Re: Can HAProxy Reverse Proxy SSL to Backend?
Nope. I was wrong. This is right. Forget my last Michael Glenney Sent from my iPhone On Jul 1, 2013, at 4:14 PM, David Coulson wrote: > > On 7/1/13 7:10 PM, Qingshan Xie wrote: >> Willy, >> To explain my last question "3. Can HAProxy set a default frontend >> service?" I list a possible configuration below, >> >> frontend PUBLIC >> bind :80 >> acl rec_w7 path_beg /A >> acl rec_w7 path_beg /B >> acl rec_w7 path_beg /B >> .. >>use_backend W7-Backend if rec_w7 >> >> #Default >> # >> acl rec_w6 path_beg /* >> use_backend W6-Backend if rec_w6 >> >> What I want HAProxy does is, if the request does not match any patterns >> in /A, /B, /C, .. can the traffic be sent to the default, W6-Backend? >> Is it doable? > https://code.google.com/p/haproxy-docs/wiki/default_backend
Re: Can HAProxy Reverse Proxy SSL to Backend?
Just put use_backend W6-Backend Without an "if" statement as the last use_backend statement in the PUBLIC front end. If none of the others are matched this will be used. Michael Glenney Sent from my iPhone On Jul 1, 2013, at 4:10 PM, Qingshan Xie wrote: > Willy, > To explain my last question "3. Can HAProxy set a default frontend > service?" I list a possible configuration below, > > frontend PUBLIC > bind :80 > acl rec_w7 path_beg /A > acl rec_w7 path_beg /B > acl rec_w7 path_beg /B > .. >use_backend W7-Backend if rec_w7 > > #Default > # > acl rec_w6 path_beg /* > use_backend W6-Backend if rec_w6 > > What I want HAProxy does is, if the request does not match any patterns > in /A, /B, /C, .. can the traffic be sent to the default, W6-Backend? > Is it doable? > > Thanks, Q.Xie > From: Willy Tarreau > To: Qingshan Xie > Cc: Lukas Tribus ; "haproxy@formilux.org" > ; Nenad Merdanovic > Sent: Monday, July 1, 2013 3:26 PM > Subject: Re: Can HAProxy Reverse Proxy SSL to Backend? > > Hi, > > On Mon, Jul 01, 2013 at 03:06:36PM -0700, Qingshan Xie wrote: > > Hello Willy and Lukas, > > > > > > I have 3 questions regarding HAProxy listed below, Please help. > > > > 1. Can HAProxy handle 1000 ACL lines in one frontend service? what it's > > limit? > > There is no limit. ACLs by themselves do not hurt, they just consume > a little bit of memory. Using them is what you should care about. That > said, the worst config I have ever seen had 45 ACLs and as many > "use_backend" rules. It was not very fast as you can imagine :-) > > > 2. For 1 process of HAProxy, how many concurrent connections it can handle? > > That can be configured in the global section for the process and > in each frontend section or in the default section for the services > themselves, please check the doc for this. > > > Can HAProxy configure Threads? > > no. > > > 3. Can HAProxy set a default frontend service? > > I don't understand what you mean here. > > Regards, > Willy > > >
Capture cookie and set as header
Sorry if this is a repeat. I sent last week but never saw it come into my inbox (Will I see my own messages come in on the list?) so I'm not sure it made it to the list. I need to capture a cookie value in a request and then append it as a http header value. I've been searching for examples for doing this with haproxy but have come up short. Is it possible? For example. If I have: Cookie: name1=999; name2=8 I want to capture the value of 'name1' and set it as 'x-header-value' which I know I could add with something like this: reqadd x-header-value:\ name1value Any examples or tips would be greatly appreciated. MG
Capture cookie as set as header
I've been asked if I can use haproxy to capture a cookie value and set it as a header value. I know how to set headers and I see docs on capturing cookies to the log but that's as far as I get. Is this possible? If so any examples? MG
Re: HAProxy and MySQL failover
How about handling it on the backend. Setup your health checks on a different port and forward that port with iptables to the actual health check. When you fail over to the slave have some automation that detects that and shuts down iptables on the master. When your ready to receive traffic again startup iptables on the master so the health checks pass again Michael Glenney Sent from my iPhone On May 15, 2013, at 10:19 PM, Jayadevan M wrote: > Hi, > We are using HAProxy to check for MySQL availability and failing over to a > slave. Is it possible to stop HAProxy going back to the master once it is up? > We want that to happen after manual intervention. > Regards, > Jayadevan > > > DISCLAIMER: "The information in this e-mail and any attachment is intended > only for the person to whom it is addressed and may contain confidential > and/or privileged material. If you have received this e-mail in error, > kindly contact the sender and destroy all copies of the original > communication. IBS makes no warranty, express or implied, nor guarantees the > accuracy, adequacy or completeness of the information contained in this email > or any attachment and is not liable for any errors, defects, omissions, > viruses or for resultant loss or damage, if any, direct or indirect."
Re: haproxy gone from epel
Ignore my last. Looks like it was merged into rhel repo. Rule #1 of Automation: Manage your dependencies ;) Shame on me On Mon, Feb 25, 2013 at 9:57 PM, Michael Glenney wrote: > Don't know how much control you guys have over this but it looks like > haproxy has been removed from the EPEL repositories. Anyone have any > information about this? Curious as to why. > > Last week haproxy-1.4.22-1.el6 was available. can't find anything now. > > MG >
haproxy gone from epel
Don't know how much control you guys have over this but it looks like haproxy has been removed from the EPEL repositories. Anyone have any information about this? Curious as to why. Last week haproxy-1.4.22-1.el6 was available. can't find anything now. MG
Re: Backend Configuration Templating
We do something similar with chef where we've turned each backend config
associated with an application into json and can dynamically build configs
based on an application list. Completely avoiding using a template.
That being said would love to see haproxy support includes.
Michael Glenney
Sent from my iPhone
On Feb 5, 2013, at 2:59 PM, Robin Lee Powell wrote:
> This is what we do, using puppet's erb templating system:
>
><% haproxy_https_servers.keys.each do |server| %>
> <% haproxy_https_servers[server].each do |subserver| %>
><% extra_conditions=''
>if subserver.has_key?('extra_conditions')
> extra_conditions=subserver['extra_conditions']
>end %>
># content switching based on cookie, having had them set in
> previous sessions
>use_backend <%= server %>-https-<%= subserver['name'] %> if {
> hdr_sub(cookie) SITE=<%= server %> } <%= extra_conditions %>
># content switching based on SNI
>use_backend <%= server %>-https-<%= subserver['name'] %> if {
> ssl_fc_sni -i <%= server %> } <%= extra_conditions %>
> <% end %>
><% end %>
>
> -Robin
>
> On Tue, Feb 05, 2013 at 02:53:13PM -0700, William Attwood wrote:
>> I would imagine you would dynamically create the haproxy configuration
>> based on the sources you're using to fill your variables. I'll be doing
>> something similar, soon, where the configuration is dynamically built based
>> on entries in a database.
>>
>>
>> Thank you,
>> William Attwood
>> System Engineer, Co-Founder
>> Open Box I.T. Solutions, LLC
>> c. 801-634-6479
>>
>>
>> On Tue, Feb 5, 2013 at 2:50 PM, Joel Krauska wrote:
>>
>>> I know there's been some pushback about adding 'include' support in to
>>> haproxy config files.
>>>
>>> One of the main reasons I would like that feature is to allow for more
>>> dynamic configs.
>>>
>>> I've come to wonder if some templating/loops couldn't be built in to the
>>> haproxy config parser itself.
>>>
>>> eg.
>>>
>>> backend foo
>>># List of servers
>>>%
>>> for (var i=1;i<8;i++)
>>> {server app-$i app-$1:8080 maxconn 255 weight 10}
>>>%
>>>
>>> Any other interest in seeing this?
>>>
>>> I imagine there are standardized approaches for doing this sort of thing.
>>>
>>> --Joel
>
