Re: dynamic rtmp push is posible?
Wow, i would never through of using DNS for this. that's actually a really simple and effective idea. Many thanks for your help ! 2016-12-30 15:16 GMT-03:00 Jerry Scharf <je...@soundhound.com>: > David, > > (shameless plug) It's not built yet, but this is a great use case for the > DNS SRV record based backend. You would just update the RRset for the > _service._tcp.dnsname (dynamic DNS or edit file and reload) and the new > connections would see a different set of servers in the backend. I would > imagine there will be a knob to control how often the DNS is scanned and > possibly a signal to tell it to scan now. > > jerry > > On 12/30/16 9:25 AM, david rene comba lareu wrote: >> >> Hello everyone, first of all, happy new year to all :) >> >> Has been like 2 years last time i wrote to the mailing list, as i >> haven't doing too many haproxy stuff. >> but recently, i have a project where i need to do some redirecting of >> data streams, so haproxy was my first option. >> >> So, i have a video stream that goes to a nginx rtmp server. i need to >> push this stream up to 4 channels (destinations) dynamically. And by >> that, i mean, that could be times when the stream is only forwarded to >> one channel, or none, or 3, or 4. The thing is, i can't cut the >> streams connections that are already playing when i add a new push >> forwarding. That's the reason i can't use nginx directly. >> >> I was wondering if haproxy can actually do this. i can remove the >> nginx server from the architecture, if haproxy support the ffmpeg >> stream directly. >> >> Any ideas? tips? recommendation? everything is welcome ! >> >> Thanks ! >> > > -- > Soundhound Devops > "What could possibly go wrong?" > >
dynamic rtmp push is posible?
Hello everyone, first of all, happy new year to all :) Has been like 2 years last time i wrote to the mailing list, as i haven't doing too many haproxy stuff. but recently, i have a project where i need to do some redirecting of data streams, so haproxy was my first option. So, i have a video stream that goes to a nginx rtmp server. i need to push this stream up to 4 channels (destinations) dynamically. And by that, i mean, that could be times when the stream is only forwarded to one channel, or none, or 3, or 4. The thing is, i can't cut the streams connections that are already playing when i add a new push forwarding. That's the reason i can't use nginx directly. I was wondering if haproxy can actually do this. i can remove the nginx server from the architecture, if haproxy support the ffmpeg stream directly. Any ideas? tips? recommendation? everything is welcome ! Thanks !
Re: Can't find an old example of haproxy failover setup with 2 locations
this maybe can help you: http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/ 2014-12-08 12:10 GMT-03:00 Aleksandr Vinokurov aleksandr@gmail.com: I've seen it 2 years ago. If I remember it right, Willy Tarreau was the author and it had ASCII graphics for network schema. It depicts step by step the configuration from one location and one server to 2 locations and 4 (or only 2) Haproxy servers. Will be **very** glad if smb. can share a link to it. Aleksandr Vinokurov +7 (921) 982-21-43 @aleksandrvin
Re: Spam to this list?
I totally agree with this. Please, set up some anti-spam measure to the list. 2014-09-05 10:15 GMT-03:00 Colin Ingarfield co...@ingarfield.com: On 09/05/2014 08:07 AM, Steven Haigh wrote: Sorry, this is a stupid suggestion. 1) The spam still makes it onto the list archives - See: http://marc.info/?l=haproxyr=1b=201409w=2 2) It dilutes the mailing list content by creating a massive drop in signal to noise (24+ spam messages in the past day?!?) 3) It causes the reputation as a mail sender of the haproxy mailing lists to be greatly reduced - meaning eventually hosts will reject mail from the list - legit or not. 4) This is a problem that has been 'solved' on other mailing lists for at least a decade. 5) It gives the impression to people wanting to use haproxy that the admin team don't know what they're doing. I've gotten more spam from this single list in the last 24 hours than I have from the total of ALL my other mailing lists in the past few months. If you aren't going to do proper spam filtering, AT LEAST do moderation of non-member posts. This single action will just about cure the spam problem. Its starting to become a joke. I agree w/ every point here. I do run my own spam filter (spamassassin) and it works very well. But it mostly trusts email that has a valid DKIM signature. Since the spam from list does have valid DKIM sigs it makes it through my filter easily. To fix this I'd have to make special spam rules just for this list to ignore DKIM signatures. That of course defeats the purpose of them in the first place. Please either filter the spam or require some kind of registration before posting to the list. Thank you, Colin Ingarfield
can't get CA certificate installed correctly
Hi, for some reason, i can't install the CA certificate correctly in haproxy my config is like this: bind *:443 ssl crt /home/scripts/CA/www.domain.com.pem ca-file /home/scripts/CA/rapidsslCA.crt i already tried with the primary intermediate CA and the bundled PEM version found at here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=contentid=AR1548actp=LISTviewlocale=en_US but i still get the error: The intermediate CA certificate cannot be found for the following certificate chain. any hint of how can be fixed or where i should look at? i'm using: HA-Proxy version 1.5-dev21-6b07bf7 +2013/12/17 Thanks in advance !
Re: read ACL to block ip's from file to prevent DDoS?
Hi, awesome ! thanks for the help, i'm gonna try it asap :D Regards. 2014/1/15 Thierry FOURNIER tfourn...@exceliance.fr: Hi, Now you can use map for your needs. The maps can be manipulated via the stats socket. The identifier of the map is the file name: acl abuser src,map_ip_int(abusers.lst,0) -m int eq 1 http-request tarpit if abuser The file abusers.lst is empty file, or contain the known blocked IP. During the run of haproxy, you can block one ip addres with this command: echo add map abusers.lst 10.0.3.7 1 | socat - unix:/tmp/haproxy You can release the ip with this command: echo del map abusers.lst 10.0.3.7 | socat - unix:/tmp/haproxy For information, I'm actually working on dynamic ACL. Thierry On Sat, 11 Jan 2014 21:45:45 -0200 david rene comba lareu shadow.of.sou...@gmail.com wrote: Hi, i'm trying to automatize a DDoS protection into our current server structure, there is any way to load the ACL to block ip's through a file so i could update it via code? need to restart/reload haproxy each time i add an ip? i'm open to any suggestions if anyone has any better method for this. Regards.
read ACL to block ip's from file to prevent DDoS?
Hi, i'm trying to automatize a DDoS protection into our current server structure, there is any way to load the ACL to block ip's through a file so i could update it via code? need to restart/reload haproxy each time i add an ip? i'm open to any suggestions if anyone has any better method for this. Regards.
Thanks for so awesome work !
Hi, i know that most of the emails are to ask something, i just want to say thanks for making so awesome load balancer. is far the most easiest i tried and the new SSL support let me today to build and simplify a lot my app structure. Again, just thanks for all the effort :) Regards.
Re: haproxy in the sky
Hi, very cool ! thanks for sharing it :) Regards, Shadow. 2013/4/1 Willy Tarreau w...@1wt.eu For those interested, here's a little experiment I did over the week-end : http://haproxy.1wt.eu/hap-in-the-sky.html Not too hard to reproduce, have fun! Willy
Re: problem with sort of caching of use_backend with socket.io and apache
Hi, many thanks, your link was exactly what i needed ! :D Regards, Shadow. 2012/11/29 Baptiste bed...@gmail.com: Hi David, For more information about HAProxy and websockets, please have a look at: http://blog.exceliance.fr/2012/11/07/websockets-load-balancing-with-haproxy/ It may give you some hints and point you to the right direction. cheers On Wed, Nov 28, 2012 at 6:34 PM, david rene comba lareu shadow.of.sou...@gmail.com wrote: Thanks willy, i solved it as soon you answer me but i'm still dealing to the configuration to make it work as i need: my last question was this: http://serverfault.com/questions/451690/haproxy-is-caching-the-forwarding and i got it working, but for some reason, after the authentication is made and the some commands are sent, the connection is dropped and a new connection is made as you can see here: info - handshake authorized 2ZqGgU2L5RNksXQRWuhi debug - setting request GET /socket.io/1/websocket/2ZqGgU2L5RNksXQRWuhi debug - set heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi debug - client authorized for debug - websocket writing 1:: debug - websocket received data packet 5:3+::{name:ferret,args:[tobi]} debug - sending data ack packet debug - websocket writing 6:::3+[woot] info - transport end (socket end) debug - set close timeout for client 2ZqGgU2L5RNksXQRWuhi debug - cleared close timeout for client 2ZqGgU2L5RNksXQRWuhi debug - cleared heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi debug - discarding transport debug - client authorized info - handshake authorized WkHV-B80ejP6MHQTWuhj debug - setting request GET /socket.io/1/websocket/WkHV-B80ejP6MHQTWuhj debug - set heartbeat interval for client WkHV-B80ejP6MHQTWuhj debug - client authorized for debug - websocket writing 1:: debug - websocket received data packet 5:4+::{name:ferret,args:[tobi]} debug - sending data ack packet debug - websocket writing 6:::4+[woot] info - transport end (socket end) i tried several configurations, something like this: http://stackoverflow.com/questions/4360221/haproxy-websocket-disconnection/ and also declaring 2 backends, and using ACL to forward to a backend that has the option http-pretend-keepalive when the request is a websocket request and to a backend that has http-server-close when the request is only for socket.io static files or is any other type of request that is not websocket. i would clarify that http-server-close is only on the nginx backend and in the static files backend, http-pretend-keepalive is on frontend all and in the websocket backend. anyone could point me to the right direction? i tried several combinations and none worked so far :( thanks in advance for your time and patience :) 2012/11/24 Willy Tarreau w...@1wt.eu: Hi David, On Sat, Nov 24, 2012 at 09:26:56AM -0300, david rene comba lareu wrote: Hi everyone, i'm little disappointed with a problem i'm having trying to configure HAproxy in the way i need, so i need a little of help of you guys, that knows a lot more than me about this, as i reviewed all the documentation and tried several things but nothing worked :(. basically, my structure is: HAproxy as frontend, in 80 port - forwards by default to webserver (in this case is apache, in other machines could be nginx) - depending the domain and the request, forwards to an Node.js app so i have something like this: global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global modehttp maxconn 2000 contimeout 5000 clitimeout 5 srvtimeout 5 frontend all 0.0.0.0:80 timeout client 5000 default_backend www_backend acl is_soio url_dom(host) -i socket.io #if the request contains socket.io acl is_chat hdr_dom(host) -i chaturl #if the request comes from chaturl.com use_backend chat_backend if is_chat is_soio backend www_backend balance roundrobin option forwardfor # This sets X-Forwarded-For timeout server 5000 timeout connect 4000 server server1 localhost:6060 weight 1 maxconn 1024 check #forwards to apache2 backend chat_backend balance roundrobin option forwardfor # This sets X-Forwarded-For timeout queue 5 timeout server 5 timeout connect 5 server server1 localhost:5558 weight 1 maxconn 1024 check #forward to node.js app my application uses socket.io, so anything that match the domain and has socket.io in the request, should forward to the chat_backend. The problem is that if i load directly from the browser, let say, the socket.io file (it will be something like http://www.chaturl.com/socket.io/socket.io.js) loads perfectly, but then when i try to load index.html (as http
Re: problem with sort of caching of use_backend with socket.io and apache
Thanks willy, i solved it as soon you answer me but i'm still dealing to the configuration to make it work as i need: my last question was this: http://serverfault.com/questions/451690/haproxy-is-caching-the-forwarding and i got it working, but for some reason, after the authentication is made and the some commands are sent, the connection is dropped and a new connection is made as you can see here: info - handshake authorized 2ZqGgU2L5RNksXQRWuhi debug - setting request GET /socket.io/1/websocket/2ZqGgU2L5RNksXQRWuhi debug - set heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi debug - client authorized for debug - websocket writing 1:: debug - websocket received data packet 5:3+::{name:ferret,args:[tobi]} debug - sending data ack packet debug - websocket writing 6:::3+[woot] info - transport end (socket end) debug - set close timeout for client 2ZqGgU2L5RNksXQRWuhi debug - cleared close timeout for client 2ZqGgU2L5RNksXQRWuhi debug - cleared heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi debug - discarding transport debug - client authorized info - handshake authorized WkHV-B80ejP6MHQTWuhj debug - setting request GET /socket.io/1/websocket/WkHV-B80ejP6MHQTWuhj debug - set heartbeat interval for client WkHV-B80ejP6MHQTWuhj debug - client authorized for debug - websocket writing 1:: debug - websocket received data packet 5:4+::{name:ferret,args:[tobi]} debug - sending data ack packet debug - websocket writing 6:::4+[woot] info - transport end (socket end) i tried several configurations, something like this: http://stackoverflow.com/questions/4360221/haproxy-websocket-disconnection/ and also declaring 2 backends, and using ACL to forward to a backend that has the option http-pretend-keepalive when the request is a websocket request and to a backend that has http-server-close when the request is only for socket.io static files or is any other type of request that is not websocket. i would clarify that http-server-close is only on the nginx backend and in the static files backend, http-pretend-keepalive is on frontend all and in the websocket backend. anyone could point me to the right direction? i tried several combinations and none worked so far :( thanks in advance for your time and patience :) 2012/11/24 Willy Tarreau w...@1wt.eu: Hi David, On Sat, Nov 24, 2012 at 09:26:56AM -0300, david rene comba lareu wrote: Hi everyone, i'm little disappointed with a problem i'm having trying to configure HAproxy in the way i need, so i need a little of help of you guys, that knows a lot more than me about this, as i reviewed all the documentation and tried several things but nothing worked :(. basically, my structure is: HAproxy as frontend, in 80 port - forwards by default to webserver (in this case is apache, in other machines could be nginx) - depending the domain and the request, forwards to an Node.js app so i have something like this: global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global modehttp maxconn 2000 contimeout 5000 clitimeout 5 srvtimeout 5 frontend all 0.0.0.0:80 timeout client 5000 default_backend www_backend acl is_soio url_dom(host) -i socket.io #if the request contains socket.io acl is_chat hdr_dom(host) -i chaturl #if the request comes from chaturl.com use_backend chat_backend if is_chat is_soio backend www_backend balance roundrobin option forwardfor # This sets X-Forwarded-For timeout server 5000 timeout connect 4000 server server1 localhost:6060 weight 1 maxconn 1024 check #forwards to apache2 backend chat_backend balance roundrobin option forwardfor # This sets X-Forwarded-For timeout queue 5 timeout server 5 timeout connect 5 server server1 localhost:5558 weight 1 maxconn 1024 check #forward to node.js app my application uses socket.io, so anything that match the domain and has socket.io in the request, should forward to the chat_backend. The problem is that if i load directly from the browser, let say, the socket.io file (it will be something like http://www.chaturl.com/socket.io/socket.io.js) loads perfectly, but then when i try to load index.html (as http://www.chaturl.com/index.html) most of the times, is still redirect to socket.io. after refreshing a few time, it finally loads index.html, but then, doesn't load the socket.io.js file inserted in the file (why it redirect to the apache server, and not the node.js app). so as i said, it sort of caching the request. i tried several ACL combinations, i disabled the domain check, only checking for socket.io but is still the same. Reading again the documentation i tried to use hdr_dir, hdr_dom