Re: Global least loaded server
Thanks Baptiste for your reply, but I think this is not a health check problem. Let me give you a very simplified example of the problem. Let's assume the following transactions are sent to the aforementioned configuration with W1 = 3, W2=1, W3=1,W4=1:/MYURL/MYURL /MYURL /OtherURL BK1 will forward the first three /MYURL transactions to go to the Server Web1 (W=3);Now, when it comes to /OtherURL, regardless of the other /MYURL transactions that are currently processing in Web1, BK2 will forward this new /OtherURL transaction to Web1, while it could send it to Web2 as it is least loaded server at the moment. BK2 is selecting the least loaded server internally without any information from BK1. This is a very simplified format of the issue. Because of such behaviour, HAProxy is not able to provide optimum performance. As I understood from the code, those three structure that keeps track of which server is the one that should be select as the next target is kept in each backend separately, and this raises the issue for such a config. I need to make change either in my config, or most probably in the code to make this happen. But for me as new user, it was complex to figure out what changes I need to do to fix this. Any help is appreciated. From: Baptiste bed...@gmail.com To: N P nvn...@yahoo.ca Cc: haproxy@formilux.org haproxy@formilux.org Sent: Tuesday, June 2, 2015 12:48 PM Subject: Re: Global least loaded server On Tue, Jun 2, 2015 at 6:36 PM, N P nvn...@yahoo.ca wrote: Hi, I want to send two transactions with different weights to different servers. I have done this using frontend, backend, and ACL as can be seen from the below config. The other requirement is to also use leastconn balancing. The problem is that in this setting, leastconn applies within each backend and the selected server is not essentially the GLOBAL least loaded server in total (maybe due to a bug in the system). Note that, same servers are used in the backends with different weights. From what I understood from the code, the problem seems to be that each backend tracks the number of connection of its own servers separately. Therefore, although a server is overloaded in one backend, the other backend might think that it is completely free. My requirement is to forward requests to different servers with different weights, but select the least loaded server in total. I checked Haproxy code to see what I need to change, but could not figure it out. I am not very familiar with HAProxy code and structure. I wonder if there is an easy solution to do this, or if some one can help me with some directions to do this; either to config HAProxydifferently or to change its code to address my requirement. Any help is appreciated. My setting is: backend BK1 balance leastconn server web1 000.000.000.000:00 weight W1 server web2 111.111.111.111:11 weight W2 backend BK2 balance leastconn server web1 000.000.000.000:00 weight W3 server web2 111.111.111.111:11 weight W4 frontend http bind *:80 mode http acl myACL url_beg /MYURL use_backend BK1 if myACL default_backend BK2 Hi, Your health checks should be able to report an overloaded server, or better, using the agent-check for this purpose. Baptiste
[Mandrill Support] Abuse Report from Anonymous (haproxy@formilux.org) (#110663)
##- Please type your reply above this line -## [Mandrill Support] Abuse Report from Anonymous (haproxy@formilux.org) (#110663) -- The Mandrill Team, Jun 3, 4:38 PM Hi Anonymous, Thank you for reporting this to the Mandrill Abuse Desk. Based on the provided information, we have located the account in question and are investigating further. If you have any questions or if we can be of any further help, please let us know. -- Anonymous, Jun 3, 3:46 PM Bland commission fraud (we have 20M Pound and want to give you 10% commission) was send to the haproxy mailing list, i.e. the developer/support mailing list of a loadbalancer software at haproxy@formilux.org. This mail is clearly spam and should not be sent. [63PN-5MT0]
RE: Syslog messages get truncated at 1kb (syslog server config is ok)
Hi Lukas, my mtu is set to 1500 and the message looks truncated. I am able to ping the server using that mtu root@lbha01:~# ping -s 1500 syslog -s 1472 -M do is what you would use for this test. Instead, you are sending ICMP requests at 1528 Bytes MTU without DF bit, so it will get fragmented. Anyway, its unlikely that this is the problem. this is my dump (tcpdump -X) (the message is truncated and I don't see other packets flowing). Ok, can you confirm that haproxy has been reloaded/restartet after adding the len keyword to your logging configuration? With the logger utility this line gets splitted into multiple packets I'm not familiar with this utility. Can you elaborate whether this SENDS packets to your syslog-ng or if it recieves logs from haproxy? Iirc, a syslog message must fit into a single packet. Regards, Lukas
add header or query parameter when redirecting
Hello, I use the redirect directive to redirect users from old sites to a new site, eg: redirect prefix http://new-site.com code 301 if old-site I would like to redirect requests from many old sites to the same new site, so I need a way to add info about the old host in the new redirected request. I'm looking for a way to add a header to the redirected request to identify the host, for example : X-Orig-Site: old-site-123.com Is this possible ? I guess I can't add a header to the request with HAproxy, since HAproxy only sends a new Location header to the browser, and the browser sets the headers. So, is there a way to alter the location sent in the redirect, to include « orig-site=old-site-123.com » ? I think I'm missing something here. Should I user « http-request redirect » instead of « redirect prefix » ? By the way, I tried to use the set-cookie option for this, but it was a bad idea : redirect prefix http://new-site.com code 301 set-cookie ORIG=%[hdr(host)] if old_site This doesn't work for two reasons : 1. The « %[hdr(host)] » part is send literally in the request : Set-Cookie: ORIG=%[hdr(host)]; path=/; 2. The request sent to new-site.com doesn't seem to include this cookie Sylvain
Syslog messages get truncated at 1kb (syslog server config is ok)
Hi all, I'm looking for help on this little piece of config: global stats socket /tmp/haproxy.sock mode 0600 level admin user haproxy group haproxy daemon log syslog.7pixel.local len 8192 local0 pidfile /var/run/haproxy.pid stats socket 192.168.0.191:8080 level admin defaults log global modehttp option dontlognull retries 3 option redispatch maxconn 2000 timeout connect 5000 timeout client 5 timeout server 5 Even if I set 8192 as length the message gets truncated after 1024 chars, we use syslog-ng and configured it to accept a ridiculously huge length (log_msg_size(262144) defined in /etc/syslog-ng.conf), I also tried using the logger utility to check if the message gets delivered correctly and it does. I'm currently running haproxy-1.5.12 on a debian 7 system, compiled with: make TARGET=linux2628 USE_PCRE=1 CPU=native USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr Am I missing something ? Thank you for your help Damiano
RE: Syslog messages get truncated at 1kb (syslog server config is ok)
Hi Damiano, Even if I set 8192 as length the message gets truncated after 1024 chars, we use syslog-ng and configured it to accept a ridiculously huge length (log_msg_size(262144) defined in /etc/syslog-ng.conf), I also tried using the logger utility to check if the message gets delivered correctly and it does. How does the syslog packet look on the wire (tcpdump/wireshark)? What is your MTU and can you successfully ping the syslog server with that MTU? Regards, Lukas
RE: Syslog messages get truncated at 1kb (syslog server config is ok)
Hi Lukas, my mtu is set to 1500 and the message looks truncated. I am able to ping the server using that mtu root@lbha01:~# ping -s 1500 syslog PING syslog.7pixel.local (10.1.0.150) 1500(1528) bytes of data. 1508 bytes from 10.1.0.150: icmp_req=1 ttl=63 time=0.446 ms 1508 bytes from 10.1.0.150: icmp_req=2 ttl=63 time=0.485 ms I made this request: wget http://haservice:8990/this/it/select?q=LNGREQUEST; this is my dump (tcpdump -X) (the message is truncated and I don't see other packets flowing). With the logger utility this line gets splitted into multiple packets 11:33:19.784137 IP lbha01.7pixel.local.48391 syslog.7pixel.local.syslog: SYSLOG local0.info, length: 1176 0x: 4500 04b4 b377 4000 4011 b6bb c0a8 00c7 Ew@.@... 0x0010: 0a01 0096 bd07 0202 04a0 d0b7 3c31 3334 134 0x0020: 3e4a 756e 2020 3320 3131 3a33 333a 3139 Jun..3.11:33:19 0x0030: 2068 6170 726f 7879 5b35 3037 3935 5d3a .haproxy[50795]: 0x0040: 2031 3932 2e31 3638 2e30 2e31 3939 3a33 .192.168.0.199:3 0x0050: 3936 3139 205b 3033 2f4a 756e 2f32 3031 9619.[03/Jun/201 0x0060: 353a 3131 3a33 333a 3139 2e37 3739 5d20 5:11:33:19.779]. 0x0070: 736f 6c72 2066 726f 6e74 656e 645f 6974 this.frontend_it 0x0080: 2f73 6f6c 7230 3420 302f 302f 302f 342f /this04.0/0/0/4/ 0x0090: 3420 3230 3020 3634 3937 202d 202d 202d 4.200.6497.-.-.- 0x00a0: 2d2d 2d20 392f 392f 302f 312f 3020 302f ---.9/9/0/1/0.0/ 0x00b0: 3020 2247 4554 202f 736f 6c72 2f69 742f 0.GET./this/it/ 0x00c0: 7365 6c65 6374 3f71 3d4c 4f4f 4f4f 4f4f select?q=LOO 0x00d0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x00e0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x00f0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0100: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0110: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0120: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0130: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0140: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0150: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0160: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0170: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0180: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x0190: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x01a0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x01b0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x01c0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 0x01d0: 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f 4f4f
Re: add header or query parameter when redirecting
On 06/03/2015 04:02 PM, Baptiste wrote:
On Wed, Jun 3, 2015 at 11:58 AM, Sylvain Faivre
sylvain.fai...@reservit.com wrote:
Hello,
I use the redirect directive to redirect users from old sites to a new site,
eg:
redirect prefix http://new-site.com code 301 if old-site
I would like to redirect requests from many old sites to the same new site,
so I need a way to add info about the old host in the new redirected
request.
I'm looking for a way to add a header to the redirected request to identify
the host, for example :
X-Orig-Site: old-site-123.com
Is this possible ?
I guess I can't add a header to the request with HAproxy, since HAproxy only
sends a new Location header to the browser, and the browser sets the
headers.
So, is there a way to alter the location sent in the redirect, to include «
orig-site=old-site-123.com » ?
I think I'm missing something here.
Should I user « http-request redirect » instead of « redirect prefix » ?
By the way, I tried to use the set-cookie option for this, but it was a bad
idea :
redirect prefix http://new-site.com code 301 set-cookie
ORIG=%[hdr(host)] if old_site
This doesn't work for two reasons :
1. The « %[hdr(host)] » part is send literally in the request :
Set-Cookie: ORIG=%[hdr(host)]; path=/;
2. The request sent to new-site.com doesn't seem to include this cookie
Sylvain
Hi Sylvain,
The only good way to do what you want to achieve, is to use a query
string parameter and http-request and http-response rules coupled to a
few sections...
Basically, haproxy is not able to modify the headers sent by a
redirect rule. So the trick here, is to perform the redirect in a
dummy frontend section used as a server in a dedicated backend and
insert a header in the response, like this:
backend be_redirect
http-request capture req.hdr(host),word(1,:),lower len 32
http-response replace-value Location (.*)
\1orig-site=%[capture.req.hdr(0)] if { res.hdr(Location) -m sub ? }
http-response replace-value Location (.*)
\1?orig-site=%[capture.req.hdr(0)] if !{ res.hdr(Location) -m sub ? }
server dummy_redirect 127.0.0.1:8001
frontend fe_dummy_redirect
bind 127.0.0.1:8001
http-request redirect prefix http://new-site.com code 301
Note that this configuration needs HAProxy 1.6 (latest snapshot).
Baptiste
Hi Baptiste,
Unfortunately, we are not willing to upgrade to HAproxy 1.6 just yet, so
we are going to use another solution for this redirect (change DNS
records to resolve old hostnames to the new web server).
Thank you for the info anyway, it may be useful for another time.
Sylvain
Re: add header or query parameter when redirecting
On Wed, Jun 3, 2015 at 11:58 AM, Sylvain Faivre
sylvain.fai...@reservit.com wrote:
Hello,
I use the redirect directive to redirect users from old sites to a new site,
eg:
redirect prefix http://new-site.com code 301 if old-site
I would like to redirect requests from many old sites to the same new site,
so I need a way to add info about the old host in the new redirected
request.
I'm looking for a way to add a header to the redirected request to identify
the host, for example :
X-Orig-Site: old-site-123.com
Is this possible ?
I guess I can't add a header to the request with HAproxy, since HAproxy only
sends a new Location header to the browser, and the browser sets the
headers.
So, is there a way to alter the location sent in the redirect, to include «
orig-site=old-site-123.com » ?
I think I'm missing something here.
Should I user « http-request redirect » instead of « redirect prefix » ?
By the way, I tried to use the set-cookie option for this, but it was a bad
idea :
redirect prefix http://new-site.com code 301 set-cookie
ORIG=%[hdr(host)] if old_site
This doesn't work for two reasons :
1. The « %[hdr(host)] » part is send literally in the request :
Set-Cookie: ORIG=%[hdr(host)]; path=/;
2. The request sent to new-site.com doesn't seem to include this cookie
Sylvain
Hi Sylvain,
The only good way to do what you want to achieve, is to use a query
string parameter and http-request and http-response rules coupled to a
few sections...
Basically, haproxy is not able to modify the headers sent by a
redirect rule. So the trick here, is to perform the redirect in a
dummy frontend section used as a server in a dedicated backend and
insert a header in the response, like this:
backend be_redirect
http-request capture req.hdr(host),word(1,:),lower len 32
http-response replace-value Location (.*)
\1orig-site=%[capture.req.hdr(0)] if { res.hdr(Location) -m sub ? }
http-response replace-value Location (.*)
\1?orig-site=%[capture.req.hdr(0)] if !{ res.hdr(Location) -m sub ? }
server dummy_redirect 127.0.0.1:8001
frontend fe_dummy_redirect
bind 127.0.0.1:8001
http-request redirect prefix http://new-site.com code 301
Note that this configuration needs HAProxy 1.6 (latest snapshot).
Baptiste
RE: Dynamic backend selection using maps
I’m not very familiar with the map function, but does hdr_end(host) work in this context? If so, in order to only match *.foo.com and not blahfoo.com, you’d need to include the dot in your map – ‘.foo.com’ instead of ‘foo.com’. From: David Reuss [mailto:shuffle...@gmail.com] Sent: Wednesday, June 03, 2015 05:23 To: haproxy@formilux.org Subject: Dynamic backend selection using maps Hello, I have this use_backend declaration: use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/worker.map,b_nodes_default)] Which seems to work wonderfully, but say i have foo.comhttp://foo.com in my map, it will match foo.com.whatever.comhttp://foo.com.whatever.com, and ideally i'd like to only match if the domain ends with my value (foo.comhttp://foo.com), and also, it should NOT match blahfoo.comhttp://blahfoo.com How would i achieve that? Ditronics, LLC email disclaimer: This communication, including attachments, is intended only for the exclusive use of addressee and may contain proprietary, confidential, or privileged information. Any use, review, duplication, disclosure, dissemination, or distribution is strictly prohibited. If you were not the intended recipient, you have received this communication in error. Please notify sender immediately by return e-mail, delete this communication, and destroy any copies.
Re: DOC: set-log-level in Logging section preamble
On Tue, May 26, 2015 at 09:16:34AM -0600, Jim Freeman wrote: As best I can tell, no mention is made of set-log-level in the Logging [Section 8] of the doc. Something akin to the following in the doc would have saved a good chunk of time/angst in addressing a logging issue I encountered : (...) Applied, thanks. BTW just for your information, your mailer wraps lines, but this patch was small enough so I could fix it. Willy
Re: Dynamic backend selection using maps
On Wed, Jun 3, 2015 at 2:22 PM, David Reuss shuffle...@gmail.com wrote: Hello, I have this use_backend declaration: use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/worker.map,b_nodes_default)] Which seems to work wonderfully, but say i have foo.com in my map, it will match foo.com.whatever.com, and ideally i'd like to only match if the domain ends with my value (foo.com), and also, it should NOT match blahfoo.com How would i achieve that? Hi David, Then store .foo.com as your map key, then use: %[req.hdr(host),lower,map_end(/etc/haproxy/worker.map,b_nodes_default)] Baptiste
RE: A few thoughts on Haproxy and weakdh/logjam
On Thursday, May 28, 2015 2:29 PM, Lukas Tribus wrote: If your refer to long EOL'ed system, then they probably don't support DHE at all. Alas EOL'ed systems doesn't hinder its use - even if it unwise.. Thats not what I'm saying. What I'm saying is that since they are so old they don't even support DHE, therefor the dh group doesn't matter. Ahhh, that makes sense - thanks for clearing that up. How much dos the size of my chosen DH group affect clients and the server when negotiating the connection? *Very* much on the server side. It will kill your CPU. OK, good to know (it was a bit unclear until now). Could I (at least in theory) make a 8192 bit DH group, and not expect any performance problems? Absolutely not, no, not even in theory. Don't do this. HAProxy users have had severe performance regression because of this. OK, thanks for clearing that up. Regards, Jens Dueholm Christensen Survey IT
Limiting concurrent range connections
Hi,
I am trying to write some throttles that would limit concurrent connections
for Range requests + specific urls. For example I want to allow only 2
concurrent range requests downloading a file
/public-api/v1/fs-content-download
I have a working rule:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
tcp-request content track-sc1 base32 if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
Just wanted to see if there is a better way of doing this? Is this efficient
enough.
I need to include the query string as well in my tracker, but I could not
figure that out.
Thanks
Sachin
Dynamic backend selection using maps
Hello, I have this use_backend declaration: use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/worker.map,b_nodes_default)] Which seems to work wonderfully, but say i have foo.com in my map, it will match foo.com.whatever.com, and ideally i'd like to only match if the domain ends with my value (foo.com), and also, it should NOT match blahfoo.com How would i achieve that?
Re: Limiting concurrent range connections
Thanks Baptiste - Will http-request set-header X-track %[url] help me
track URL with query parameters as well?
On 6/3/15 6:36 PM, Baptiste bed...@gmail.com wrote:
On Wed, Jun 3, 2015 at 2:17 PM, Sachin Shetty sshe...@egnyte.com wrote:
Hi,
I am trying to write some throttles that would limit concurrent
connections
for Range requests + specific urls. For example I want to allow only 2
concurrent range requests downloading a file
/public-api/v1/fs-content-download
I have a working rule:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
tcp-request content track-sc1 base32 if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
Just wanted to see if there is a better way of doing this? Is this
efficient
enough.
I need to include the query string as well in my tracker, but I could
not
figure that out.
Thanks
Sachin
Hi Sachin,
I would do it like this:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
tcp-request accept if HTTP
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
http-request set-header X-track %[url]
http-request track-sc1 req.hdr(X-track) if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
There might be some typo, but you get the idea.
Baptiste
haproxy - dynamic backend selection with map
Hello, I have this use_backend declaration: use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/worker.map,b_nodes_default)] Which seems to work wonderfully, but say i have foo.com in my map, it will match foo.com.whatever.com, and ideally i'd like to only match if the domain ends with my value (foo.com), and also, it should NOT match blahfoo.com How would i achieve that?
Re: Limiting concurrent range connections
On Wed, Jun 3, 2015 at 2:17 PM, Sachin Shetty sshe...@egnyte.com wrote:
Hi,
I am trying to write some throttles that would limit concurrent connections
for Range requests + specific urls. For example I want to allow only 2
concurrent range requests downloading a file
/public-api/v1/fs-content-download
I have a working rule:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
tcp-request content track-sc1 base32 if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
Just wanted to see if there is a better way of doing this? Is this efficient
enough.
I need to include the query string as well in my tracker, but I could not
figure that out.
Thanks
Sachin
Hi Sachin,
I would do it like this:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
tcp-request accept if HTTP
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
http-request set-header X-track %[url]
http-request track-sc1 req.hdr(X-track) if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
There might be some typo, but you get the idea.
Baptiste
Re: Choosing servers based on IP address
Hi Andy, Franks Andy (IT Technical Architecture Manager) wrote: Quick question – can anyone think of a way to change a server’s weight based on some criteria, for example source IP address? It would be so useful when dealing with a common service that has two distinct sites, and rules in place that stop access to resources from the“wrong” site, like Exchange (where you can’t access your mailbox from the wrong site-based CAS server). I'm not really sure what you are /actually/ trying to achieve. Generally, the weight of a server is used to determine which percentage of requests should go to that server. However, from your description, it seems you want to completely disallow certain requests/connections based on some criteria. In this case, it would make more sense to use http-request deny (or tcp-request deny) rules using ACLs describing your rules. Using different weights per client (e.g. sending 25% of requests from an IP to one server and 75% to a different server) seems rather strange as you still would have to provide all resources on both servers. In this case, a globally uniform distributions sounds much more appealing, doesn't it? Regards, Holger
RE: Syslog messages get truncated at 1kb (syslog server config is ok)
Hi Lukas (sorry for my quoting , I still have to manage to have this software to behave correctly Hi Lukas, my mtu is set to 1500 and the message looks truncated. I am able to ping the server using that mtu root@lbha01:~# ping -s 1500 syslog -s 1472 -M do is what you would use for this test. Instead, you are sending ICMP requests at 1528 Bytes MTU without DF bit, so it will get fragmented. Anyway, its unlikely that this is the problem. Sorry, I forgot to set the DF flag and to adjust the size, I can confirm, mtu is not a problem root@lbhasolr01:~# ping syslog -s 1472 -M do PING syslog.7pixel.local (10.1.0.150) 1472(1500) bytes of data. 1480 bytes from 10.1.0.150: icmp_req=1 ttl=63 time=0.385 ms this is my dump (tcpdump -X) (the message is truncated and I don't see other packets flowing). Ok, can you confirm that haproxy has been reloaded/restartet after adding the len keyword to your logging configuration? Yes, haproxy has been restarted after the change With the logger utility this line gets splitted into multiple packets I'm not familiar with this utility. Can you elaborate whether this SENDS packets to your syslog-ng or if it recieves logs from haproxy? Logger is part of the util-linux package (ftp://ftp.kernel.org/pub/linux/utils/util-linux/), it sends syslog messages (it's useful for logging in shell scripting), with this utility log packets are splitted in multiple parts (btw the version in debian 7 has a bug that prevents sending to remote syslog servers via udp, I had to compile it from scratch to use it) Iirc, a syslog message must fit into a single packet. I don't know, when I was searching the archives I found this http://marc.info/?l=haproxym=139169691604703w=2 about syslog message size Damiano Regards, Lukas
Re: add header or query parameter when redirecting
Hi Baptiste, Unfortunately, we are not willing to upgrade to HAproxy 1.6 just yet, so we are going to use another solution for this redirect (change DNS records to resolve old hostnames to the new web server). Thank you for the info anyway, it may be useful for another time. Sylvain Well, HAPEE-1.5-r2 will have this feature and will be available soon. It's part of the backports from 1.6. Contact us at http://www.haproxy.com for more information. Cherry on the cake, you'll have access to our support team in the mean time :) Baptiste
Re: Limiting concurrent range connections
Yes, the url sample copies whole URL as sent by the client.
Simply give it a try on a staging server and let us know the status.
Baptiste
On Wed, Jun 3, 2015 at 3:19 PM, Sachin Shetty sshe...@egnyte.com wrote:
Thanks Baptiste - Will http-request set-header X-track %[url] help me
track URL with query parameters as well?
On 6/3/15 6:36 PM, Baptiste bed...@gmail.com wrote:
On Wed, Jun 3, 2015 at 2:17 PM, Sachin Shetty sshe...@egnyte.com wrote:
Hi,
I am trying to write some throttles that would limit concurrent
connections
for Range requests + specific urls. For example I want to allow only 2
concurrent range requests downloading a file
/public-api/v1/fs-content-download
I have a working rule:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
tcp-request content track-sc1 base32 if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
Just wanted to see if there is a better way of doing this? Is this
efficient
enough.
I need to include the query string as well in my tracker, but I could
not
figure that out.
Thanks
Sachin
Hi Sachin,
I would do it like this:
stick-table type string size 1M expire 10m store conn_cur
tcp-request inspect-delay 5s
tcp-request accept if HTTP
acl is_range hdr_sub(Range) bytes=
acl is_path_throttled path_beg /public-api/v1/fs-content-download
http-request set-header X-track %[url]
http-request track-sc1 req.hdr(X-track) if is_range is_path_throttled
http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled
There might be some typo, but you get the idea.
Baptiste
Re: Dynamic backend selection using maps
hi Jim, hdr_end could do the trick if you include the '.' in the matching string. Baptiste On Wed, Jun 3, 2015 at 4:55 PM, Jim Gronowski jgronow...@ditronics.com wrote: I’m not very familiar with the map function, but does hdr_end(host) work in this context? If so, in order to only match *.foo.com and not blahfoo.com, you’d need to include the dot in your map – ‘.foo.com’ instead of ‘foo.com’. From: David Reuss [mailto:shuffle...@gmail.com] Sent: Wednesday, June 03, 2015 05:23 To: haproxy@formilux.org Subject: Dynamic backend selection using maps Hello, I have this use_backend declaration: use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/worker.map,b_nodes_default)] Which seems to work wonderfully, but say i have foo.com in my map, it will match foo.com.whatever.com, and ideally i'd like to only match if the domain ends with my value (foo.com), and also, it should NOT match blahfoo.com How would i achieve that? Ditronics, LLC email disclaimer: This communication, including attachments, is intended only for the exclusive use of addressee and may contain proprietary, confidential, or privileged information. Any use, review, duplication, disclosure, dissemination, or distribution is strictly prohibited. If you were not the intended recipient, you have received this communication in error. Please notify sender immediately by return e-mail, delete this communication, and destroy any copies.
UNSUBSCRIBE
UNSUBSCRIBE
HAProxy responding with NOSRV SC
Hi All,
I have a strange situation where requests to my HAProxy are returning with
a 503 error. HAProxy logs shows that a NOSRV error: for POST requests from
application RSET service.
api-https-in~ api-https-in/NOSRV -1/-1/-1/-1/40 503 1237 - - SC--
15/0/0/0/0 0/0 POST /PATH HTTP/1.1
During this time, the backend server was confirmed up and was receiving
traffic for GET requests from web browser and also POST request from REST
client POSTMAN rest client.
api-https-in~ name1/name 669/0/2/4/675 200 513 - - 2/2/0/1/0 0/0
GET /PATH HTTP/1.1
api-https-in~ name1/name 336/0/1/4/341 415 95 - - 2/2/0/1/0 0/0
POST /PATH HTTP/1.1
Here is my configuration file
frontend http-in
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
maxconn 8096
frontend api-https-in
bind X.X.X.X:443 ssl crt PATH1
reqadd X-Forwarded-Proto:\ https
acl host_soap hdr_end(host) -i example.com
use_backend name1 if host_soap
acl secure dst_port eq 44
backend name1
mode http
option httpchk HEAD /test.jsp HTTP/1.0
appsession JSESSIONID len 32 timeout 1800s
server name X.X.X.X:80
Re:china orign chemicals
Dear Sir/Madam, Have a good day! We, one of the leading manufacturer and exporter engaged in producing and exporting basic chemicals materials for series industrial applications. We have own three factories and collaborated with some domestic large-scaled manufacturers which mainly manufacture and deep-processing the following strong items. And we ensure that we will supply you the superior quality and competitive price. PAC 30% DOP 99.5% STPP 94% SHMP 68% SLES 70% LABSA 96% L-LYSINE 90/70% DL-METHIONINE 99% DCP 17/18% TCCA 90% HEDP 60/90% Formic Acid 85% Glacial Acetic Acid 99.5% Pentaerythritol 98% Iron Oxide red/yellow/black Basic Chrome Sulphate 24-26% Caustic Soda Flakes/Pearls/Solid 99% Titanium Dioxide Rutile/Anatase Zinc Oxide 99%/99.5%/99.7% We sincerely hope to establish a long terms good relationship with your esteemed comany. Your prompt inquiry will be great appreciated, Thanks and best regards. Taurin Lee Export Manager of Dept 4. Sinotec Industrial Group Co., Ltd ADD: NO. 38 DONGFENG RD, ZHENGZHOU CITY, CHINA
