Re: Multiple Config Files Use Leads to Lockout

2017-04-17 Thread Pavlos Parissis 
On 08/04/2017 08:26 μμ, Coscend@HAProxy wrote:
> Hello Pavlos,
> 
> An update:  Following your guidance, we have successfully transitioned from 
> using 'system V init' to 'systemd' in order to start/stop/reload HAProxy. 
> Thank
> you for helping us advance with times.
> 
> We would appreciate your guidance on why using multiple HAProxy config files
> in a directory forces us to reset our password to our WebSocket product for us
> to login?

I don't believe the way configuration files are loaded has anything to do with 
the
behavior you observe. It sounds that the application demands user affinity as 
only
a single application server can serve the traffic from a single user.

Have you tried to use 'balance source' to stick requests from a single user to
a particular server?

This
https://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
could be a useful article to read.

Cheers,
Pavlos



signature.asc
Description: OpenPGP digital signature

RE: Multiple Config Files Use Leads to Lockout

2017-04-08 Thread Coscend@HAProxy 
Hello Pavlos,

An update:  Following your guidance, we have successfully transitioned from 
using 'system V init' to 'systemd' in order to start/stop/reload HAProxy.  
Thank you for helping us advance with times.

We would appreciate your guidance on why using multiple HAProxy config files in 
a directory forces us to reset our password to our WebSocket product for us to 
login?  HAPRoxy configuration is in the previously posted message.
Sincerely,
Hemant K. Sabat

-Original Message-
From: Coscend@HAProxy [mailto:haproxy.insig...@coscend.com] 
Sent: Saturday, April 8, 2017 4:18 AM
To: 'Pavlos Parissis' <pavlos.paris...@gmail.com>; 'haproxy' 
<haproxy@formilux.org>
Subject: RE: Multiple Config Files Use Leads to Lockout

Hello Pavlos,

Below we have provided both the information you requested.  Your guidance would 
be appreciated.
(1) Sanitized version of HAProxy configuration is below. Please help us 
identify why using multiple HAProxy config files in a directory forces us to 
reset our password to our WebSocket product for us to login?  Single 
haproxy.cfg file works perfectly with the same configuration.

(2) >> May I ask why you are using the SysVinit and not systemd to start 
haproxy? You are using CentOS 7.2, which uses systemd, Thank you for guiding us 
to use systemd.  Today, we created a haproxy.service executable file in 
/usr/lib/systemd/system/haproxy.service, but failed to start HAProxy.  The 
haproxy.service file is below.  What did we do wrong?



HAProxy configuration file (sanitized)

global
log 127.0.0.1 local2 
log-tag haproxy   
pidfile /var/run/haproxy.pid
userhaproxy   
group   haproxy
nbproc  1
maxconn 5000   
spread-checks   5   
debug 
chroot  "/usr/local/haproxy-1.7.5/lib" 
stats socket""/usr/local/haproxy-1.7.5/lib/haproxy.sock" 

maxsslconn 256  
tune.ssl.default-dh-param 4096  
ca-base /etc/pki/CA/ssl.cert

crt-base /etc/pki/CA/ssl.key
ssl-default-bind-ciphers 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets

maxcomprate 1   
maxcompcpuusage 50  
tune.comp.maxlevel  5   

defaults
modehttp  
log global
option  httplog   
option  http-server-close 
option  redispatch
retries 3
backlog 1
timeout client  5ms 
timeout connect 5000ms  
timeout server  5ms 
timeout http-keep-alive 10s
timeout http-request15s
timeout queue   30s   
timeout check   10s
timeout tarpit  60s
default-server inter 3s rise 2 fall 3
option  forwardfor  
option  abortonclose  
maxconn 5
compression algo gzip 
compression offload 
compression type text/html "text/html; charset=utf-8" 
text/html;charset=utf-8 text/plain text/css text/javascript 
application/x-javascript application/j

RE: Multiple Config Files Use Leads to Lockout

2017-04-08 Thread Coscend@HAProxy 
t) coscend.com
acl host_coscend_httpsreq.hdr(Host) coscend.com
acl path_subdomain_cc_classic path_beg -i "/CoscendCC"
use_backend subdomain_cc_classic-backend if host_coscend_https 
path_subdomain_cc_classic 
default_backend webapps-backend   

backend webapps-backend   
log   global
balance   roundrobin
optionhttp-server-close 
http-request set-header X-Forwarded-Port %[dst_port]  
optionhttpchk HEAD / HTTP/1.1\r\nHost:localhost   
server Demo :Port cookie pad-p check

backend subdomain_cc_classic-backend
timeout tunnel  3600s   
rspirep ^(Location:)\ http://(.*)$   Location:\ https://\2
server Production : cookie cc-p check 

-
Using systemd to start HAProxy with following haproxy.service FAILED
--
[Unit]
Description=HAProxy Load Balancer
After=network.target

[Service]
Environment="CONFIG=/usr/local/haproxy-1.7.5/conf/haproxy.cfg" 
"PIDFILE=/var/run/haproxy.pid" "LOCKFILE=/var/lock/subsys/haproxy"
ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q
ExecStart=/usr/local/sbin/haproxy-systemd-wrapper -D -V -f $CONFIG -p $PIDFILE
ExecReload=/usr/local/sbin/haproxy -f $CONFIG -c -q
KillMode=mixed
Restart=always

[Install]
WantedBy=multi-user.target


Thank you.

Sincerely,

Hemant K. Sabat
 
Coscend Communications Solutions
Web site: www.Coscend.com 
--
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, 
Telepresence Services, on the fly…
--
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages 
from Coscend Communications Solutions' posted at: 
http://www.Coscend.com/Terms_and_Conditions.html 




-Original Message-
From: Pavlos Parissis [mailto:pavlos.paris...@gmail.com] 
Sent: Friday, April 7, 2017 3:11 PM
To: haproxy.insig...@coscend.com; 'haproxy' <haproxy@formilux.org>
Subject: Re: Multiple Config Files Use Leads to Lockout

On 07/04/2017 06:00 μμ, Coscend@HAProxy wrote:
> Dear HAProxy Community,
> 
>  
> 
> We are seeking your guidance with regard to the following issue we are 
> facing with our HAProxy use.
> 
>  
> 
> --
> 
> ISSUE
> 
> ---
> 
> When we use a single monolithic config file (haproxy.cfg), HAPRoxy 
> launches fine and we are able to access our products that use HTTP/TCP 
> (WebSockets) and RTMP.
> 
>  
> 
> When we launch HAProxy using multiple config files in a directory, 
> HAProxy launches fine.  However, our products do not allow 
> administrator to login (i.e., locks out).  We have to reset the 
> password to login.  Once the admin logs out, again it locks out the 
> administrator and the password has to be reset to login.
> 
>  
> 
> How is using multiple HAProxy config files in a directory connected to 
> logging in to our WebSocket product?
> 
>  
> 
> 
> 
> DETAILS
> 
> 
> 
> We are running HAProxy as a daemon service.  We are using HAProxy init 
> script from HAProxy’s Github source.  /etc/init.d/haproxy has the following 
> lines:
> 

May I ask why you are using the SysVinit and not systemd to start haproxy? You 
are using CentOS 7.2, which uses systemd, thus my question.

>  
> 
> Option 1:  When using SINGLE Config FILE
> 
> CFG=haproxy-1.7.5/conf/$BASENAME.cfg
> 
>  
> 
> Option 2:  When using a config DIRECTORY (conf.modular) with multiple 
> files in alphanumerical order, namely global, defaults, frontend, 
> backend, dns resolver and statistics:
> 
> CFG=haproxy-1.7.5/conf.modular
> 
>  

Without seeing the actual configuration, it would be quite difficult to get a 
useful response. Can you share a sanitized version of your configuration?

Cheers,
Pavlos

Re: Multiple Config Files Use Leads to Lockout

2017-04-07 Thread Pavlos Parissis 
On 07/04/2017 06:00 μμ, Coscend@HAProxy wrote:
> Dear HAProxy Community,
> 
>  
> 
> We are seeking your guidance with regard to the following issue we are facing
> with our HAProxy use.
> 
>  
> 
> --
> 
> ISSUE
> 
> ---
> 
> When we use a single monolithic config file (haproxy.cfg), HAPRoxy launches 
> fine
> and we are able to access our products that use HTTP/TCP (WebSockets) and 
> RTMP. 
> 
>  
> 
> When we launch HAProxy using multiple config files in a directory, HAProxy
> launches fine.  However, our products do not allow administrator to login 
> (i.e.,
> locks out).  We have to reset the password to login.  Once the admin logs out,
> again it locks out the administrator and the password has to be reset to 
> login.
> 
>  
> 
> How is using multiple HAProxy config files in a directory connected to logging
> in to our WebSocket product?
> 
>  
> 
> 
> 
> DETAILS
> 
> 
> 
> We are running HAProxy as a daemon service.  We are using HAProxy init script
> from HAProxy’s Github source.  /etc/init.d/haproxy has the following lines:
> 

May I ask why you are using the SysVinit and not systemd to start haproxy? You
are using CentOS 7.2, which uses systemd, thus my question.

>  
> 
> Option 1:  When using SINGLE Config FILE
> 
> CFG=haproxy-1.7.5/conf/$BASENAME.cfg
> 
>  
> 
> Option 2:  When using a config DIRECTORY (conf.modular) with multiple files in
> alphanumerical order, namely global, defaults, frontend, backend, dns resolver
> and statistics:
> 
> CFG=haproxy-1.7.5/conf.modular
> 
>  

Without seeing the actual configuration, it would be quite difficult to get a
useful response. Can you share a sanitized version of your configuration?

Cheers,
Pavlos



signature.asc
Description: OpenPGP digital signature

Multiple Config Files Use Leads to Lockout

2017-04-07 Thread Coscend@HAProxy 
Dear HAProxy Community,

 

We are seeking your guidance with regard to the following issue we are
facing with our HAProxy use.

 

--

ISSUE

---

When we use a single monolithic config file (haproxy.cfg), HAPRoxy launches
fine and we are able to access our products that use HTTP/TCP (WebSockets)
and RTMP.  

 

When we launch HAProxy using multiple config files in a directory, HAProxy
launches fine.  However, our products do not allow administrator to login
(i.e., locks out).  We have to reset the password to login.  Once the admin
logs out, again it locks out the administrator and the password has to be
reset to login.

 

How is using multiple HAProxy config files in a directory connected to
logging in to our WebSocket product?

 



DETAILS



We are running HAProxy as a daemon service.  We are using HAProxy init
script from HAProxy's Github source.  /etc/init.d/haproxy has the following
lines:

 

Option 1:  When using SINGLE Config FILE

CFG=haproxy-1.7.5/conf/$BASENAME.cfg

 

Option 2:  When using a config DIRECTORY (conf.modular) with multiple files
in alphanumerical order, namely global, defaults, frontend, backend, dns
resolver and statistics:

CFG=haproxy-1.7.5/conf.modular

 

Environment:

HAProxy version: 1.7.5

CentOS 7.2

Lua 5.3

Zlib compression

PCRE 8.3x

OpenSSL 1.0.2k

 

 

Thank you.

 

Sincerely,

 

Hemant K. Sabat

 

Coscend Communications Solutions

Web site:   www.Coscend.com 

--

Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education,
Telepresence Services, on the fly.

--

CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted at:

http://www.Coscend.com/Terms_and_Conditions.html