Re: haproxy configuration to use forwardfor with websockets
Hi, My answers inline. On Sun, May 12, 2013 at 11:25 PM, Peter Saitz peter.sa...@gmail.com wrote: 1. For http, I should set this to balanace roundrobin and haproxy is attaching A or B to the cookie, if this A or B is present in cookie for any following incoming request, then user is directed to the same server as his initial request, correct? (cookie is a session cookie, so once user closes browser it is erased and next time user gets the server on random again. That's it. More details about load-balancing and persistence: http://blog.exceliance.fr/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ 2. What about websockets? the same, since the persistence will occur during the negotiation phase. 3. If cookie is not accepted by client's browser, how can I ensure that all those clients are redirected to a single server? then you have to fail over to source IP load-balancing or persistence, which is not exactly the same. More details here: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ Baptiste
Re: haproxy configuration to use forwardfor with websockets
3. is there a way for haproxy to detect this scenario? Or how would I create special block of options/rules for such clients in haproxy config? If yes, can you provide some example? I am digging into this mainly because IE is not sending all headers when sending cross-origin request (not sure if this issue is still present in the latest version of IE, I think I last tested it with IE8) On Sun, May 12, 2013 at 11:34 PM, Baptiste bed...@gmail.com wrote: Hi, My answers inline. On Sun, May 12, 2013 at 11:25 PM, Peter Saitz peter.sa...@gmail.com wrote: 1. For http, I should set this to balanace roundrobin and haproxy is attaching A or B to the cookie, if this A or B is present in cookie for any following incoming request, then user is directed to the same server as his initial request, correct? (cookie is a session cookie, so once user closes browser it is erased and next time user gets the server on random again. That's it. More details about load-balancing and persistence: http://blog.exceliance.fr/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ 2. What about websockets? the same, since the persistence will occur during the negotiation phase. 3. If cookie is not accepted by client's browser, how can I ensure that all those clients are redirected to a single server? then you have to fail over to source IP load-balancing or persistence, which is not exactly the same. More details here: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ Baptiste
Re: haproxy configuration to use forwardfor with websockets
Hi, Since all first request won't have the cookie (whatever the browser), the only way to fix your issue is to use source IP laod-balancing or source IP persistence, don't make any difference between browsers. Baptiste On Mon, May 13, 2013 at 8:41 AM, Peter Saitz peter.sa...@gmail.com wrote: 3. is there a way for haproxy to detect this scenario? Or how would I create special block of options/rules for such clients in haproxy config? If yes, can you provide some example? I am digging into this mainly because IE is not sending all headers when sending cross-origin request (not sure if this issue is still present in the latest version of IE, I think I last tested it with IE8) On Sun, May 12, 2013 at 11:34 PM, Baptiste bed...@gmail.com wrote: Hi, My answers inline. On Sun, May 12, 2013 at 11:25 PM, Peter Saitz peter.sa...@gmail.com wrote: 1. For http, I should set this to balanace roundrobin and haproxy is attaching A or B to the cookie, if this A or B is present in cookie for any following incoming request, then user is directed to the same server as his initial request, correct? (cookie is a session cookie, so once user closes browser it is erased and next time user gets the server on random again. That's it. More details about load-balancing and persistence: http://blog.exceliance.fr/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ 2. What about websockets? the same, since the persistence will occur during the negotiation phase. 3. If cookie is not accepted by client's browser, how can I ensure that all those clients are redirected to a single server? then you have to fail over to source IP load-balancing or persistence, which is not exactly the same. More details here: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ Baptiste
Re: haproxy configuration to use forwardfor with websockets
thank you for addressing all my questions, I think I am on the right path now. On Mon, May 13, 2013 at 12:50 AM, Baptiste bed...@gmail.com wrote: Hi, Since all first request won't have the cookie (whatever the browser), the only way to fix your issue is to use source IP laod-balancing or source IP persistence, don't make any difference between browsers. Baptiste On Mon, May 13, 2013 at 8:41 AM, Peter Saitz peter.sa...@gmail.com wrote: 3. is there a way for haproxy to detect this scenario? Or how would I create special block of options/rules for such clients in haproxy config? If yes, can you provide some example? I am digging into this mainly because IE is not sending all headers when sending cross-origin request (not sure if this issue is still present in the latest version of IE, I think I last tested it with IE8) On Sun, May 12, 2013 at 11:34 PM, Baptiste bed...@gmail.com wrote: Hi, My answers inline. On Sun, May 12, 2013 at 11:25 PM, Peter Saitz peter.sa...@gmail.com wrote: 1. For http, I should set this to balanace roundrobin and haproxy is attaching A or B to the cookie, if this A or B is present in cookie for any following incoming request, then user is directed to the same server as his initial request, correct? (cookie is a session cookie, so once user closes browser it is erased and next time user gets the server on random again. That's it. More details about load-balancing and persistence: http://blog.exceliance.fr/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ 2. What about websockets? the same, since the persistence will occur during the negotiation phase. 3. If cookie is not accepted by client's browser, how can I ensure that all those clients are redirected to a single server? then you have to fail over to source IP load-balancing or persistence, which is not exactly the same. More details here: http://blog.exceliance.fr/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ Baptiste
stick-table and URL
Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.
Re: stick-table and URL
Hi Rui, This is normal: HAProxy can't store in a stick table headers it has itself setup. So the line stick store-response set-cookie(SERVERID) table webservers_backend will work only if the server set-up the cookie. If you manage your server to setup this cookie, it may work with the configuration below: stick store-response set-cookie(SERVERID) table webservers_backend stick on cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend HAProxy will first try to collect stickiness information from the Cookie. If it can't find it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Luís rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.
Re: build with static openssl
ok, that's basically what I did to get it working too. I'm still doing some testing but so far it's working as expected and using openssl 1.0.1e on a redhat 5.x system. I ended up configuring openssl with no-dso which seems to make it statically link to its dependencies and not need to pull -ldl into the haproxy build. Not sure what other impacts that has though. Thanks for the pointers! -Bryan On Fri, May 10, 2013 at 5:24 PM, Lukas Tribus luky...@hotmail.com wrote: Hi Bryan, What's required to build haproxy and statically link with openssl libs like can be done with pcre? The following procedure will install a static build of latest openssl in a directory of your choice without interfering with your OS headers and libraries: export LIBSSLBUILD=/tmp/libsslbuild mkdir $LIBSSLBUILD cd ~ wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz tar zxvf openssl-1.0.1e.tar.gz cd openssl-1.0.1e ./config --prefix=$LIBSSLBUILD no-shared make make install_sw Then build haproxy by pointing to the proper path: make TARGET=linux2628 USE_OPENSSL=1 ADDINC=-I$LIBSSLBUILD/include \ ADDLIB=-L$LIBSSLBUILD/lib -ldl OpenSSL depends on libdl, so we need pass -ldl along. When everything is compiled, checkout your openssl version (use a snapshot from Apr 27th or younger to see build and runtime openssl version). Both should say 1.0.1e in our case. Also check with ldd; it should not show any openssl libraries loaded dynamically. lukas@ubuntuvm:~/haproxy$ ./haproxy -vv | grep OpenSSL Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes lukas@ubuntuvm:~/haproxy$ ldd haproxy linux-gate.so.1 = (0xb76e4000) libcrypt.so.1 = /lib/i386-linux-gnu/libcrypt.so.1 (0xb76ab000) libdl.so.2 = /lib/i386-linux-gnu/libdl.so.2 (0xb76a6000) libc.so.6 = /lib/i386-linux-gnu/libc.so.6 (0xb74fb000) /lib/ld-linux.so.2 (0xb76e5000) lukas@ubuntuvm:~/haproxy$ Regards, Lukas
Re: stick-table and URL
Hi, I'am not sure the baptiste trick is usable. Please prefer use-server statement: cookie SERVERID insert indirect nocache use-server ip1 if { url_param(SERVERID) memtom1 } use-server ip2 if { url_param(SERVERID) memtom2 } server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 Regards, Emeric original message- De: Baptiste bed...@gmail.com A: Rui Lu�s rui.l...@gmail.com Copie à: haproxy@formilux.org Date: Mon, 13 May 2013 23:01:08 +0200 - Hi Rui, This is normal: HAProxy can't store in a stick table headers it has itself setup. So the line stick store-response set-cookie(SERVERID) table webservers_backend will work only if the server set-up the cookie. If you manage your server to setup this cookie, it may work with the configuration below: stick store-response set-cookie(SERVERID) table webservers_backend stick on cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend HAProxy will first try to collect stickiness information from the Cookie. If it can't find it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Lu�s rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.
Re: stick-table and URL
I was wrong on use-server lines Correct ones: use-server memtom1 if { url_param(SERVERID) memtom1 } use-server memtom2 if { url_param(SERVERID) memtom2 } original message- De: Emeric BRUN eb...@exceliance.fr A: Baptiste bed...@gmail.com Copie à: haproxy@formilux.org Date: Tue, 14 May 2013 07:47:24 +0200 - Hi, I'am not sure the baptiste trick is usable. Please prefer use-server statement: cookie SERVERID insert indirect nocache use-server ip1 if { url_param(SERVERID) memtom1 } use-server ip2 if { url_param(SERVERID) memtom2 } server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 Regards, Emeric original message- De: Baptiste bed...@gmail.com A: Rui Lu?s rui.l...@gmail.com Copie �: haproxy@formilux.org Date: Mon, 13 May 2013 23:01:08 +0200 - Hi Rui, This is normal: HAProxy can't store in a stick table headers it has itself setup. So the line stick store-response set-cookie(SERVERID) table webservers_backend will work only if the server set-up the cookie. If you manage your server to setup this cookie, it may work with the configuration below: stick store-response set-cookie(SERVERID) table webservers_backend stick on cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend HAProxy will first try to collect stickiness information from the Cookie. If it can't find it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Lu?s rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.
Re: stick-table and URL
Hi Emeric, I'm sure it works. We use the same trick for JSESSIONID cookie, and I can tell you it works. That's why I said to Rui to allow the server to setup the cookie. That said, I'm almost sure your trick doesn't work. I'm pretty sure the cookie SERVERID has been removed by HAProxy when use-server rules are evaluated. Baptiste On Tue, May 14, 2013 at 7:47 AM, Emeric BRUN eb...@exceliance.fr wrote: Hi, I'am not sure the baptiste trick is usable. Please prefer use-server statement: cookie SERVERID insert indirect nocache use-server ip1 if { url_param(SERVERID) memtom1 } use-server ip2 if { url_param(SERVERID) memtom2 } server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 Regards, Emeric original message- De: Baptiste bed...@gmail.com A: Rui Lu�s rui.l...@gmail.com Copie à: haproxy@formilux.org Date: Mon, 13 May 2013 23:01:08 +0200 - Hi Rui, This is normal: HAProxy can't store in a stick table headers it has itself setup. So the line stick store-response set-cookie(SERVERID) table webservers_backend will work only if the server set-up the cookie. If you manage your server to setup this cookie, it may work with the configuration below: stick store-response set-cookie(SERVERID) table webservers_backend stick on cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend HAProxy will first try to collect stickiness information from the Cookie. If it can't find it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Lu�s rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.