Re: How to forward HTTP / HTTPS to different backend proxy servers

2017-07-03 Thread Daren Sefcik
On Sun, Jul 2, 2017 at 7:30 PM, Michael Ezzell <mich...@ezzell.net> wrote: > > > On Jul 2, 2017 8:41 PM, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > yep, pretty much..I just need some help to figure out how to make it > work > > example l

Re: How to forward HTTP / HTTPS to different backend proxy servers

2017-07-02 Thread Daren Sefcik
On Sun, Jul 2, 2017 at 6:10 PM, Igor Cicimov <ig...@encompasscorporation.com > wrote: > > > On Mon, Jul 3, 2017 at 10:38 AM, Daren Sefcik <dsef...@hightechhigh.org> > wrote: > >> >> On Sun, Jul 2, 2017 at 4:44 PM, Michael Ezzell <mich...@ezzell.net>

Re: How to forward HTTP / HTTPS to different backend proxy servers

2017-07-02 Thread Daren Sefcik
On Sat, Jul 1, 2017 at 4:39 PM, Igor Cicimov <ig...@encompasscorporation.com > wrote: > > > On 29 Jun 2017 2:46 am, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <webmas...@ajeux.com> > wrote

Re: How to forward HTTP / HTTPS to different backend proxy servers

2017-07-01 Thread Daren Sefcik
Would anybody here on the list be able to offer some pointers too how I can make this work? TIA... On Wed, Jun 28, 2017 at 9:43 AM, Daren Sefcik <dsef...@hightechhigh.org> wrote: > On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <webmas...@ajeux.com> > wrote: > >> Hi

Re: How to forward HTTP / HTTPS to different backend proxy servers

2017-06-28 Thread Daren Sefcik
On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <webmas...@ajeux.com> wrote: > Hi, > > > 2017-06-28 16:47 GMT+02:00 Daren Sefcik <dsef...@hightechhigh.org>: > >> Hi, I have searched for an answer to this and tried several things but >> cannot seem to figur

How to forward HTTP / HTTPS to different backend proxy servers

2017-06-28 Thread Daren Sefcik
Hi, I have searched for an answer to this and tried several things but cannot seem to figure it out so am hoping someone can point me in the right direction. I have different backend proxy servers (squid) setup to handle specifically HTTP and HTTPS traffic but cannot figure out how to tell haproxy

Re: High Availability for haproxy itself

2017-06-28 Thread Daren Sefcik
We use PfSense with CARP & HaProxy, works great. On Fri, Jun 2, 2017 at 1:34 AM, Jiafan Zhou wrote: > Hi, > > Haproxy ensures the HA for real servers such as httpd. However, in the > case of haproxy itself, if it fails, then it requires another instance of > haproxy to

[SOLVED] Re: Need some help configuring backend health checks

2015-11-01 Thread Daren Sefcik
On Fri, Oct 30, 2015 at 12:43 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > On 31/10/2015 3:14 AM, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > > > > > > > On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < > ig..

Re: Need some help configuring backend health checks

2015-10-30 Thread Daren Sefcik
On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > On 30/10/2015 4:48 PM, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > > > So I think those links were the right idea and I have been trying > different c

Re: Need some help configuring backend health checks

2015-10-29 Thread Daren Sefcik
/127\.0\.0\.1\:1344\/respmod\ ICAP\/1\.0\r\n\ tcp-check send \r\n tcp-check expect string ICAP\/1\.0\ 200\ OK but it is still not working, I suspect I need to use some type of regex or such. Hoping somebody can help me along with this. TIA.. On Mon, Oct 19, 2015 at 7:42 AM, Daren Se

Re: Need some help configuring backend health checks

2015-10-19 Thread Daren Sefcik
Thanks Jarno, I am still not sure how I can apply this to each server using a different port but will poke around at it and see if I can figure it out. On Mon, Oct 19, 2015 at 1:04 AM, Jarno Huuskonen <jarno.huusko...@uef.fi> wrote: > Hi, > > On Sun, Oct 18, Daren Sefcik wr

Re: Dynamically change server maxconn possible?

2015-10-19 Thread Daren Sefcik
Thanks, this will be helpful to find a good load balance as the systems are running. On Mon, Oct 19, 2015 at 1:12 PM, Willy Tarreau wrote: > On Mon, Oct 19, 2015 at 02:19:52PM -0500, Andrew Hayworth wrote: > > I was just thinking about how useful this would be, and will submit a >

Need some help configuring backend health checks

2015-10-18 Thread Daren Sefcik
I have an ICAP server backend with servers that each listen on different ports, can anyone offer some advice on how to configure health checks for it? I am currently using basic but that really doesn't help if the service is not responding. Here is my haproxy config for the backend: backend

Dynamically change server maxconn possible?

2015-10-16 Thread Daren Sefcik
I am thinking the answer is no but figured I would ask just to make sure...basically can I change individual server maxconn numbers on-the-fly while haproxy is running or do I need to do a full restart to have them take effect? TIA...

Re: Squid Backend Health Checks

2015-10-14 Thread Daren Sefcik
com> wrote: > Hi Daren, > > What type of errors are reported? > > Baptiste > > On Wed, Oct 14, 2015 at 8:19 AM, Daren Sefcik <dsef...@hightechhigh.org> > wrote: > > I followed Willy's advice from this post > > > > http://www.mail-archive.com/hapr

Re: Squid Backend Health Checks

2015-10-14 Thread Daren Sefcik
Using HATop I see lots of ERSP errors which I guess is response errors...not sure if that is helpful. On Wed, Oct 14, 2015 at 7:40 AM, Daren Sefcik <dsef...@hightechhigh.org> wrote: > The only thing I can look at is the stats page which report failed health > checks. I have tried

Squid Backend Health Checks

2015-10-14 Thread Daren Sefcik
I followed Willy's advice from this post http://www.mail-archive.com/haproxy@formilux.org/msg05171.html but seem to get a lot of health check errors and (false) Dwntme. Is there a newer or better way to do health checks or am I missing something? TIA.. BTW, nice work on 1.6, am looking forward

Re: How to configure frontend/backend for SSL OR Non SSL Backend?

2015-10-13 Thread Daren Sefcik
d bkapp > > backend bkapp > mode tcp > stick-table type ip size 10k peers mypeers > stick on src > server s1 a.b.c.d check port 80 > server s2 a.b.c.e check port 80 > > > Baptiste > > > On Mon, Oct 12, 2015 at 4:40 PM, Daren Sefcik <dsef...@hightechhigh.or

Re: How to configure frontend/backend for SSL OR Non SSL Backend?

2015-10-12 Thread Daren Sefcik
n Mon, Oct 12, 2015 at 4:24 PM, Daren Sefcik <dsef...@hightechhigh.org> > wrote: > > I am probably totally overlooking something but how do I configure a > > frontend/backend to pass to the same server for both SSL and Non SSL > > requests? We have server that require ssl for some applications but > most of > > the time not. > > >

Optimal Configuration examples for Squid or other cache backends?

2015-10-12 Thread Daren Sefcik
Can anyone point me to any references that explain optimal squid/web cache specific examples of configuring haproxy? Everything I am finding so far seems specific to web servers being the backend. Things like should I be using stick tables or cookies or best client time out, etc TIA

How to configure frontend/backend for SSL OR Non SSL Backend?

2015-10-12 Thread Daren Sefcik
I am probably totally overlooking something but how do I configure a frontend/backend to pass to the same server for both SSL and Non SSL requests? We have server that require ssl for some applications but most of the time not.

Re: About maxconn and minconn

2015-10-08 Thread Daren Sefcik
How about kern.ipc.somaxconn On Thu, Oct 8, 2015 at 5:22 AM, Dmitry Sivachenko wrote: > > > On 8 окт. 2015 г., at 3:51, Igor Cicimov > wrote: > > > > > > The only thing I can think of is you have left net.core.somaxconn = 128, > try

Re: Frontend ACL rewrites URL incorrectly to backend

2015-10-05 Thread Daren Sefcik
, joris dedieu <joris.ded...@gmail.com> wrote: > Hi, > > 2015-10-04 23:33 GMT+02:00 Daren Sefcik <dsef...@hightechhigh.org>: > > I am trying to make some requests go to specific backends but am finding > > that in certain backends that the url gets doubled

Re: x-forwarded-for help

2015-10-05 Thread Daren Sefcik
On Mon, Oct 5, 2015 at 5:29 AM, Travis Fitch wrote: > My issue is, if I bypass the hardware LB, I see the X-Forwarded-For > header, if I go via the the Hardware LB to haproxy and onto Apache, I don't > see any x-forwarded-for headers in Apaches log files. I am new to

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-04 Thread Daren Sefcik
FWIW, these are the two lines I added to the /boot/loader.conf file hw.bge.tso_enable=0 hw.pci.enable_msix=0 On Sun, Oct 4, 2015 at 12:09 PM, Daren Sefcik <dsef...@hightechhigh.org> wrote: > On Sun, Oct 4, 2015 at 7:30 AM, joris dedieu <joris.ded...@gmail.com> > wrote: > &

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-04 Thread Daren Sefcik
On Sun, Oct 4, 2015 at 7:30 AM, joris dedieu wrote: > Broadcom NICs : you should check man 4 bge and > https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards > While I had already looked at this early in my troubleshooting process I totally screwed it

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-04 Thread Daren Sefcik
> > > Interesting, so maybe in fact you're running on cards with an old horrible > firmware like what I described in the previous e-mail. > Possible I suppose but these are brand new Dell systems, just got them a few a weeks ago. Any advice on how to check and I will do so. > Maybe your client

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-04 Thread Daren Sefcik
On Sun, Oct 4, 2015 at 1:03 PM, Willy Tarreau wrote: > I don't know how you can do on FreeBSD. On Linux you check with ethtool -i. > The worst versions of the chips reported firmware 1.9.6, though several > more recent ones still had problems but not *that* important. > Does this

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-04 Thread Daren Sefcik
. Daren On Sun, Oct 4, 2015 at 1:51 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Sun, Oct 04, 2015 at 01:10:26PM -0700, Daren Sefcik wrote: > > On Sun, Oct 4, 2015 at 1:03 PM, Willy Tarreau <w...@1wt.eu> wrote: > > > > > I don't know how you can do on FreeBSD.

Frontend ACL rewrites URL incorrectly to backend

2015-10-04 Thread Daren Sefcik
I am trying to make some requests go to specific backends but am finding that in certain backends that the url gets doubled up or otherwise mangled, ie: request to frontend = http://my.company.com what the backend server ends up with = http://my.company.comhttp:// my.company.com This does not

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-03 Thread Daren Sefcik
On Sat, Oct 3, 2015 at 12:09 AM, joris dedieu wrote: > > Running tasks: 1/2252; idle = 85 % > > How is the system during stress ? > mostly idle according to top, haproxy stats and other utils in the web gui. here is what top reports during some of the apache bench tests:

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-02 Thread Daren Sefcik
wrote: > On Fri, Oct 2, 2015 at 1:48 PM, Daren Sefcik <dsef...@hightechhigh.org> > wrote: > >> I Hope this is the right place to ask for help..if not please flame me >> and send me on my way >> >> So I had haproxy 1.5 installed (as a front end for a cluster

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

2015-10-02 Thread Daren Sefcik
So after making the changes (somewhat implied by Cyril) I ran apache bench with 2 concurrent instances of "-n 1 -c 500 -w -k" and the result on haproxy stats page is: pid = 18093 (process #1, nbproc = 1) uptime = 0d 2h55m08s system limits: memmax = unlimited; ulimit-n = 100043 maxsock =