Re: Check backend servers
Hi, Maybe you're server require a Host header in the health check. Have you tried running the check using wget or curl on the server IP address? cheers On Fri, Feb 10, 2012 at 9:00 AM, Sebastian Fohler i...@far-galaxy.comwrote: Hi Is there some way to check the backendservers manually? I'm always get this errors: Feb 9 13:42:56 haproxy[57652]: Server adserver.dev.adworxs.net/adserver1.dev is DOWN, reason: Layer7 wrong status, code: 404, info: Not Found, check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Feb 9 13:59:36 haproxy[57652]: Server adserver.dev.adworxs.net/adserver2.devis DOWN, reason: Layer7 wrong status, code: 404, info: Not Found, check duration: 1ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. But can't find out why. Log doesn't show me more informations and just calling the server seem to show no such 404 errors. It must be something between haproxy and my backend system. I've configured very long timeouts and nearly half that long check times but still the same problem. For some reason the physical servers are sending a 404 and after that haproxy shuts them down. They work called by haproxy without any trouble until the check followed by a shutdown. Best regards Sebastian
question about reloading haproxy
Hello, I am trying to control a haproxy instance running as a daemon via python: my script monitors the status of haproxy (e.g., number of queued requests), adds/remove some apache servers and updates the configuration of haproxy. Currently my script runs as a root. Would it be possible to restart haproxy (e.g. by issuing the command /etc/init.d/haproxy restart) with lower privileges? The problem seems to be that I cannot re-bind port 80, unless the script runs with root privileges. Thanks, Michele
Re: question about reloading haproxy
Hello Brane, yes, but that is equivalent to running the script as root... the effective user ID is 0. Cheers, Michele On Feb 10, 2012, at 11:52 AM, Brane F. Gračnar wrote: On 02/10/2012 10:35 AM, Michele Mazzucco wrote: Currently my script runs as a root. Would it be possible to restart haproxy (e.g. by issuing the command /etc/init.d/haproxy restart) with lower privileges? The problem seems to be that I cannot re-bind port 80, unless the script runs with root privileges. sudo(8) is your friend. Brane
Re: question about reloading haproxy
On 02/10/2012 10:53 AM, Michele Mazzucco wrote: Hello Brane, yes, but that is equivalent to running the script as root... the effective user ID is 0. Nope, it's not :) You can configure sudo to allow specific user to run only /etc/init.d/haproxy reload without entering password. Your script can run without any special privileges and is still able to perform some task which requires root privileges. Brane
Re: question about reloading haproxy
On Fri, Feb 10, 2012 at 10:59 AM, Brane F. Gračnar brane.grac...@tsmedia.si wrote: On 02/10/2012 10:53 AM, Michele Mazzucco wrote: Hello Brane, yes, but that is equivalent to running the script as root... the effective user ID is 0. Nope, it's not :) You can configure sudo to allow specific user to run only /etc/init.d/haproxy reload without entering password. Your script can run without any special privileges and is still able to perform some task which requires root privileges. Brane I agree with Brane :)
Re: Re: Check backend servers
On 10 February 2012 14:50, Sebastian Fohler i...@far-galaxy.de wrote: What URL does haproxy use exactly to check the service? Is it the realm + the url part or something else? Just to be sure to test the correct option. Hi Sebastian If you are just using the check option for the backends, then the health check is considered successful if a successful TCP connection can be established on the IP/port specified for the backend. This is often not a good indicator of health for HTTP applications, and for those you can use option httpchk to do actual HTTP requests. This option may take any of these forms: option httpchk - Does an HTTP/1.0 GET for the URI / option httpchk uri - As above, but you can specify the URI to use instead of / option httpchk method uri - As above, but you can specify the HTTP method as well (GET, POST, etc.) option httpchk method uri version, As above but you can also specify the version, i.e. if you want to use HTTP/1.1 instead. To use this you probably need to send the HTTP Host: header as well, you can see in my example below how that's done. In all cases, the health check is considered successful if the HTTP status code returned from the backend is 2xx or 3xx. The last form is typically the most useful. Let's say your app is www.example.com and you decide that retrieving the URI /test is the way to determine if it's healthy or not, you would then use the following in the backend definition: option httpchk GET /test HTTP/1.1\r\nHost:\ www.example.com If you still have questions, please post the backend definition from your config file. Graeme. , which the docs (http://haproxy.1wt.eu/download/1.4/doc/configuration.txt) describe as follows:
Re: Check backend servers
This is my backend definition: listen adserver.dev.adworxs.net bind192.168.10.70:80 modehttp log global option dontlognull option httpclose option forwardfor maxconn 1000 clitimeout 12 balance roundrobin contimeout 12 srvtimeout 12 retries 10 option httpchk HEAD /index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.dev.local stats auth admin:pw stats show-node stats refresh m server adserver1.dev 192.168.10.41:80 check inter 24000 0 weight 100 server adserver2.dev 192.168.10.52:80 check inter 24000 0 weight 100 Since I'm using httpchk HEAD /index.php in this case, can you tell me which realm would be used for the check then? Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Check backend servers
so I could use: adserver.dev.local/www/admin/index.php as uri part? Regards Sebastian On 10.02.2012 15:13, Baptiste wrote: option httpchk -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Check backend servers
Hi, First, I can tell you which realm you have to use. You're the only one to know ;) You can use the hostname your clients use. Configure it like that: option httpchk HEAD /index.php HTTP/1.0\r\nHost:\ www.domain.com == please note the backslashes ( \ ) before the spaces. cheers
Re: Check backend servers
On 10 February 2012 16:57, Baptiste bed...@gmail.com wrote: Configure it like that: option httpchk HEAD /index.php HTTP/1.0\r\nHost:\ www.domain.com == please note the backslashes ( \ ) before the spaces. You should use HTTP/1.1 if you're sending a Host: header. Graeme.
rabbitmq and haproxy
We are trying to use haproxy to load balance rabbitmq nodes in a cluster. Here is the config we are using listen rabbitmq1-cluster-5672 192.168.72.26:5672 balance roundrobin server atuapp22 192.168.72.71:5672 check port 5672 server atuapp18 192.168.72.67:5672 check port 5672 These are the global settings # Global settings #- global log 127.0.0.1 local2 #chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # this line is for hatop # stats socket /var/run/haproxy/haproxy.sock user haproxy group haproxy mode 0666 stats socket /var/lib/haproxy/stats #- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #- defaults mode tcp log global option dontlognull maxconn 6 retries 3 option srvtcpka option clitcpka timeout connect 5000ms timeout client 5ms timeout server 5ms The connection seems to always always close after 50 seconds and the rabbitmq Java client gets a EOF connection. How can we avoid the TCP connection closing after 50 seconds and stay open permanently -- Robert Recchia
Log 400 bad request
Hi All, I'm having a small problem with non RFC2616 requests. I would like to log them, but haproxy only logs: cluster1-in cluster1-in/NOSRV -1/-1/-1/-1/0 400 1951 - - PR-- 235/235/0/0/0 0/0 {|||} {} BADREQ Is there a way to log them with the full host header and URL? I know I can show them with 'echo show errors | socat unix-connect:/var/run/haproxy.stat stdio' but since we don't know when and where the problems happen we would like to log it to a file. Greets, Sander
Re: rabbitmq and haproxy
Hi, Sounds like you reached the client or server timeout. So either you increase any values (or both) or you implement some kind of keepalive method inside your application in order to avoid HAProxy to shut it down. The logs may provide some usefull information about which time out has expired. cheers On Fri, Feb 10, 2012 at 4:20 PM, Robert Recchia robr...@gmail.com wrote: We are trying to use haproxy to load balance rabbitmq nodes in a cluster. Here is the config we are using listen rabbitmq1-cluster-5672 192.168.72.26:5672 balance roundrobin server atuapp22 192.168.72.71:5672 check port 5672 server atuapp18 192.168.72.67:5672 check port 5672 These are the global settings # Global settings #- global log 127.0.0.1 local2 #chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # this line is for hatop # stats socket /var/run/haproxy/haproxy.sock user haproxy group haproxy mode 0666 stats socket /var/lib/haproxy/stats #- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #- defaults mode tcp log global option dontlognull maxconn 6 retries 3 option srvtcpka option clitcpka timeout connect 5000ms timeout client 5ms timeout server 5ms The connection seems to always always close after 50 seconds and the rabbitmq Java client gets a EOF connection. How can we avoid the TCP connection closing after 50 seconds and stay open permanently -- Robert Recchia
Re: (haproxy) How-TO get HAPROXY to balanace 2 SSL encypted Webservers ?
Hi. Willy. I am interested in your haproxy and stunnel setting about re-encrypt the traffic between haproxy and tomcat. could you post it, please? Thanks Jie --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,230949,444281#msg-444281
Re: (haproxy) How-TO get HAPROXY to balanace 2 SSL encypted Webservers ?
Hi, Assuming you're running stunnel 4.50 and HAProxy 1.5: Stunnel conf: [frontend_ssl_offloading] cert = /path/to/certificate key = /path/to/key accept = LISTENING_IP:443 connect = 127.0.0.1:80 protocol = proxy [server1_ssl_connection] cert = /path/to/certificate key = /path/to/key accept = 127.0.1.2:80 connect = SERVER_IP:443 protocol = proxy client = yes HAProxy configuration: frontend web mode http option http-server-close default_backend web backend web mode http option http-server-close balance roundrobin cookie SERVERID insert indirect nocache server srv1 127.0.1.2:80 check cookie srv1 The flow will be like that: client - stunnel frontend - HAProxy frontend - HAProxy backend - stunnel server - server Hope this helps cheers On Fri, Feb 10, 2012 at 9:42 PM, hapr...@serverphorums.com wrote: Hi. Willy. I am interested in your haproxy and stunnel setting about re-encrypt the traffic between haproxy and tomcat. could you post it, please? Thanks Jie --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,230949,444281#msg-444281
Re: Check backend servers
On Fri, Feb 10, 2012 at 4:00 PM, Graeme Donaldson gra...@donaldson.za.net wrote: On 10 February 2012 16:57, Baptiste bed...@gmail.com wrote: Configure it like that: option httpchk HEAD /index.php HTTP/1.0\r\nHost:\ www.domain.com == please note the backslashes ( \ ) before the spaces. You should use HTTP/1.1 if you're sending a Host: header. Graeme. very true :)