Hi Lance.

Please keep the list in the loop as there are several other persons which can
also help, thank you.

Am 21.12.2018 um 14:49 schrieb Lance Melancon:
> I hope this helps in what you are requesting. So this config works great but I
> need to redirect the server to a sub site as in myserver.net/site. We are
> looking for the exact syntax to add to the haproxy.cfg. I’m including my
> programmer that may understand your feedback better than myself. We did try
> several things referring to the documentation with no luck. Thanks!

docx with embedded Images is not a very secure nor a common format on this list,
due to this fact let me copy the content of the docx here and comment it inline
and answer below.

> Haproxy.cfg:
> global
>    log /dev/log local0
>    log /dev/log local1 notice
>    chroot /var/lib/haproxy
>    stats timeout 30s
>    user haproxy
>    group haproxy
>    daemon
>    maxconn 15000
> 
> defaults
>    log global
>    mode http
>    option httplog
>    option dontlognull
>    timeout connect 5000
>    timeout client 50000
>    timeout server 50000
> 
> frontend myserver.net
>    bind *:443
>    mode tcp

Okay here is the problem.

As the haproxy is only used for tcp proxying not for http you will not be able
to make what you want.

https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-mode

>    maxconn 15000
>    default_backend hac_cluster
> 
> backend hac_cluster
>    mode tcp
>    balance leastconn
>    server myserver 192.1.1.1:443 check maxconn 5000
>    server myserver 192.1.1.2:443 check maxconn 5000
> 
>    listen statistics
>    bind *:80

I would not recommend to put statistics on port 80, but that's only my opinion.

>    mode http
>    stats enable
>    stats hide-version
>    stats refresh 30s
>    stats show-node
>    stats auth myserver:password       
>    stats admin if TRUE
>    stats uri /lbstats
> 
> 
> haproxy -vv
>> ## excerpt from image
> Version 1.7.8
> No compression libs, openssl, pcre nor lua support

On which platform is this haproxy running?
Is haproxy installed from the package management or was it build from sources?

To be able to do what you want you will need to do the following steps.

* Install haproxy with openssl support

* get the certificates from the backend server and add it to the haproxy

https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
  - Pay attention that you copy teh certificates into the chroot dir
    >    chroot /var/lib/haproxy

* create a frontend acl for the path `acl my_site path_beg -i /site`

* create a use_backend line `use_backend my_site if my_site`

* create a backend with the name `my_site` with the server line like
  `server myserver myserver.net: ...`

As I mentioned before it's not a easy task to dig into this topic, therefore I
strongly recommend to give you and your programmer some time to understand how
load balancing on level 6(TLS/SSL) + 7(http) works.

Here are some links which could help to get a better picture of HAProxy and LB
in general.
http://www.haproxy.org/download/1.7/doc/intro.txt
https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/
https://www.haproxy.com/blog/introduction-to-haproxy-acls/

In any case please post some logs, configs or anything directly in the mail body
so that the persons which reads this list via a console are able to follow it
without to open a word document.

We are glad to help as long as we can read the mails ;-)

Very best regards
Aleks


> -----Original Message-----
> From: Aleksandar Lazic <al-hapr...@none.at>
> Sent: Thursday, December 20, 2018 4:21 PM
> To: Lance Melancon <lance.melan...@cfisd.net>
> Cc: haproxy@formilux.org
> Subject: Re: HA Proxy Load Balancer
> 
>  
> 
> CAUTION: This email originated from outside Cypress-Fairbanks ISD. Do not 
> click
> links or open attachments unless you recognize the sender and know the content
> is safe.
> 
>  
> 
>  
> 
>  
> 
> Hi Lance.
> 
>  
> 
> Am 20-12-2018 21:41, schrieb Lance Melancon:
> 
>> Thanks for the info. Unfortunately I am not a programmer by a long
> 
>> shot and syntax is a big problem for me. I tried a few things but no
> 
>> luck and I can't find any examples of a redirect.
> 
>> So do I need both the backend and acl statements?
> 
>> I'm simply trying to use mysite.net to direct to mysite.net/website.
> 
>> Any time I use a / the config fails.
> 
>  
> 
> I'm not sure if you have read and understand my last mail?
> 
> Have you time to dig into this topic as it isn't a quick shot, mostly AFAIK.
> 
>  
> 
> We need some more infos to be able to help you.
> 
>  
> 
>> haproxy -vv
> 
>> anonymized config
> 
>  
> 
> Regards
> 
> Aleks
> 
>  
> 
>> -----Original Message-----
> 
>> From: Aleksandar Lazic <al-hapr...@none.at <mailto:al-hapr...@none.at>>
> 
>> Sent: Thursday, December 20, 2018 2:00 PM
> 
>> To: Lance Melancon <lance.melan...@cfisd.net 
>> <mailto:lance.melan...@cfisd.net>>
> 
>> Cc: haproxy@formilux.org <mailto:haproxy@formilux.org>
> 
>> Subject: Re: HA Proxy Load Balancer
> 
>> 
> 
>> CAUTION: This email originated from outside Cypress-Fairbanks ISD. Do
> 
>> not click links or open attachments unless you recognize the sender
> 
>> and know the content is safe.
> 
>> 
> 
>> 
> 
>> 
> 
>> Hi Lance.
> 
>> 
> 
>> Am 20-12-2018 18:20, schrieb Lance Melancon:
> 
>> 
> 
>>> We are testing the load balancer and it's working but I can't see how
> 
>>> to direct the server to a specific website such as server.net/site.
> 
>>> Is this possible? Syntax? Thanks!
> 
>> 
> 
>> Well yes. I think it is a good starting point to read and understand
> 
>> this blog article.
> 
>> 
> 
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.h
> 
>> aproxy.com%2Fblog%2Fusing-haproxy-as-an-api-gateway-part-1%2F&amp;data
> 
>> =02%7C01%7CLance.melancon%40cfisd.net%7C3437683709964f92e5fa08d666c965
> 
>> 7d%7C12ac55e201c5446abe37be3ef2056122%7C0%7C0%7C636809412524190807&amp
> 
>> ;sdata=%2FSEO%2FhwlqUJX%2BT3WwCbOcEEqbHV2%2Bt3pMlL%2BrTB9lus%3D&amp;re
> 
>> served=0
> 
>> 
> 
>> What you want to do is "HTTP Routing"
> 
>> 
> 
>> For example a short snipplet
> 
>> ###
> 
>> 
> 
>> acl my_site path_beg -i /site
> 
>> 
> 
>> ...
> 
>> use_backend my_site if my_site
> 
>> 
> 
>> ###
> 
>> 
> 
>> I would help a lot to have some more Information from you like.
> 
>> 
> 
>> haproxy -vv
> 
>> anonymized config
> 
>> 
> 
>> As we don't know how much knowledge do you have about http I want to
> 
>> tell you that this statement "server.net/site" 2 parts.
> 
>> 
> 
>> Host: server.net
> 
>> Path: /site
> 
>> 
> 
>> This is explained in detail in the doc.
> 
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcbonte
> 
>> .github.io%2Fhaproxy-dconv%2F1.9%2Fconfiguration.html%231&amp;data=02%
> 
>> 7C01%7CLance.melancon%40cfisd.net%7C3437683709964f92e5fa08d666c9657d%7
> 
>> C12ac55e201c5446abe37be3ef2056122%7C0%7C0%7C636809412524190807&amp;sda
> 
>> ta=%2FBJ%2Bv%2BHBz73ywLIWeS4Mn6BBms4Nwzt%2BGKbb46t2LOI%3D&amp;reserved
> 
>> =0
> 
>> 
> 
>> Hth
> 
>> Aleks
> 
>> 
> 
>>> CYPRESS-FAIRBANKS ISD CONFIDENTIALITY NOTICE: This email, including
> 
>>> any attachments, is for the sole use of the intended recipient(s) and
> 
>>> may contain confidential student and/or employee information.
> 
>>> Unauthorized use and/or disclosure is prohibited under federal and
> 
>>> state law. If you are not the intended recipient, you may not use,
> 
>>> disclose, copy or disseminate this information. Please call the
> 
>>> sender immediately or reply by email and destroy all copies of the
> 
>>> original message, including any attachments. Unless expressly stated
> 
>>> in this e-mail, nothing in this message should be construed as a
> 
>>> digital or electronic signature.
> 
>> CYPRESS-FAIRBANKS ISD CONFIDENTIALITY NOTICE: This email, including
> 
>> any attachments, is for the sole use of the intended recipient(s) and
> 
>> may contain confidential student and/or employee information.
> 
>> Unauthorized use and/or disclosure is prohibited under federal and
> 
>> state law. If you are not the intended recipient, you may not use,
> 
>> disclose, copy or disseminate this information. Please call the sender
> 
>> immediately or reply by email and destroy all copies of the original
> 
>> message, including any attachments. Unless expressly stated in this
> 
>> e-mail, nothing in this message should be construed as a digital or
> 
>> electronic signature.
> 
> CYPRESS-FAIRBANKS ISD CONFIDENTIALITY NOTICE: This email, including any
> attachments, is for the sole use of the intended recipient(s) and may contain
> confidential student and/or employee information. Unauthorized use and/or
> disclosure is prohibited under federal and state law. If you are not the
> intended recipient, you may not use, disclose, copy or disseminate this
> information. Please call the sender immediately or reply by email and destroy
> all copies of the original message, including any attachments. Unless 
> expressly
> stated in this e-mail, nothing in this message should be construed as a 
> digital
> or electronic signature.


Reply via email to