Hi Praveen.

That's because the http health check is on a different network layer.

The server line defines the tcp layer and the http check the application layer.

Please take a look into the doc about check and http-check.

http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-check

http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20httpchk

As I don't know how deep the knowledge of the different layers is, let me 
suggest you this articel to refresh the knowledge.

https://en.m.wikipedia.org/wiki/TCP/IP_model

Regards
aleks


-------- Ursprüngliche Nachricht --------
Von: "UPPALAPATI, PRAVEEN" <pu5...@att.com>
Gesendet: 27. Dezember 2018 06:24:43 MEZ
An: Aleksandar Lazic <al-hapr...@none.at>, haproxy <haproxy@formilux.org>
Betreff: RE: Http HealthCheck Issue

Hi Alex,

If I have one vhost representing all the nexus host's how can haproxy identify 
which server is down ?

I guess health check is to determine which server is healthy right if a vhost 
masks all the servers in the backend list how would haproxy divert the traffic?

Please advise.

Thanks,
Praveen.

-----Original Message-----
From: Aleksandar Lazic [mailto:al-hapr...@none.at] 
Sent: Thursday, December 20, 2018 2:34 AM
To: UPPALAPATI, PRAVEEN <pu5...@att.com>; haproxy <haproxy@formilux.org>
Subject: Re: Http HealthCheck Issue

Hi Praveen.

Please keep the list in the loop, thanks.

Am 20.12.2018 um 07:00 schrieb UPPALAPATI, PRAVEEN:
> Hi Alek,
> 
> Now I am totally confused:
> 
> When I say :
> 
> 
> backend bk_8093_read
>     balance    source
>     http-response set-header X-Server %s
>     option log-health-checks
>     option httpchk GET 
> /nexus/repository/rawcentral/com.att.swm.attpublic/healthcheck.txt 
> HTTP/1.1\r\nHost:\ server1.com:8093\r\nAuthorization:\ Basic\ ...
>     server primary8093r server1.com:8093 check verify none
>     server backUp08093r server2.com:8093 check backup verify none 
>     server backUp18093r server3.com:8093 check backup verify none
> 
> Here server1.com,server2.com and physical server hostnames.

That's the issue. You should have a vhost name which is for all servers the 
same.

> When I define HOST header which server should I define I was expecting 
> haproxy will formulate that to 
> 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__server1.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=--6orxuqJAZSK_-qumJjuZEhy1Iru7mkgPPJvYpw4RQ&e=
> https://urldefense.proofpoint.com/v2/url?u=http-3A__server2.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=eJkYBH7JAMAIU1ZIHXCFbOs3RLA0OtMHp1ky_rN-d7s&e=
> https://urldefense.proofpoint.com/v2/url?u=http-3A__server3.com-3A8093_nexus_repository_rawcentral_com.att.swm.attpublic_healthcheck.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=sUUE7fa4pe0lN8iFaAuznj-m8sgwQS2X2xeeva-yCEM&e=
> 
> to monitor which servers are live right , so how could I dynamically populate 
> the HOST?

I have written the following:

> I assume that nexus have a general URL and not srv1,srv2, ...

This is also mentioned in the config example.

https://urldefense.proofpoint.com/v2/url?u=https-3A__help.sonatype.com_repomanager2_installing-2Dand-2Drunning_running-2Dbehind-2Da-2Dreverse-2Dproxy&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=OZ-O9xFFKCfaCy769FVtGWPRgXm2eydV92WYJPam8Yg&s=vJtNj9Bd4EYr_kdknJiGcOOfWnV6Mgna31-JAbiKwq4&e=

This means on the nexus should be a generic hostname which is for all servers
the same.

Maybe you can share the nexus config, nexus setup and the nexus version, as it's
normally not a big deal to setup a vhost.

Regards
Aleks


PS: What's this urldefense.proofpoint.com crap 8-O

> Please advice.
> 
> Thanks,
> Praveen.
> 
> 
> 
> -----Original Message-----
> From: Aleksandar Lazic [mailto:al-hapr...@none.at] 
> Sent: Wednesday, December 19, 2018 3:25 PM
> To: UPPALAPATI, PRAVEEN <pu5...@att.com>
> Cc: Jonathan Matthews <cont...@jpluscplusm.com>; Cyril Bonté 
> <cyril.bo...@free.fr>; haproxy@formilux.org
> Subject: Re: Http HealthCheck Issue
> 
> Am 19.12.2018 um 21:04 schrieb UPPALAPATI, PRAVEEN:
>> Ok then do I need to add the haproxy server?
> 
> I suggest to use a `curl -v
> <vhost_for_the_server>/nexus/v1/repository/rawcentral/com.att.swm.attpublic/healthcheck.txt`
> and see how curl make the request.
> 
> I assume that nexus have a general URL and not srv1,srv2, ...
> For example.
> 
> ###
> curl -vo /dev/null 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=53v5RKBVFzzKyU7JGcd8i6eBlGyIfSavQBRkoYcXZm8&e=
> 
> * Rebuilt URL to: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=k3KIXBm21aPgFFyUUyjSUxggMPVWIqkWYwdaWeDZ6NI&e=
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  
> Current
>                                  Dload  Upload   Total   Spent    Left  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     
> 0*
>   Trying 51.15.8.218...
> * Connected to 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=WMHYWYJP4ycNXvPYov7PnJdkQB26fgfXm_ByW2BCM8g&e=
>  (51.15.8.218) port 443 (#0)
> * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
> * found 599 certificates in /etc/ssl/certs
> * ALPN, offering http/1.1
> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
> *        server certificate verification OK
> *        server certificate status verification SKIPPED
> *        common name: *.haproxy.org (matched)
> *        server certificate expiration date OK
> *        server certificate activation date OK
> *        certificate public key: RSA
> *        certificate version: #3
> *        subject: OU=Domain Control Validated,OU=EssentialSSL
> Wildcard,CN=*.haproxy.org
> *        start date: Fri, 21 Apr 2017 00:00:00 GMT
> *        expire date: Mon, 20 Apr 2020 23:59:59 GMT
> *        issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
> Limited,CN=COMODO RSA Domain Validation Secure Server CA
> *        compression: NULL
> * ALPN, server accepted to use http/1.1
>> GET / HTTP/1.1
>> Host: 
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.haproxy.org&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=WMHYWYJP4ycNXvPYov7PnJdkQB26fgfXm_ByW2BCM8g&e=
>>  # <<<< That's the host header which is missing in your
> check line
>> User-Agent: curl/7.47.0
>> Accept: */*
>>
> < HTTP/1.1 200 OK
> < date: Wed, 19 Dec 2018 21:09:30 GMT
> < server: Apache
> < last-modified: Wed, 19 Dec 2018 18:32:39 GMT
> < etag: "504ff5-148d4-57d643d22eab7"
> < accept-ranges: bytes
> < content-length: 84180
> < content-type: text/html
> < age: 511
> <
> { [16150 bytes data]
> 
> ###
> 
> Btw.: This is also shown in the manual in the Example of the option.
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234-2Doption-2520httpchk&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=ucx2Dzw9r5Aal7WxTbUPFzqfeREB5QhdZUjlJ2eBYSk&e=
> 
> `option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www `
> 
> The manual is good, I suggest to read it several times, what I do always ;-)
> 
> You should also avoid `X-` in the response header in your config
> 
> `    http-response set-header X-Server %s`
> 
> As Norman mentioned it in on the list couples of days before.
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mail-2Darchive.com_haproxy-40formilux.org_msg32110.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=CaQ1GDp8D6XzObaEV3Ad9IQ3Q1TwhAAYhFQ24IgwP68&s=tMLlO3B0RAlc-AbDrNl5u4Mff7C8LdQvGr7TWVPpXzY&e=
> 
> Best regards
> Aleks
> 
>> -----Original Message-----
>> From: Jonathan Matthews [mailto:cont...@jpluscplusm.com] 
>> Sent: Wednesday, December 19, 2018 1:32 PM
>> To: UPPALAPATI, PRAVEEN <pu5...@att.com>
>> Cc: Cyril Bonté <cyril.bo...@free.fr>; haproxy@formilux.org
>> Subject: Re: Http HealthCheck Issue
>>
>> On Wed, 19 Dec 2018 at 19:23, UPPALAPATI, PRAVEEN <pu5...@att.com> wrote:
>>>
>>> Hmm. Wondering why do we need host header? I was able to do curl without 
>>> the header. I did not find anything in the doc.
>>
>> "curl" automatically adds a Host header unless you are directly
>> hitting an IP address.
>>
> 


Reply via email to