Change route on http_err_cnt
Stick table /request tracking inquiry: is it possible to traffic to a different backend when http error (5xx/4xx) goes higher than a certain threshold ? my config is as such: acl phoenix_bound path_beg -i -f /etc/haproxy/phoenix_bound.lst use_backend phoenix if phoenix_bound My end goal is to accomplish this condition IF (http status code) from (phoenix backend) 399 count 100 ; then use_backend catch_all for al subsequent requests till there are no more errors I am reading up on stick tables and tracking ; but i am confused with the enormous things that can be done with such options so a nudge in the right direction would be greatly appreciated Another question if possible: is it possible to set counters for query string parameters ? for example counting how many requests a specific user id have made to a specific backend
Re: Is SO_REUSEPORT available in HAPROXY?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27/05/2015 09:59 πμ, Igor wrote: Hi, nginx 1.9.1 introduces a new feature that enables use of the SO_REUSEPORT socket option, is this available in HAPROXY now or maybe later :)? http://nginx.com/blog/socket-sharding-nginx-release-1-9-1/ Bests, -Igor Yes, it is, check with git log --grep SO_REUSEPORT on the repos. Cheers, Pavlos -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVZYPBAAoJEIP8ktofcXa5vMMP/RV/VUj5eNBPQNytzyD5s5nY vJYsxfzp1d37bW1OLRYwkGPxEp/aBWJpwlfPstcj0dthGmv8M/LAz137kcHBsr11 r6vQiZKAJ57Z5AX5yCyqZVGJ0kMl8P244qWxCV3N2rlAlQDO2YNCd6y7eUHv4sDS fclJ9AAmGhaMAWhcDJ0MC3G/lBs0NOGNi5LSvVGQVDnETQOgid2GgBm8QY9VKdeF XWXUvpgDMgAPuuvDrvxwXeGQ4ABiq0kk6ikvblIxC46f8PtCRsrK+W7I5lyj3mLt uK8Jqvh1qMhHlGrmAzbR+EByKFkaldkz9efjWRpkJeWgyEe5wLGW0AkSifosz1Sn qYaSPgK8wtckBI2dy25oAM0exBjupWBS1mXIvsvMFApFTBSOsANOgvryiwDlXBmD JX4bjMT/vYtfYPOENANubXGx7a37VtI0NRgh2LUxKvAuQyY/ptACFpttd/xj1Arm ghfwipM3lFbIneAYV6fxpG8Bdkol8Y1ZdcH1e0r4gh+WN3ZSt57htEYf3A2aF7vA Jtfwqxe7xs2ObPf5wNKRuf+4Jt/6qEywlsGGYHddswpoX9jyRo0NSr9/ej3wb0Pr cLweWmQkno4Ta96ln4yP4MrFv2DvqFthYiFl6RD4L183NKID1qev688PZi32MaqI q1l7OLRreVUI8BhbQY4d =66iw -END PGP SIGNATURE-
Re: Configure Haproxy to dynamically set backend server
On Tue, 26 May 2015 21:39:23 + (UTC) Mrunmayi Dhume mrunmayi.dh...@yahoo.com wrote: Thanks for your detailed reply Thierry. While this approach would solve the aspect of choosing the backend dynamically we still need to explicitly define each backend server separately in the haproxy config file. Our use-case involves having 100+ backends and we would prefer not to complicate the config file by defining each backend server as it is not easy to maintain. We prefer to set it based on incoming http request information like path or host header and keep haproxy config file simple with just listen and FE directives and of course single default backend server Hi, HAProxy does not permit to choose the destination IP and PORT. But, maybe I have an ugly solution to your problem. You can try to deal with the option option http_proxy. This option understand the base proxy requests. You create a listen section which use Lua for rewriting the path of the HTTP request like this: core.register_fetches(choose_backend, function(txn) if txn.sf.req_fhdr(Host) == 'example.test.com' and txn.sf.req_path == '/test' then return test1. example.com:8081 else if [...] end return default_backend end); In the haproxy configuration file, you must load the lua file, and use the new declared fetch inyour frontend: global [...] lua-load your-lua-file.lua [...] listen your_frt [...] option http_proxy http-request set-uri http://%[lua.choose_backend]%[url] [...] Thierry if (Host == aaa.example.com’ and path == ‘/test’) thenbackend server == test1. example.com:8081 (Origin port changed) elsif (Host == aaa.example.com’ and path == ‘/test2’) backend server == test2. example.com:8080 (Origin port changed) elsif (Host == aaa.example.com’ and path == ‘/test3’) backend server == xxx.example.com: ((Origin host and port changed) looking for something like the Traffic server lua api - https://docs.trafficserver.apache.org/en/latest/reference/plugins/ts_lua.en.html#ts-client-request-set-url-host Thanks, Mrunmayi On Tuesday, May 26, 2015 3:15 AM, Thierry FOURNIER tfourn...@haproxy.com wrote: On Fri, 22 May 2015 19:06:59 + (UTC) Mrunmayi Dhume mrunmayi.dh...@yahoo.com wrote: Hello, I am using haproxy-1.6 with Lua. I have a use-case where I want to set the destination (backend server) very dynamically, based on certain layer 7 information (I am trying to avoid updating haproxy configuration and make it complicated with a ~100 domain names and their corresponding backend server name and do a map lookup, I want lua to do it ) eg: from lua, based on certain layer 7 information I want to change the backend server (set destination) it should connect to.. if Host is ‘example.test.com’; then backend is test1.server.com elsif Host is ‘example2.test.com; then backend is test2.server.com I want to keep the haproxy config simple and have only the Listen directive listed and take more control of the request flow from the LUA code. The ATS traffic server does provide such functionality through the LUA API hook to override backend server dynamically from Lua end if ts.client_request.header[Host] == 'example.test.com' then ts.client_request.set_url_host( test1.server.comts.client_request.set_url_port(80)elsif ts.client_request.header[Host] == 'example2.test.com' then ts.client_request.set_url_host( test2.server.com ) ts.client_request.set_url_port(80)end Is it possible to do the same using Haproxy and Lua? Hi, Yes, you can, but the way is a little bit different. You must create a new sample fetch in Lua. This fetch executes the analysis of your HTTP resuest and returns the backend name. The following code (untested) must set in a lua file: core.register_fetches(choose_backend, function(txn) if txn.sf.req_fhdr(Host) == 'example.test.com' then return backend1 else if txn.sf.req_fhdr(Host) == 'other.domain.com' then return backend2 [...] end return default_backend end); In the haproxy configuration file, you must load the lua file, and use the new declared fetch inyour frontend: global [...] lua-load your-lua-file.lua [...] frontend your_frt [...] use_backend %[lua.choose_backend] [...] Note that your example code seem to choose a backend regarding only the header host. In this case, the lua is useless, you can use the maps to choose your backend. The configuration looks like this: frontend yur_frt [...] use_backend %[req.fhdr(host),tolower,map(host_to_bck.map,default)] [...] The default argument is the name of the default backend. And the file host_to_bck.map contains a mapping between the hostnames (in lower case) and the backend
stick-table and conn_rate question
managed to successfully reject access from specific users depending on
condition; but what i eventually want is to provide them with a certain page
instead of reject (redirect isn't an option)
backend phoenix
stick-table type string len 40 size 5M expire 2m store
conn_rate(60s)tcp-request inspect-delay 10sstick on url_param(sid) table
phoenixtcp-request content track-sc0 url_param(sid)errorfile 200
/etc/haproxy/custom_response/phoenix.http if { sc0_conn_rate gt 10 }
checking socket; the conn rate is above 10:0x8581a0:
key=100testing01 use=0 exp=119272 server_id=1 conn_rate(6)=90
i think the problem is that condition should be set in frontend config in a
way that points to the phoenix table instead of the default frontend table...
any advice?
Re: Haproxy 1.5 ssl redirect
I have another question to add to the mix. While attempting to mirror the proxypass and proxypassreverse capabilities of Apache's mod_proxy and force https connections across everything through haproxy, I have run into a small snag and want to try and work around it. We have multiple front ends that use the same backends but since I am forcing the URLs to be absolute to rewrite them to https, we need to have a variable host name. What is the most efficient way to accomplish that? example: in a backend we have : # ProxyPassReverse /mirror/foo/ http://bk.dom.com/bar # Note: we turn the urls into absolute in the mean time acl hdr_location res.hdr(Location) -m found rspirep ^Location:\ (https?://localtest.test123.com(:[0-9]+)?)?(/.*) Location:\ \3 if hdr_location which works only for the frontend localtest.test123.com. i have another domain dev.test123.com that needs to use the same backend. What is the best way to make the host from the request into a variable? how can we do something like this so that any frontend can use this backend? acl hdr_location res.hdr(Location) -m found rspirep ^Location:\ (https?://%[host](:[0-9]+)?)?(/.*) Location:\ \3 if hdr_location This is all in haproxy 1.5 Thanks. --Sean Patronis Auto Data Direct Inc. 850.877.8804 On 03/18/2015 02:06 PM, Sean Patronis wrote: Baptiste, Thanks for the links, I had run across them earlier this morning in my google searching, but your post made me pay more attention to them... I have it working now, and the trick that seemed to do it for me was making all the paths absolute (since I am forcing https anyhow, and each since frontend/backend combo is unique) with this line in my backend config: # ProxyPassReverse /mirror/foo/ http://bk.dom.com/bar # Note: we turn the urls into absolute in the mean time acl hdr_location res.hdr(Location) -m found rspirep ^Location:\ (https?://localtest.test123.com(:[0-9]+)?)?(/.*) Location:\ \3 if hdr_location Thanks for all the help from everyone is this thread! --Sean Patronis Auto Data Direct Inc. 850.877.8804 On 03/18/2015 12:06 PM, Baptiste wrote: Hi Sean, You may find some useful information here: http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ and here: http://blog.haproxy.com/2013/02/26/ssl-offloading-impact-on-web-applications/ Baptiste On Wed, Mar 18, 2015 at 3:39 PM, Sean Patronis spatro...@add123.com wrote: Thanks for the link. That looks promising, but testing did not change anything and I am waiting on the developers to give me some indication of what headers they may expect. Maybe we can tackle this a different way since we know it works in apache. I am attempting to replace the following VirtualHost in apache and put it into haproxy: ## [test.test123.com] VirtualHost 10.0.60.5:443 ServerName test.test123.com SSLEngine on SSLProtocol all -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL ProxyPassReverse / http://10.0.60.5/ ProxyPass / http://10.0.60.5/ /VirtualHost what haproxy frontend settings do I need to make this match whatever apache and mod_proxy is doing? 10.0.60.5:80 is already in haproxy I think the problem may be that there are some headers getting set by ProxyPass and ProxyPassReverse that I am not setting in haproxy. More specifically, I think that the apache ProxyPassReverse is rewiting the problem URI to https, and haproxy is not. --Sean Patronis Auto Data Direct Inc. 850.877.8804 On 03/17/2015 06:24 PM, Cyril Bonté wrote: Hi, Le 17/03/2015 20:42, Sean Patronis a écrit : Unfortunately that did not fix it. I mirrored your config and the problem still exists. I am not quite sure how the URL is getting built on the backend (the developers say it is all relative URL/URI), but whatever haproxy is doing, it is doing it differently than apache (with mod_proxy). Just for fun, I swapped back the ssl termination to apache to prove that is does not have an issue (once it passes through apache for ssl, it still goes through Haproxy and all of the backends/acl etc). My goal in all of this was to ditch apache and go all haproxy on the front end. Any other ideas? Have a look at this answer : http://permalink.gmane.org/gmane.comp.web.haproxy/10361 I assume that your application is not aware of an SSL termination, so you have to notify it with the right configuration, which depends on your backends softwares. Can you provide some information on them ? --Sean Patronis Auto Data Direct Inc. 850.877.8804 On 03/17/2015 11:51 AM, Scott McKeown|redIT wrote: Hi Sean, I've got a setup that is somewhat like what you are after. I have however, done it in a very dirrerent way for this very same reason. Example below: global log /dev/log local4 debug maxconn 4096 daemon
Re: Haproxy 1.5 ssl redirect
we use redirect scheme https code 301 if !{ ssl_fc } on our SSL-only
backends, many of which are accessed by multiple hostnames. if i understand
correctly what you're trying to accomplish, i think that should do the
trick?
On Wed, May 27, 2015 at 8:38 AM Sean Patronis spatro...@add123.com wrote:
I have another question to add to the mix. While attempting to
mirror the proxypass and proxypassreverse capabilities of Apache's
mod_proxy and force https connections across everything through haproxy,
I have run into a small snag and want to try and work around it.
We have multiple front ends that use the same backends but since I
am forcing the URLs to be absolute to rewrite them to https, we need to
have a variable host name. What is the most efficient way to accomplish
that?
example: in a backend we have :
# ProxyPassReverse /mirror/foo/ http://bk.dom.com/bar
# Note: we turn the urls into absolute in the mean time
acl hdr_location res.hdr(Location) -m found
rspirep ^Location:\ (https?://localtest.test123.com(:[0-9]+)?)?(/.*)
Location:\ \3 if hdr_location
which works only for the frontend localtest.test123.com. i have
another domain dev.test123.com that needs to use the same backend. What
is the best way to make the host from the request into a variable? how
can we do something like this so that any frontend can use this backend?
acl hdr_location res.hdr(Location) -m found
rspirep ^Location:\ (https?://%[host](:[0-9]+)?)?(/.*) Location:\ \3
if hdr_location
This is all in haproxy 1.5
Thanks.
--Sean Patronis
Auto Data Direct Inc.
850.877.8804
On 03/18/2015 02:06 PM, Sean Patronis wrote:
Baptiste,
Thanks for the links, I had run across them earlier this morning in my
google searching, but your post made me pay more attention to them...
I have it working now, and the trick that seemed to do it for me was
making all the paths absolute (since I am forcing https anyhow, and
each since frontend/backend combo is unique) with this line in my
backend config:
# ProxyPassReverse /mirror/foo/ http://bk.dom.com/bar
# Note: we turn the urls into absolute in the mean time
acl hdr_location res.hdr(Location) -m found
rspirep ^Location:\ (https?://localtest.test123.com(:[0-9]+)?)?(/.*)
Location:\ \3 if hdr_location
Thanks for all the help from everyone is this thread!
--Sean Patronis
Auto Data Direct Inc.
850.877.8804
On 03/18/2015 12:06 PM, Baptiste wrote:
Hi Sean,
You may find some useful information here:
http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/
and here:
http://blog.haproxy.com/2013/02/26/ssl-offloading-impact-on-web-applications/
Baptiste
On Wed, Mar 18, 2015 at 3:39 PM, Sean Patronis spatro...@add123.com
wrote:
Thanks for the link. That looks promising, but testing did not change
anything and I am waiting on the developers to give me some
indication of
what headers they may expect. Maybe we can tackle this a different way
since we know it works in apache. I am attempting to replace the
following
VirtualHost in apache and put it into haproxy:
## [test.test123.com]
VirtualHost 10.0.60.5:443
ServerName test.test123.com
SSLEngine on
SSLProtocol all -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite
ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL
ProxyPassReverse / http://10.0.60.5/
ProxyPass / http://10.0.60.5/
/VirtualHost
what haproxy frontend settings do I need to make this match whatever
apache
and mod_proxy is doing?
10.0.60.5:80 is already in haproxy I think the problem may be
that
there are some headers getting set by ProxyPass and ProxyPassReverse
that I
am not setting in haproxy. More specifically, I think that the apache
ProxyPassReverse is rewiting the problem URI to https, and haproxy
is not.
--Sean Patronis
Auto Data Direct Inc.
850.877.8804
On 03/17/2015 06:24 PM, Cyril Bonté wrote:
Hi,
Le 17/03/2015 20:42, Sean Patronis a écrit :
Unfortunately that did not fix it. I mirrored your config and the
problem still exists. I am not quite sure how the URL is getting
built
on the backend (the developers say it is all relative URL/URI), but
whatever haproxy is doing, it is doing it differently than apache
(with
mod_proxy). Just for fun, I swapped back the ssl termination to
apache
to prove that is does not have an issue (once it passes through
apache
for ssl, it still goes through Haproxy and all of the backends/acl
etc).
My goal in all of this was to ditch apache and go all haproxy on the
front end.
Any other ideas?
Have a look at this answer :
http://permalink.gmane.org/gmane.comp.web.haproxy/10361
I assume that your application is not aware of an SSL termination,
so you
have to notify it with the right
, nous vous confirmons votre inscription
Title: , nous vous confirmons votre inscription Se dsabonner (haproxy@formilux.org) | Version en ligne Bonjour , Domosource rcupre pour vous les meilleures offres du march afin que vous puissiez profiter de bons plans, de rductions sur vos achats pour vous et vos proches. Domosource respecte toujours votre vie prive et ne partagera jamais vos donnes personnelles avec des tiers. Domosource est enregistr la CNIL et vous pouvez nous joindre tout moment. Lors de votre inscription sur no(s) site(s), vous avez souhait bnficier des offres de nos partenaires. Nous vous ferons bnficier de nos meilleures offres publicitaires personnalises et slectionnes selon vos centres d'intrts. Si vous ne souhaitez pas profiter de nos programmes, dsabonnez-vous ds maintenant via ce lien . N'attendez plus et rejoignez Domosource pour rester connect aux meilleures offres du moment. Vous pourrez vous dsabonner tout moment via le lien de dsabonnement de chaque mail. Bien Cordialement, L'Equipe Domosource. Conformment la rglementation informatique et liberts vous disposez dun droit daccs, de modification, de rectification et de suppression des donnes qui vous concernent (art.34 de la loi Informatique et Liberts du six janvier mille neuf cent soixante dix huit). Site Domosource, dclar la CNIL (norme simplifie du vingt six avril deux mille sept). Ce droit peut tre exerc tout moment auprs de notre service utilisateur : cont...@domo-source.com Vous dsirez vous dsabonner? Me dsabonner
Offre Spéciale fete des meres : Moins 15 pourcent et livraison offerte
Title: thebeautyst OFFRE SPCIALE FETE DES MRES: -15% sur vos achats avec livraison offerteConsultez la version en ligne *Code promotion valable jusqu'au 03/06/2015, dans la limite des stocks disponibles hors produits en promotion sur l'ensemble des marques vendues et expdies par The Beautyst : Aesop, Ahava, Anastasia Beverly Hills, Beautyblender, Billion Dollar Brows, By Terry, Carmex, Codage, D-lab, Egyptian Magic, Eve Lom, ghd, James Read, John Masters Organics, Karin Herzog, Lipstick Queen, Ncla, Nyx Cosmetics, Rahua, Real Techniques, Ren, Revitalash, Rms Beauty, Rococo Nail Apparel, Rodial, Sab Masson, Smiths Rosebud Salve, Tangle Teezer, The Balm, The Beautyst, Tommy Guns, Tosowoong, Visoanska, Billion Dollar Brows, NCLA, USUI, UKA et Zoeva. Se dsinscrire
[SPAM] RE: LED panel lighting factory from China.
=20Heyguy,PleasedtohearthatyouareonthemarketofLEDlightingproducts. CarinafromAsia-Boslinhere,exportingLED=lightproductswithgoodqualityandcompetitiveprice.E-catalogwillbeprovidedifneeded. Emailmeorjustcallmedirectly,let'stalkdetails.Thankyo=u!Rgds,CarinaChen Asia-BOSLINoptoelectronicsSciamp;TechGroupCO.,LIMITED FactoryADD:TaiHeRongIndustrialBldgA.LiaoKeng.Shiyan,S=henzhen(518108) OfficeADD:Room722,Building523,BaGuaLingIndustrial=park,BaGuaThirdRd,Futiandistrict,shenzhenChina Mobile:+86-15361680980nb=sp;Fax:+86-755-23007107nbsp=; SkypeID:=Simaoled30E-mail:=car...@simaoled.com Website:www=.simaoled.com Belowplsfindtheinformationof600*600mmLEDpanellight36=Wforyourreference: n=bsp; = =nbsp;nbs=p;MS-PL1=8323 Power 36W = Packingdetails:4pcs/Carton=nbsp; =nbsp; CartonSize:L68times;W64=t=imes;H18cm GW:14.5kg/Carton UnitPriceUS$25.00 Size L597*W597*T13mm =InputVoltage AC85-265V/AC50/60Hznbsp=; LEDQTY 80pcs LEDType 5630SMDchip = CCT 2700-6500K = Lumen 3200LM Powerfactor = 0.93 CRI(Ra) Ra#65310;=75 Material PureAluminum Lifespan gt;50,000hours Tounsubscribe,pleaseclickhere
[SPAM] RE2: samples PI for led
DearManager, Iamfancyfromwww.simaoled.com=,weexportingledlighting=since2008. LampsareISO=9001:2008,CE,ROHS,FCC,TUV,ETLapproved.factoryworkshop2floorsgt;8000#13217;;160staffs,4prod=uctionlines; Dailyproduction:3000pcsper=day;Turnover:13MillionUSdollarsperyear. Successfulin=governmentprojects:Shenzhen=AirportT3floor. Ourproductsc=overs:LEDPanel,LEDFloodLight,LEDHighBay,LEDtubeetc. Anyinterestspleasecontactmedirectly. Yours,FancyPeng=fa...@simaoled.com
2015 latest professional police camera
DearSirorMadam,Hopethingsarewell=withyou.Bytheway,Wesupp=ly oneofour policecameraswhichsellespeciallywellfor=yourreference.Everymonth ,weallexportover5pcstoUSA=nbsp;and Europe.,welcomeyourinquiries ,thanks.nbs=p;OEM,ODMareavaila=ble. ModelNo=.:SM-EH05 = = Welook=forwardtohearingfromyou. =BestRegards= Jenny ContactUS:Company Name:SmartShineTechnologyCo;=Ltd. Address=:2Building,Tongle IndustryPark ,NanshanRoad,Nanshannb=sp;Industry,Shenzhen,China.ContacPerson=;JennyYiTel:0086=13528871-267Fax:008675526=187082Skype :n=bsp;pollyyi471Email: po=llyyu...@hotmail.com n=bsp; i...@szsmartshine.com Website=: www.szsmartshine=.com n=bsp;
