On 23 July 2012 03:59, Alex Soto aps...@gmail.com wrote:
Hi,
I've got a proxy connecting to two 'servers' that are connecting from the
HAProxy to the remote servers via an ssh tunnel.
Here's an example:
listen portal 127.0.0.1:8085
mode tcp
balance source
timeout check 3000
server i-e4014f9c localhost:58919 check
server i-76a4ea0f localhost:38559 check
localhost:58919 and localhost:38559 are forwarded to separate remote servers
via an SSH tunnel.
What I'm seeing is that I can take down the remote service and HAProxy
doesn't detect it, but if I take down the ssh tunnel it detects it. I'm
wondering if there is some configuration that I can do to have HAProxy detect
when the remote server's service goes down?
This is because you're only asking HAProxy to check SSH, i.e.
localhost:58919/38559. It doesn't know anything about the remote
service.
If the remote service is HTTP, you could add a httpchk line that
will determine if layer7 is working.
If not, there are some other protocols for which layer7 checks have
been implemented (mysql; pgsql(?); smtp) but, if you're not using
them, I'm not sure what to suggest.
As an aside, I can't imagine performance over SSH tunnels is
brilliant. Have you considered more transparent yet still secure
options, such as IPsec or (for ease of setup) OpenVPN? With those,
you'd have the advantage of being able to do TCP checks of the remote
port instead of a localhost one, without having to care about the
layer7 checks. Which isn't a /good/ thing - layer7 checks are the way
forward! But it helps if you're not talking a layer7 protocol that
HAProxy knows about.
HTH,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
