RE: reqadd srcIP for header
Hey guys, Thank you for all your input, I ended up going with the xforwardedfor. --Karl. Karl Kloppenborg Programming Ninja Crucial Paradigm Pty Ltd Suite 1 Level 3 104-106 Commonwealth St Surry Hills NSW 2010 Australia 1300 884 839 – Sales Support (AU Only) https://support.crucialp.com/ Click here for the Support Desk d: 02 8202 9994 f: 02 92818261 m: 0416 236 908 e: k...@crucial.com.au Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud solutions. We are commited to keeping our planet green, please reduce, reuse and recycle your office paper. Description: crucial_2012 From: Chris LeBlanc [mailto:ch...@blendedby.us] Sent: Tuesday, 5 June 2012 5:07 PM To: Baptiste Cc: Karl Kloppenborg; haproxy@formilux.org Subject: Re: reqadd srcIP for header Oh hey guys, I do the same thing and use the stunnel proxy protocol. You just add protocol = proxy to stunnel and use bind :81 accept-proxy for haproxy and it seems to take care of the rest. I do have to add some extra headers using addreq to identify port and protocol but that's just hardcoded in the https frontend (and http frontend for consistency). Hope that helps. I know newer versions of haproxy and stunnel are required so double check that. -- Chris LeBlanc On Tuesday, June 5, 2012 at 2:01 AM, Baptiste wrote: well, not adding a header, but getting connected on the server using the client IP (using a TPROXY patched kernel). cheers On Tue, Jun 5, 2012 at 9:00 AM, Baptiste bed...@gmail.com wrote: Hey, Using stunnel and haproxy, both with the proxy protocol may help when you want to add the X-SRC-IP header for a SSL connection. cheers image001.jpg
RE: reqadd srcIP for header
Hey Chris,
Yep I’ve been doing that for a while to make my SSL termination with magento.
However does no one know how to get that src-ip into there?
Surely people have needed this?
--Karl.
Karl Kloppenborg
Programming Ninja
Crucial Paradigm Pty Ltd
Suite 1 Level 3 104-106 Commonwealth St
Surry Hills NSW 2010
Australia
1300 884 839 – Sales Support (AU Only)
https://support.crucialp.com/ Click here for the Support Desk
d: 02 8202 9994
f: 02 92818261
m: 0416 236 908
e: k...@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud
solutions.
We are commited to keeping our planet green, please reduce, reuse and recycle
your office paper.
Description: crucial_2012
From: Chris LeBlanc [mailto:ch...@blendedby.us]
Sent: Monday, 4 June 2012 5:07 PM
To: Karl Kloppenborg
Cc: haproxy@formilux.org
Subject: Re: reqadd srcIP for header
Karl,
Take a look at...
http://code.google.com/p/haproxy-docs/wiki/forwardfor
You can also use reqadd which I've done to add ports and protocols like so
(thought I'm not sure how you'd get the client ip)…
reqadd X-Forwarded-Protocol:\ http
reqadd X-Forwarded-Port:\ 80
--
Chris LeBlanc
ch...@blendedby.us
On Monday, June 4, 2012 at 1:57 AM, Karl Kloppenborg wrote:
Hey guys,
I’m running latest stable of haproxy and want to basically insert a header
“X-Forward-For: {client ip}” into the header of a transaction, this is so the
web application being balanced knows the originating IP address.
Is this possible? I couldn’t figure it out.
--Karl.
Karl Kloppenborg
Programming Ninja
Crucial Paradigm Pty Ltd
Suite 1 Level 3 104-106 Commonwealth St
Surry Hills NSW 2010
Australia
1300 884 839 – Sales Support (AU Only)
https://support.crucialp.com/ Click here for the Support Desk
d: 02 8202 9994
f: 02 92818261
m: 0416 236 908
e: k...@crucial.com.au
Crucial Paradigm is a leading Web Hosting provider that specialises in Cloud
solutions.
We are commited to keeping our planet green, please reduce, reuse and recycle
your office paper.
Description: crucial_2012
image002.jpgimage003.jpg
RE: Increasing amount of spam on the mailing list
That's fair enough, I am more talking about the viruses... I don't particularly mind the advert spam as such, ignore and cover your ears.. Karl Kloppenborg Head of Development Phone: 1300 884 839 (AU Only - Business Hours) Website: AU http://www.crucial.com.au | US http://www.crucialp.com -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Tuesday, 26 July 2011 4:13 PM To: carlo flores Cc: Karl Kloppenborg; Allan Wind; haproxy@formilux.org Subject: Re: Increasing amount of spam on the mailing list On Mon, Jul 25, 2011 at 10:59:15PM -0700, carlo flores wrote: I love the suggestion and offer to administrate the mail list (and I too volunteer), but, ultimately: whatever. SPAM is part of most any list and the more time the guys spend on one of the best pieces of software in the world, the better. I happily skip these messages in hopes Willy Cyril and the guys never care about wasting their time with mailman and postgix plugins or whatever this list uses. Exactly, when I open the list, I press D twice to remove the avg two spams and/or bounce messages and don't even remember what they were. Spam should be ignored, not fought. Thanks, Willy
Increasing amount of spam on the mailing list
Hi All Willy, I am seeing an increasing amount of spam / viral infection data coming across the mailing list. Surely, like surely you don't need an entirely open mailinglist, it's so easy to implement a verification of identity confirmation these days? I am even happy to help in setting this up if you are too busy. J Thanks, Karl. Karl Kloppenborg Head of Development Phone: 1300 884 839 (AU Only - Business Hours) Website: AU http://www.crucial.com.au/ http://www.crucial.com.au | US http://www.crucialp.com http://www.crucialp.com Description: Description: Description: crucial-logo-small image001.gif
RE: Increasing amount of spam on the mailing list
Whilst I agree that you can filter, it's not exactly responsible that the mailinglist have this many viral infections running across it... Karl Kloppenborg Head of Development Phone: 1300 884 839 (AU Only - Business Hours) Website: AU http://www.crucial.com.au | US http://www.crucialp.com -Original Message- From: Allan Wind [mailto:allan_w...@lifeintegrity.com] Sent: Tuesday, 26 July 2011 10:34 AM To: haproxy@formilux.org Subject: Re: Increasing amount of spam on the mailing list On 2011-07-26 09:25:42, Karl Kloppenborg wrote: Surely, like surely you don't need an entirely open mailinglist, it's so easy to implement a verification of identity confirmation these days? I filter spam so the main problem I see is bounce messages which are sent to the list for some strange reason. Noted this a few months back. /Allan -- Allan Wind Life Integrity, LLC http://lifeintegrity.com
Re: haproxy installation
Hi, Okay, that is basically caused when you have the socket still binded after shutdown... What user are you running haproxy under? also, can you give us an idea of your cluster setup? operating system etc? You cannot bind to an already binded socket, so it will collapse when this error occurs. --Karl On 05/01/2011, at 11:22, Gorakhnath Mishra wrote: Hi, Actually I was getting below error: Shutting down HAproxy: [FAILED] Starting HAproxy: [ALERT] 004/053031 (7134) : Starting proxy webfarm: cannot bind socket [FAILED] [r...@gnm network-scripts]# Trying to resolve but I will be thankful to u if u give me tips on this. Thanks. On 05-01-2011 05:46, Karl Kloppenborg wrote: Hi Gorakhnath, Have you even read the documentation? It is very clear and precise about the prerequisites ... Also as for a howto? why not just search google, or even howtoforge.com? Thanks, Karl. Karl Kloppenborg Head of Development Phone: 1300 884 839 (AU Only - Business Hours) Website: AU http://www.crucial.com.au| US http://www.crucialp.com Mail Attachment.gif On 05/01/2011, at 11:11, Gorakhnath Mishra wrote: Hi, Can sombody give me notes/howto on haproxy and what are the prerequisite etc. Thanks Gorakhnath Mishra -- CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system. * End of Disclaimer *** -- CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system. * End of Disclaimer ***
Re: haproxy installation
Gorakhnath,That won't help you, you need to know your config file and know which port haproxy is supposed to be connecting on,Also, do the following please:ps aux | grep httpdps aux | grep haproxyand please output each of them to this list, as well please provide your config and what operating system your using...Thanks. Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com On 05/01/2011, at 11:35, Gorakhnath Mishra wrote: Hi, Thanks for quick response and help. [r...@gnm network-scripts]# netstat -ano |grep :80 [r...@gnm network-scripts]# /etc/init.d/haproxy restart Shutting down HAproxy: [FAILED] Starting HAproxy: [ALERT] 004/060455 (8011) : Starting proxy webfarm: cannot bind socket [FAILED] Thanks On 05-01-2011 06:00, carlo flores wrote: Same line of thought: perhaps there's a process already running listening on your target port. I'd suggest you do a netstat or lsof to see if Karl is right and it is an old HAProxy. (Just as likely to be another process.) For example, if HAProxy is to listen on port 80... # netstat -ano |grep :80 On Tue, Jan 4, 2011 at 4:26 PM, Karl Kloppenborg k...@crucialp.com wrote: Hi, Okay, that is basically caused when you have the socket still binded after shutdown... What user are you running haproxy under? also, can you give us an idea of your cluster setup? operating system etc? You cannot bind to an already binded socket, so it will collapse when this error occurs. --Karl On 05/01/2011, at 11:22, Gorakhnath Mishra wrote: Hi, Actually I was getting below error: Shutting down HAproxy: [FAILED] Starting HAproxy: [ALERT] 004/053031 (7134) : Starting proxy webfarm: cannot bind socket [FAILED] [r...@gnm network-scripts]# Trying to resolve but I will be thankful to u if u give me tips on this. Thanks. On 05-01-2011 05:46, Karl Kloppenborg wrote: Hi Gorakhnath, Have you even read the documentation? It is very clear and precise about the prerequisites ... Also as for a howto? why not just search google, or even howtoforge.com? Thanks, Karl. Karl Kloppenborg Head of Development Phone:1300 884 839(AU Only - Business Hours) Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com Mail Attachment.gif On 05/01/2011, at 11:11, Gorakhnath Mishra wrote: Hi, Can sombody give me notes/howto on haproxy
Re: haproxy installation
Cool, helping you shouldn't be too hard then, just output your config plus each of the PS aux commands I asked ;) Karl Kloppenborg Head of Development On 05/01/2011, at 11:37, Gorakhnath Mishra wrote: Hi, I am using CentOS 5.5. And using haproxy-1.3.20 Doing all these R D on desktop machine and not on server. Thanks On 05-01-2011 05:56, Karl Kloppenborg wrote: Hi, Okay, that is basically caused when you have the socket still binded after shutdown... What user are you running haproxy under? also, can you give us an idea of your cluster setup? operating system etc? You cannot bind to an already binded socket, so it will collapse when this error occurs. --Karl On 05/01/2011, at 11:22, Gorakhnath Mishra wrote: Hi, Actually I was getting below error: Shutting down HAproxy: [FAILED] Starting HAproxy: [ALERT] 004/053031 (7134) : Starting proxy webfarm: cannot bind socket [FAILED] [r...@gnm network-scripts]# Trying to resolve but I will be thankful to u if u give me tips on this. Thanks. On 05-01-2011 05:46, Karl Kloppenborg wrote: Hi Gorakhnath, Have you even read the documentation? It is very clear and precise about the prerequisites ... Also as for a howto? why not just search google, or even howtoforge.com? Thanks, Karl. Karl Kloppenborg Head of Development Phone: 1300 884 839 (AU Only - Business Hours) Website: AU http://www.crucial.com.au| US http://www.crucialp.com Mail Attachment.gif On 05/01/2011, at 11:11, Gorakhnath Mishra wrote: Hi, Can sombody give me notes/howto on haproxy and what are the prerequisite etc. Thanks Gorakhnath Mishra -- CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system. * End of Disclaimer *** -- CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system. * End of Disclaimer *** -- CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Netmagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Netmagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Netmagic Solutions Pvt. Ltd.'s e-mail system. * End of Disclaimer ***
Virus warnings originating from the list
Hey guys,Our mailserver keeps popping its head up and crying about someone on the list with a virus infection:--VIRUS ALERTOur content checker foundviruses: Suspect.DoubleExtension-zippwd-9, Worm.Mydoom.Min an email to you from probably faked sender:?...@[88.191.124.161]claiming to be: haproxy+bounces-6752-karl=crucialp@formilux.orgContent type: VirusOur internal reference code for your message is 15320-02/7TgmtDhTpGW9First upstream SMTP client IP address: [88.191.124.161]flx02.formilux.orgAccording to a 'Received:' trace, the message apparently originated at:[88.191.124.161],flx02.formilux.orgflx02.formilux.org[127.0.0.1]Return-Path: haproxy+bounces-6752-karl=crucialp@formilux.orgFrom: "Post Office" nore...@formilux.orgMessage-ID: 20101230062044.8c0b56...@mail.formilux.orgX-Mailer: Microsoft Outlook Express 6.00.2600.Subject: Returned mail: Data format errorThe message has been quarantined as: virus-7TgmtDhTpGW9Please contact your system administrator for details.-Can people please check their systems to ensure they have not been infected, because this is a rather annoying message that I am constantly getting :)Then again, if I am reading it wrong.. be nice to me willy :P Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com
Re: *** PROBABLY SPAM *** Increasing amout of spam on the list...
Willy,I don't mean to sound like a winy little guy, but this still wouldn't resolve the other problem which is the leaking spam into the mailing list.Sure, this will fix other hosts marking all list spam at **SPAM**, however any professionally setup mail server would determine using more attributes whether or not the email was infact spam.So what will we be doing about the spam leaking on the list?. Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com On 08/12/2010, at 7:36, Willy Tarreau wrote:On Mon, Dec 06, 2010 at 02:56:21PM +0100, Florian Iragne wrote:Le 06/12/2010 10:50, Timh B a écrit :Hi,Is it just me or is the list getting spammed more and more since the move?I don't receive more spam from the list since the move than before. However, since the move, every message from the list is tagged by my email provider as "Probably spam".We just got a report that the reverse for the new machine does notresolve :$ host 88.191.124.161161.124.191.88.in-addr.arpa domain name pointer 88-191-124-161.rev.dedibox.fr.$ host 88-191-124-161.rev.dedibox.fr.Host 88-191-124-161.rev.dedibox.fr. not found: 3(NXDOMAIN)We're now checking how to get this fixed in the dedibox console, and itshould solve the problem.Regards,Willy
Re: Increasing amout of spam on the list...
I must say, I too am receiving spam through the list.We host a lot of mailing lists at the company I work for, I am sure if you wanted we could host it for free and filter it correctly? Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com On 06/12/2010, at 20:50, Timh B wrote:Hi,Is it just me or is the list getting spammed more and more since the move?I'm reluctant to filter the list messages to hard since one never knowfrom where people send interesting questions or answers, but this isstarting to get annoying.Willy, are you running any spam-filtering on the list-servers?-- //Timh
Resp errors on the frontend
Hi HaProxy Buffs!We have setup stunnel + haproxy and it seems to be working really well!However, we are receiving a few resp errors in the stats reports for both HTTP and HTTPs clusters, could someone shed some light on what resp errors are exactly?Or further to that, how can I debug or verbose exactly what might be causing them?Cheers,Karl. Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com
HAProxy with SSL
Hi HAProxy Users,I have a bit of an issue and I don't know whether this is a good place to start...I have been trying to implement HaProxy alongside Heartbeat for the last couple of weeks...Combining it with Heartbeat was no issue however HAProxy's actual configuration was the issue.The load balancing setup is:LB Algorithm: source basedLoad balancing:1) port 443(sslHTTPs / tcp based)2) port 80(HTTP / http based)The website enters and exits https all throughout it and the load balancer is using source load balancing to ensure it does not leave the app server with its current site session on it.95% of users are working perfectly and it seems like the setup is working fine, however 5% of clients seem to be returning a blank white page upon trying to enter SSL...Has anyone else seen this? I am at whits end! :)My configuration is as follows:--CONFIG FILE---defaults log global mode http option httplog option dontlognull retries 3 redispatch maxconn 2000 contimeout 5000 clitimeout 5 srvtimeout 5 stats auth :XX # admin password stats uri /monitorlisten webfarmhttps bind :443 mode tcp balance source server webA X.X.X.X server webB X.X.X.X server webC X.X.X.Xlisten monitor :8443 mode http balance source option httpclose option forwardfor server webA X.X.X.X server webB X.X.X.Xlisten webfarmhttp :80 mode http balance source option forwardfor option httpchk /check.cfm server webA X.X.X.X server webB X.X.X.X server webC X.X.X.X--Your thoughts please, Karl KloppenborgHead of DevelopmentPhone:1300 884 839(AU Only - Business Hours)Website:AUhttp://www.crucial.com.au| UShttp://www.crucialp.com
