Re: dynamic rtmp push is posible?
Wow, i would never through of using DNS for this. that's actually a really simple and effective idea. Many thanks for your help ! 2016-12-30 15:16 GMT-03:00 Jerry Scharf <je...@soundhound.com>: > David, > > (shameless plug) It's not built yet, but this is a great use case for the > DNS SRV record based backend. You would just update the RRset for the > _service._tcp.dnsname (dynamic DNS or edit file and reload) and the new > connections would see a different set of servers in the backend. I would > imagine there will be a knob to control how often the DNS is scanned and > possibly a signal to tell it to scan now. > > jerry > > On 12/30/16 9:25 AM, david rene comba lareu wrote: >> >> Hello everyone, first of all, happy new year to all :) >> >> Has been like 2 years last time i wrote to the mailing list, as i >> haven't doing too many haproxy stuff. >> but recently, i have a project where i need to do some redirecting of >> data streams, so haproxy was my first option. >> >> So, i have a video stream that goes to a nginx rtmp server. i need to >> push this stream up to 4 channels (destinations) dynamically. And by >> that, i mean, that could be times when the stream is only forwarded to >> one channel, or none, or 3, or 4. The thing is, i can't cut the >> streams connections that are already playing when i add a new push >> forwarding. That's the reason i can't use nginx directly. >> >> I was wondering if haproxy can actually do this. i can remove the >> nginx server from the architecture, if haproxy support the ffmpeg >> stream directly. >> >> Any ideas? tips? recommendation? everything is welcome ! >> >> Thanks ! >> > > -- > Soundhound Devops > "What could possibly go wrong?" > >
dynamic rtmp push is posible?
Hello everyone, first of all, happy new year to all :) Has been like 2 years last time i wrote to the mailing list, as i haven't doing too many haproxy stuff. but recently, i have a project where i need to do some redirecting of data streams, so haproxy was my first option. So, i have a video stream that goes to a nginx rtmp server. i need to push this stream up to 4 channels (destinations) dynamically. And by that, i mean, that could be times when the stream is only forwarded to one channel, or none, or 3, or 4. The thing is, i can't cut the streams connections that are already playing when i add a new push forwarding. That's the reason i can't use nginx directly. I was wondering if haproxy can actually do this. i can remove the nginx server from the architecture, if haproxy support the ffmpeg stream directly. Any ideas? tips? recommendation? everything is welcome ! Thanks !
Re: Can't find an old example of haproxy failover setup with 2 locations
this maybe can help you: http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/ 2014-12-08 12:10 GMT-03:00 Aleksandr Vinokurov aleksandr@gmail.com: I've seen it 2 years ago. If I remember it right, Willy Tarreau was the author and it had ASCII graphics for network schema. It depicts step by step the configuration from one location and one server to 2 locations and 4 (or only 2) Haproxy servers. Will be **very** glad if smb. can share a link to it. Aleksandr Vinokurov +7 (921) 982-21-43 @aleksandrvin
Re: Spam to this list?
I totally agree with this. Please, set up some anti-spam measure to the list. 2014-09-05 10:15 GMT-03:00 Colin Ingarfield co...@ingarfield.com: On 09/05/2014 08:07 AM, Steven Haigh wrote: Sorry, this is a stupid suggestion. 1) The spam still makes it onto the list archives - See: http://marc.info/?l=haproxyr=1b=201409w=2 2) It dilutes the mailing list content by creating a massive drop in signal to noise (24+ spam messages in the past day?!?) 3) It causes the reputation as a mail sender of the haproxy mailing lists to be greatly reduced - meaning eventually hosts will reject mail from the list - legit or not. 4) This is a problem that has been 'solved' on other mailing lists for at least a decade. 5) It gives the impression to people wanting to use haproxy that the admin team don't know what they're doing. I've gotten more spam from this single list in the last 24 hours than I have from the total of ALL my other mailing lists in the past few months. If you aren't going to do proper spam filtering, AT LEAST do moderation of non-member posts. This single action will just about cure the spam problem. Its starting to become a joke. I agree w/ every point here. I do run my own spam filter (spamassassin) and it works very well. But it mostly trusts email that has a valid DKIM signature. Since the spam from list does have valid DKIM sigs it makes it through my filter easily. To fix this I'd have to make special spam rules just for this list to ignore DKIM signatures. That of course defeats the purpose of them in the first place. Please either filter the spam or require some kind of registration before posting to the list. Thank you, Colin Ingarfield
can't get CA certificate installed correctly
Hi, for some reason, i can't install the CA certificate correctly in haproxy my config is like this: bind *:443 ssl crt /home/scripts/CA/www.domain.com.pem ca-file /home/scripts/CA/rapidsslCA.crt i already tried with the primary intermediate CA and the bundled PEM version found at here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=contentid=AR1548actp=LISTviewlocale=en_US but i still get the error: The intermediate CA certificate cannot be found for the following certificate chain. any hint of how can be fixed or where i should look at? i'm using: HA-Proxy version 1.5-dev21-6b07bf7 +2013/12/17 Thanks in advance !
Re: read ACL to block ip's from file to prevent DDoS?
Hi, awesome ! thanks for the help, i'm gonna try it asap :D Regards. 2014/1/15 Thierry FOURNIER tfourn...@exceliance.fr: Hi, Now you can use map for your needs. The maps can be manipulated via the stats socket. The identifier of the map is the file name: acl abuser src,map_ip_int(abusers.lst,0) -m int eq 1 http-request tarpit if abuser The file abusers.lst is empty file, or contain the known blocked IP. During the run of haproxy, you can block one ip addres with this command: echo add map abusers.lst 10.0.3.7 1 | socat - unix:/tmp/haproxy You can release the ip with this command: echo del map abusers.lst 10.0.3.7 | socat - unix:/tmp/haproxy For information, I'm actually working on dynamic ACL. Thierry On Sat, 11 Jan 2014 21:45:45 -0200 david rene comba lareu shadow.of.sou...@gmail.com wrote: Hi, i'm trying to automatize a DDoS protection into our current server structure, there is any way to load the ACL to block ip's through a file so i could update it via code? need to restart/reload haproxy each time i add an ip? i'm open to any suggestions if anyone has any better method for this. Regards.
read ACL to block ip's from file to prevent DDoS?
Hi, i'm trying to automatize a DDoS protection into our current server structure, there is any way to load the ACL to block ip's through a file so i could update it via code? need to restart/reload haproxy each time i add an ip? i'm open to any suggestions if anyone has any better method for this. Regards.
Thanks for so awesome work !
Hi, i know that most of the emails are to ask something, i just want to say thanks for making so awesome load balancer. is far the most easiest i tried and the new SSL support let me today to build and simplify a lot my app structure. Again, just thanks for all the effort :) Regards.
Re: haproxy in the sky
Hi, very cool ! thanks for sharing it :) Regards, Shadow. 2013/4/1 Willy Tarreau w...@1wt.eu For those interested, here's a little experiment I did over the week-end : http://haproxy.1wt.eu/hap-in-the-sky.html Not too hard to reproduce, have fun! Willy
Re: problem with sort of caching of use_backend with socket.io and apache
Hi,
many thanks, your link was exactly what i needed ! :D
Regards,
Shadow.
2012/11/29 Baptiste bed...@gmail.com:
Hi David,
For more information about HAProxy and websockets, please have a look at:
http://blog.exceliance.fr/2012/11/07/websockets-load-balancing-with-haproxy/
It may give you some hints and point you to the right direction.
cheers
On Wed, Nov 28, 2012 at 6:34 PM, david rene comba lareu
shadow.of.sou...@gmail.com wrote:
Thanks willy, i solved it as soon you answer me but i'm still dealing
to the configuration to make it work as i need:
my last question was this:
http://serverfault.com/questions/451690/haproxy-is-caching-the-forwarding
and i got it working, but for some reason, after the authentication is
made and the some commands are sent, the connection is dropped and a
new connection is made as you can see here:
info - handshake authorized 2ZqGgU2L5RNksXQRWuhi
debug - setting request GET /socket.io/1/websocket/2ZqGgU2L5RNksXQRWuhi
debug - set heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi
debug - client authorized for
debug - websocket writing 1::
debug - websocket received data packet
5:3+::{name:ferret,args:[tobi]}
debug - sending data ack packet
debug - websocket writing 6:::3+[woot]
info - transport end (socket end)
debug - set close timeout for client 2ZqGgU2L5RNksXQRWuhi
debug - cleared close timeout for client 2ZqGgU2L5RNksXQRWuhi
debug - cleared heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi
debug - discarding transport
debug - client authorized
info - handshake authorized WkHV-B80ejP6MHQTWuhj
debug - setting request GET /socket.io/1/websocket/WkHV-B80ejP6MHQTWuhj
debug - set heartbeat interval for client WkHV-B80ejP6MHQTWuhj
debug - client authorized for
debug - websocket writing 1::
debug - websocket received data packet
5:4+::{name:ferret,args:[tobi]}
debug - sending data ack packet
debug - websocket writing 6:::4+[woot]
info - transport end (socket end)
i tried several configurations, something like this:
http://stackoverflow.com/questions/4360221/haproxy-websocket-disconnection/
and also declaring 2 backends, and using ACL to forward to a backend
that has the
option http-pretend-keepalive
when the request is a websocket request and to a backend that has
http-server-close when the request is only for socket.io static files
or is any other type of request that is not websocket.
i would clarify that http-server-close is only on the nginx backend
and in the static files backend, http-pretend-keepalive is on frontend
all and in the websocket backend.
anyone could point me to the right direction? i tried several
combinations and none worked so far :(
thanks in advance for your time and patience :)
2012/11/24 Willy Tarreau w...@1wt.eu:
Hi David,
On Sat, Nov 24, 2012 at 09:26:56AM -0300, david rene comba lareu wrote:
Hi everyone,
i'm little disappointed with a problem i'm having trying to configure
HAproxy in the way i need, so i need a little of help of you guys,
that knows a lot more than me about this, as i reviewed all the
documentation and tried several things but nothing worked :(.
basically, my structure is:
HAproxy as frontend, in 80 port - forwards by default to webserver
(in this case is apache, in other machines could be nginx)
- depending the domain
and the request, forwards to an Node.js app
so i have something like this:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
modehttp
maxconn 2000
contimeout 5000
clitimeout 5
srvtimeout 5
frontend all 0.0.0.0:80
timeout client 5000
default_backend www_backend
acl is_soio url_dom(host) -i socket.io #if the request contains socket.io
acl is_chat hdr_dom(host) -i chaturl #if the request comes from chaturl.com
use_backend chat_backend if is_chat is_soio
backend www_backend
balance roundrobin
option forwardfor # This sets X-Forwarded-For
timeout server 5000
timeout connect 4000
server server1 localhost:6060 weight 1 maxconn 1024 check #forwards to
apache2
backend chat_backend
balance roundrobin
option forwardfor # This sets X-Forwarded-For
timeout queue 5
timeout server 5
timeout connect 5
server server1 localhost:5558 weight 1 maxconn 1024 check #forward to
node.js app
my application uses socket.io, so anything that match the domain and
has socket.io in the request, should forward to the chat_backend.
The problem is that if i load directly from the browser, let say, the
socket.io file (it will be something like
http://www.chaturl.com/socket.io/socket.io.js) loads perfectly, but
then when i try to load index.html (as
http
Re: problem with sort of caching of use_backend with socket.io and apache
Thanks willy, i solved it as soon you answer me but i'm still dealing
to the configuration to make it work as i need:
my last question was this:
http://serverfault.com/questions/451690/haproxy-is-caching-the-forwarding
and i got it working, but for some reason, after the authentication is
made and the some commands are sent, the connection is dropped and a
new connection is made as you can see here:
info - handshake authorized 2ZqGgU2L5RNksXQRWuhi
debug - setting request GET /socket.io/1/websocket/2ZqGgU2L5RNksXQRWuhi
debug - set heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi
debug - client authorized for
debug - websocket writing 1::
debug - websocket received data packet
5:3+::{name:ferret,args:[tobi]}
debug - sending data ack packet
debug - websocket writing 6:::3+[woot]
info - transport end (socket end)
debug - set close timeout for client 2ZqGgU2L5RNksXQRWuhi
debug - cleared close timeout for client 2ZqGgU2L5RNksXQRWuhi
debug - cleared heartbeat interval for client 2ZqGgU2L5RNksXQRWuhi
debug - discarding transport
debug - client authorized
info - handshake authorized WkHV-B80ejP6MHQTWuhj
debug - setting request GET /socket.io/1/websocket/WkHV-B80ejP6MHQTWuhj
debug - set heartbeat interval for client WkHV-B80ejP6MHQTWuhj
debug - client authorized for
debug - websocket writing 1::
debug - websocket received data packet
5:4+::{name:ferret,args:[tobi]}
debug - sending data ack packet
debug - websocket writing 6:::4+[woot]
info - transport end (socket end)
i tried several configurations, something like this:
http://stackoverflow.com/questions/4360221/haproxy-websocket-disconnection/
and also declaring 2 backends, and using ACL to forward to a backend
that has the
option http-pretend-keepalive
when the request is a websocket request and to a backend that has
http-server-close when the request is only for socket.io static files
or is any other type of request that is not websocket.
i would clarify that http-server-close is only on the nginx backend
and in the static files backend, http-pretend-keepalive is on frontend
all and in the websocket backend.
anyone could point me to the right direction? i tried several
combinations and none worked so far :(
thanks in advance for your time and patience :)
2012/11/24 Willy Tarreau w...@1wt.eu:
Hi David,
On Sat, Nov 24, 2012 at 09:26:56AM -0300, david rene comba lareu wrote:
Hi everyone,
i'm little disappointed with a problem i'm having trying to configure
HAproxy in the way i need, so i need a little of help of you guys,
that knows a lot more than me about this, as i reviewed all the
documentation and tried several things but nothing worked :(.
basically, my structure is:
HAproxy as frontend, in 80 port - forwards by default to webserver
(in this case is apache, in other machines could be nginx)
- depending the domain
and the request, forwards to an Node.js app
so i have something like this:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
modehttp
maxconn 2000
contimeout 5000
clitimeout 5
srvtimeout 5
frontend all 0.0.0.0:80
timeout client 5000
default_backend www_backend
acl is_soio url_dom(host) -i socket.io #if the request contains socket.io
acl is_chat hdr_dom(host) -i chaturl #if the request comes from chaturl.com
use_backend chat_backend if is_chat is_soio
backend www_backend
balance roundrobin
option forwardfor # This sets X-Forwarded-For
timeout server 5000
timeout connect 4000
server server1 localhost:6060 weight 1 maxconn 1024 check #forwards to
apache2
backend chat_backend
balance roundrobin
option forwardfor # This sets X-Forwarded-For
timeout queue 5
timeout server 5
timeout connect 5
server server1 localhost:5558 weight 1 maxconn 1024 check #forward to
node.js app
my application uses socket.io, so anything that match the domain and
has socket.io in the request, should forward to the chat_backend.
The problem is that if i load directly from the browser, let say, the
socket.io file (it will be something like
http://www.chaturl.com/socket.io/socket.io.js) loads perfectly, but
then when i try to load index.html (as
http://www.chaturl.com/index.html) most of the times, is still
redirect to socket.io. after refreshing a few time, it finally loads
index.html, but then, doesn't load the socket.io.js file inserted in
the file (why it redirect to the apache server, and not the node.js
app). so as i said, it sort of caching the request.
i tried several ACL combinations, i disabled the domain check, only
checking for socket.io but is still the same. Reading again the
documentation i tried to use hdr_dir, hdr_dom
