Or put keepalived in front of 2 or more machines with stud/stunnel/nginx for
SSL termination and HAProxy for distributing the traffic to all backends.
Keepalived can move a floating IP between multiple machines, and as long as
each machine can do ssl termination and load balancing, you've got no
The map module is for comparing strings.
The geo module is for comparing IP's or multiple IP's in CIDR notation.
.. it took a while for me to figure this out.
Regards,
Jens Dueholm Christensen
-Original Message-
From: Aleksandar Lazic [mailto:al-hapr...@none.at]
Sent: Tuesday, April 24,
xperiences with arp_filter etc tells me that I've still got
something to learn..
Regards,
Jens Dueholm Christensen
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Saturday, March 31, 2012 6:36 PM
To: Jens Dueholm Christensen (JEDC)
Cc: haproxy@formilux.org
Subject: R
least I'm sure that this strange behaviour is limited to linux-flavour OSes.
FreeBSD (that I also use) does not exibit the same behaviour.
Regards,
Jens Dueholm Christensen
From: Baptiste [bed...@gmail.com]
Sent: 28 March 2012 06:14
To: Jens Dueholm C
Hi
I've got a setup with haproxy and keepalived in front handling ~10 IP's.
When I was testing my setup (watching with tcpdump etc) I saw a strange
behaviour, that I eventually found a solution to a long while ago.
A bit of googling today lead me to answer 2 (answered Mar 16 '11 at 6:12) on
th
r_patterns.lst
acl acl_collector hdr_sub(Referer) -f /etc/haproxy/collector_patterns.lst
use_backend new_collectors if acl_myip acl_collector
==> AND is implicit.
regards
On Wed, Mar 21, 2012 at 11:46 PM, Jens Dueholm Christensen (JEDC)
wrote:
> Oh..
>
> It just hit me..
&
this - somehow I was focused on
reusing my existing acl_collector and never thought about building a new ACL
with the correct rules.. :)
Regards,
Jens Dueholm Christensen
From: Jens Dueholm Christensen (JEDC) [jens.dueh...@r-m.com]
Sent: 21 March 2012 23
ent to the new_collectors backend if the traffic was comming from
1.1.1.1.
Regards,
Jens Dueholm Christensen
From: Baptiste [bed...@gmail.com]
Sent: 21 March 2012 22:02
To: Jens Dueholm Christensen (JEDC)
Cc: haproxy@formilux.org
Subject: Re: Help with AC
Hi
I'm having trouble wrapping my head around what I belive is a really simple
problem.
I've got a working HAProxy setup with a few listeners and a few backends and
some ACL's that direct traffic accordingly.
Now I'm about to add a new backend for some function-testing in this setup, and
I wa
For what it's worth..
I think you are overcomplicating your setup here.
Unless your last "leg" of the connection between haproxy and the backend https
server is running over an unsecure network (ie. internet or large LAN with no
absolute control of the flowing traffic on the LAN) why insist tha
10 matches
Mail list logo