------------------------------------- # Mailer Configuration #--------------------------------------------------------------------- mailers aaamailer1 mailer smtp1 172.16.0.x:2025 #--------------------------------------------------------------------- # Main Frontend #--------------------------------------------------------------------- frontend main_fe mode http bind *:80 bind *:443 ssl crt /etc/pki/tls/haproxy.cert/haproxy_ucc.pem crt /etc/pki/tls/haproxy.cert ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM ### Redirect specific request to https option forwardfor option http-server-close http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } acl backend_down nbsrv(def_backend) lt 1 monitor fail if backend_down monitor-uri /haproxy_check acl dom_demo hdr_dom(host) -i demo.mydom1.net acl mydemo path_beg -i /Demo1 use_backend sic_demo_be if dom_demo mydemo use_backend hsic_demo_be if dom_demo !mydemo acl leave_http hdr_dom(host) -i www.extdom1.it acl leave_http hdr_dom(host) -i www.extdom2.it acl leave_http hdr_dom(host) -i upd.mydom1.net redirect scheme https if !leave_http !{ ssl_fc } ### for debug only ### ### response debug info acl id_web1 srv_id 1 acl id_web4 srv_id 4 acl id_web10 srv_id 10 acl id_demo1_tom srv_id 200 acl id_demo1_iis srv_id 201 rspadd X-APS-Servedby:\ web1 if id_web1 rspadd X-APS-Servedby:\ web4 if id_web4 rspadd X-APS-Servedby:\ web10 if id_web10 rspadd X-APS-Servedby:\ demo1_tom if id_demo1_tom rspadd X-APS-Servedby:\ demo1_iis if id_demo1_iis default_backend def_backend #--------------------------------------------------------------------- # Main Backend #--------------------------------------------------------------------- backend def_backend mode http balance roundrobin ### Cookie Insert Method cookie ha_srvid insert indirect nocache email-alert mailers aaamailer1 email-alert from aps."$haproxy_hostname"@mydom.it email-alert to [email protected] email-alert myhostname smtp1 email-alert level info ### app1 persistence acl c_web1 hdr_sub(cookie) ha_srvid=web1_ acl c_web4 hdr_sub(cookie) ha_srvid=web4_ acl c_web10 hdr_sub(cookie) ha_srvid=web10_ reqadd X-APS-Backend-Server:\ web1_ if c_web1 reqadd X-APS-Backend-Server:\ web4_ if c_web4 reqadd X-APS-Backend-Server:\ web10_ if c_web10 # acl aps_ass_web1 path_reg (.*)\/app_ass_UNIQUE_web1_(.*) acl aps_ass_web1 path_end /app_ass_UNIQUE_web1_ # acl aps_ass_web4 path_reg (.*)\/app_ass_UNIQUE_web4_(.*) acl aps_ass_web4 path_end /app_ass_UNIQUE_web4_ # acl aps_ass_web10 path_reg (.*)\/app_ass_UNIQUE_web10_(.*) acl aps_ass_web10 path_end /app_ass_UNIQUE_web10_ use-server web1 if aps_ass_web1 use-server web4 if aps_ass_web4 use-server web10 if aps_ass_web10 reqirep (.*)\/app_ass_UNIQUE_web[0-9]*_(.*) \1\2 server web1 192.168.1.50:80 check inter 5s weight 50 id 1 cookie web1_ server web4 192.168.1.54:80 check inter 5s weight 50 id 4 cookie web4_ server web10 192.168.1.53:80 check inter 5s weight 50 id 10 cookie web10_ #--------------------------------------------------------------------- # Sic Demo Backend #--------------------------------------------------------------------- backend sic_demo_be mode http balance roundrobin cookie ha_srvid insert indirect nocache email-alert mailers aaamailer1 email-alert from aps."$haproxy_hostname"@mydom.it email-alert to [email protected] email-alert myhostname smtp1 email-alert level info reqirep (.*)\/demo1(.*) \1/Demo1\2 redirect scheme https if !{ ssl_fc } server demo1 192.168.1.x:8080 check inter 5s weight 50 id 200 cookie demo1_tom #--------------------------------------------------------------------- # HSic Demo Backend #--------------------------------------------------------------------- backend hsic_demo_be mode http balance roundrobin cookie ha_srvid insert indirect nocache email-alert mailers aaamailer1 email-alert from aps."$haproxy_hostname"@mydom.it email-alert to [email protected] email-alert myhostname smtp1 email-alert level info redirect scheme https if !{ ssl_fc } server demo1 192.168.1.x:80 check inter 5s weight 50 id 201 cookie demo1_iis Roberto -----Original Message----- From: Cyril Bonté [mailto:[email protected]] Sent: mercoledì 29 luglio 2015 16.33 To: mlist; [email protected] Subject: Re: use_server Hi, On 29/07/2015 13:07, mlist wrote: > We have 3 backend servers balanced with haproxy with "cookie insert" option > and ssl redirection. > For our help desk, we need operators can access a specific backend server to > check specific server when we have problems on this backend server. > > We try to do that with the following section, so no hosts file nor DNS > mapping and special binding on backend servers are needed to access specific > backend server, maintaining the right cookie after use_server. > > We have 3 backend servers: web1, web4 and web10. We want to go on: > web1 if in the URL haproxy find " aps_ass_UNIQUE_web1_" -> ex: > http://<mydomain>/app1/aps_ass_UNIQUE_web1_<http://%3cmydomain%3e/app1/aps_ass_UNIQUE_web1_> > web4 if in the URL haproxy find " aps_ass_UNIQUE_web4_" -> ex: > http://<mydomain>/app1/aps_ass_UNIQUE_web4_<http://%3cmydomain%3e/app1/aps_ass_UNIQUE_web4_> > web4 if in the URL haproxy find " aps_ass_UNIQUE_web10_" -> ex: > http://<mydomain>/app1/aps_ass_UNIQUE_web10_<http://%3cmydomain%3e/app1/aps_ass_UNIQUE_web10_> > > Following configuration does not work, can you help to identify a solution ? > > acl aps_ass_web1 path_reg (.*)\/aps_ass_UNIQUE_web1_(.*) > acl aps_ass_web4 path_reg (.*)\/aps_ass_UNIQUE_web4_(.*) > acl aps_ass_web10 path_reg (.*)\/aps_ass_UNIQUE_web10_(.*) > reqirep (.*)\/aps_ass_UNIQUE_web[0-9]*_(.*) \1\2 > use-server web1 if aps_ass_web1 > use-server web4 if aps_ass_web4 > use-server web10 if aps_ass_web10 I see several issues here. 1. One you haven't met yet : your "reqirep" pattern will delete the "/" at the beginning, which may produce some "400 Bad Request" on the backend. Example : GET /aps_ass_UNIQUE_web1_index.html HTTP/1.1 will be replaced by GET index.html HTTP/1.1 2. reqirep is executed *BEFORE* the evaluation of user-server. So the routing information has already disappeared when it is time to choose a server with "use-server". 3. Without any other details (please provide a more complete configuration next time), I assume that you'll meet another issue due to cookie persistence. You'll probably want to have a look to "force-persist". Why not choosing a combination of cookie persistence and force-persist instead of doing some magic with the urls ? -- Cyril Bonté -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto.
