consistent hash-mapping on header?
Hi Is it possible to do consistent hashing on information other than the IP address i.e. X-Forwarded-For header? I'm using Haproxy 1.5.17. Thank you Paul
Re: redirect POST to GET?
Hi This redirect seems to work but now due to scope creep I need to pass a signed request parameter submitted as POST data in the initial request to the GET method as an argument. Any advice? https://developers.facebook.com/docs/facebook-login/using-login-with-games Regards Paul On Tue, Oct 21, 2014 at 11:43 PM, Willy Tarreau w...@1wt.eu wrote: Hi Paul, On Tue, Oct 21, 2014 at 03:23:55PM -0700, Paul McIntire wrote: Hi We have a very specific use case where we want to redirect a POST to /facebook-canvas to a GET request for /index.html Is this even possible? How can I do it? Yes, you need to redirect using code 303, which the browser will understand as fetch this URI using the GET method. For example : redirect location /index.html code 303 if METH_POST { path /facebook-canvas } Regards, Willy
redirect POST to GET?
Hi We have a very specific use case where we want to redirect a POST to /facebook-canvas to a GET request for /index.html Is this even possible? How can I do it? Thank you Paul
hash mapping on x-forwarded-for header?
Hi We have a backend cluster of 18 api servers which normally get hit from an haproxy instance on the public subnet. We like to use hash-type consistent to load balance and pin clients to specific servers in order to take advantage of local cache on the api servers. We recently deployed a few frontend nginx servers on a new project which are load balanced in this manner as well. However, when these servers hit the api cluster internally via haproxy they get pinned to only 3 backend api servers and cause them to melt. Is it possible to use hash-type consistent on the x-forwarded-for information from the request hitting the frontend nginx servers? Thank you Paul
SSL termination with nbproc 1
Hi I have haproxy 1.5-dev22 working with SSL termination and it seems to be using quite a bit of CPU under a not very high load of SSL connections. ios_sproxy_fe session rate max 50 sessions max 805 this lb also balances unencrypted traffic ios_proxy_fe session rate max 720 sessions max 12.8K Before I enabled SSL termination haproxy used very little CPU to balance the unencrypted traffic and pass the SSL traffic to the backends via tcp. When I add nbproc 2 it splits the load evenly between 2 cores as expected but that creates difficulties in management via the management socket and stats interface. I found this thread http://comments.gmane.org/gmane.comp.web.haproxy/9328 which discusses offloading the SSL to 2 processes and passing the unencrypted traffic to other port listeners via send-proxy. Is this still the recommended way to balance multiple cores with SSL and nbproc? My config global stats socket /var/run/haproxy.stat level admin pidfile /var/run/haproxy.pid log /dev/log local0 notice maxconn 71000 daemon nbproc 2 user haproxy group haproxy defaults log global log /dev/log local0 notice mode http retries 2 option redispatch maxconn 68400 contimeout 5000 clitimeout 6 srvtimeout 6 timeout queue 3 frontend ios_proxy_fe bind 10.11.50.15:80 mode http maxconn 72000 acl bad_guys_ip src -f /etc/haproxy/block_ip.txt acl bad_guys_ip hdr_ip(X-Forwarded-For) -f /etc/haproxy/xfwd_block_ip.txt block if bad_guys_ip acl prodapi_proxy path_beg /api acl no_manager path_beg /manager block if no_manager option http-server-close option forwardfor use_backend prodapi_proxy_be if prodapi_proxy default_backend ios_proxy_be frontend ios_sproxy_fe bind 10.11.50.15:443 ssl crt /etc/haproxy/certs/haproxy.pem mode http maxconn 72000 acl bad_guys_ip src -f /etc/haproxy/block_ip.txt acl bad_guys_ip hdr_ip(X-Forwarded-For) -f /etc/haproxy/xfwd_block_ip.txt block if bad_guys_ip option http-server-close option forwardfor # add X-Proto: SSL to requests coming via port 443 acl is-ssl dst_port 443 acl prod_api path_beg /api reqadd X-Proto:\ SSL if is-ssl default_backend ios_proxy_be