Hi Alex, If I have one vhost representing all the nexus host's how can haproxy identify which server is down ?
I guess health check is to determine which server is healthy right if a vhost masks all the servers in the backend list how would haproxy divert the traffic? Please advise. Thanks, Praveen. -----Original Message----- From: Aleksandar Lazic [mailto:[email protected]] Sent: Thursday, December 20, 2018 2:34 AM To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy <[email protected]> Subject: Re: Http HealthCheck Issue Hi Praveen. Please keep the list in the loop, thanks. Am 20.12.2018 um 07:00 schrieb UPPALAPATI, PRAVEEN: > Hi Alek, > > Now I am totally confused: > > When I say : > > > backend bk_8093_read > balance source > http-response set-header X-Server %s > option log-health-checks > option httpchk GET > /nexus/repository/rawcentral/com.att.swm.attpublic/healthcheck.txt > HTTP/1.1\r\nHost:\ server1.com:8093\r\nAuthorization:\ Basic\ ... > server primary8093r server1.com:8093 check verify none > server backUp08093r server2.com:8093 check backup verify none > server backUp18093r server3.com:8093 check backup verify none > > Here server1.com,server2.com and physical server hostnames. That's the issue. You should have a vhost name which is for all servers the same. > When I define HOST header which server should I define I was expecting > haproxy will formulate that to > > https://urldefense.proofpoint.com/v2/url?u=http-3A__server1.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=--6orxuqJAZSK_-qumJjuZEhy1Iru7mkgPPJvYpw4RQ&e= > https://urldefense.proofpoint.com/v2/url?u=http-3A__server2.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=eJkYBH7JAMAIU1ZIHXCFbOs3RLA0OtMHp1ky_rN-d7s&e= > https://urldefense.proofpoint.com/v2/url?u=http-3A__server3.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=sUUE7fa4pe0lN8iFaAuznj-m8sgwQS2X2xeeva-yCEM&e= > > to monitor which servers are live right , so how could I dynamically populate > the HOST? I have written the following: > I assume that nexus have a general URL and not srv1,srv2, ... This is also mentioned in the config example. https://urldefense.proofpoint.com/v2/url?u=https-3A__help.sonatype.com_repomanager2_installing-2Dand-2Drunning_running-2Dbehind-2Da-2Dreverse-2Dproxy&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=vJtNj9Bd4EYr_kdknJiGcOOfWnV6Mgna31-JAbiKwq4&e= This means on the nexus should be a generic hostname which is for all servers the same. Maybe you can share the nexus config, nexus setup and the nexus version, as it's normally not a big deal to setup a vhost. Regards Aleks PS: What's this urldefense.proofpoint.com crap 8-O > Please advice. > > Thanks, > Praveen. > > > > -----Original Message----- > From: Aleksandar Lazic [mailto:[email protected]] > Sent: Wednesday, December 19, 2018 3:25 PM > To: UPPALAPATI, PRAVEEN <[email protected]> > Cc: Jonathan Matthews <[email protected]>; Cyril Bonté > <[email protected]>; [email protected] > Subject: Re: Http HealthCheck Issue > > Am 19.12.2018 um 21:04 schrieb UPPALAPATI, PRAVEEN: >> Ok then do I need to add the haproxy server? > > I suggest to use a `curl -v > <vhost_for_the_server>/nexus/v1/repository/rawcentral/com.att.swm.attpublic/healthcheck.txt` > and see how curl make the request. > > I assume that nexus have a general URL and not srv1,srv2, ... > For example. > > ### > curl -vo /dev/null > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=53v5RKBVFzzKyU7JGcd8i6eBlGyIfSavQBRkoYcXZm8&e= > > * Rebuilt URL to: > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=k3KIXBm21aPgFFyUUyjSUxggMPVWIqkWYwdaWeDZ6NI&e= > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* > Trying 51.15.8.218... > * Connected to > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=WMHYWYJP4ycNXvPYov7PnJdkQB26fgfXm_ByW2BCM8g&e= > (51.15.8.218) port 443 (#0) > * found 148 certificates in /etc/ssl/certs/ca-certificates.crt > * found 599 certificates in /etc/ssl/certs > * ALPN, offering http/1.1 > * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 > * server certificate verification OK > * server certificate status verification SKIPPED > * common name: *.haproxy.org (matched) > * server certificate expiration date OK > * server certificate activation date OK > * certificate public key: RSA > * certificate version: #3 > * subject: OU=Domain Control Validated,OU=EssentialSSL > Wildcard,CN=*.haproxy.org > * start date: Fri, 21 Apr 2017 00:00:00 GMT > * expire date: Mon, 20 Apr 2020 23:59:59 GMT > * issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA > Limited,CN=COMODO RSA Domain Validation Secure Server CA > * compression: NULL > * ALPN, server accepted to use http/1.1 >> GET / HTTP/1.1 >> Host: >> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=WMHYWYJP4ycNXvPYov7PnJdkQB26fgfXm_ByW2BCM8g&e= >> # <<<< That's the host header which is missing in your > check line >> User-Agent: curl/7.47.0 >> Accept: */* >> > < HTTP/1.1 200 OK > < date: Wed, 19 Dec 2018 21:09:30 GMT > < server: Apache > < last-modified: Wed, 19 Dec 2018 18:32:39 GMT > < etag: "504ff5-148d4-57d643d22eab7" > < accept-ranges: bytes > < content-length: 84180 > < content-type: text/html > < age: 511 > < > { [16150 bytes data] > > ### > > Btw.: This is also shown in the manual in the Example of the option. > > https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234-2Doption-2520httpchk&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=ucx2Dzw9r5Aal7WxTbUPFzqfeREB5QhdZUjlJ2eBYSk&e= > > `option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www ` > > The manual is good, I suggest to read it several times, what I do always ;-) > > You should also avoid `X-` in the response header in your config > > ` http-response set-header X-Server %s` > > As Norman mentioned it in on the list couples of days before. > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mail-2Darchive.com_haproxy-40formilux.org_msg32110.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=tMLlO3B0RAlc-AbDrNl5u4Mff7C8LdQvGr7TWVPpXzY&e= > > Best regards > Aleks > >> -----Original Message----- >> From: Jonathan Matthews [mailto:[email protected]] >> Sent: Wednesday, December 19, 2018 1:32 PM >> To: UPPALAPATI, PRAVEEN <[email protected]> >> Cc: Cyril Bonté <[email protected]>; [email protected] >> Subject: Re: Http HealthCheck Issue >> >> On Wed, 19 Dec 2018 at 19:23, UPPALAPATI, PRAVEEN <[email protected]> wrote: >>> >>> Hmm. Wondering why do we need host header? I was able to do curl without >>> the header. I did not find anything in the doc. >> >> "curl" automatically adds a Host header unless you are directly >> hitting an IP address. >> >
