Re: [PATCH] CLEANUP/MINOR LIM2A function comment fix
Hello John, On Wed, Oct 24, 2018 at 10:09:36AM +0300, John Cherouvim wrote: > I changed "the HTML representation" to "the ASCII representation" in the > documentation for LIM2A to make it consistent with what it actually does. I > think the fact that it returns ASCII is encoded in the function name > (similarly as it's done in U2A vs U2H) so maybe this was a copy paste > problem. (...) > From: Ioannis Cherouvim <743305+cherou...@users.noreply.github.com> > Date: Wed, 24 Oct 2018 10:05:19 +0300 > Subject: [PATCH] function comment fix > > --- (...) Thank you, I've applied it after writing an appropriate commit message. Please have a look at the file CONTRIBUTING to see how to write commit messages which are suitable to keep the project in a maintainable state, this will make your future contributions much easier to upstream. Thanks, Willy
Re: [PATCHES] Cache for larger HTTP objects
On Thu, Oct 25, 2018 at 08:40:03PM +0200, Frederic Lecaille wrote: > Here is a new series of patches. Looks good, all applied now, thank you Fred! Willy
question
Good Evening, I have a question, Can haproxy be used with postgresql using jdbc the datasource impl: org.postgresql.ds.PGConnectionPoolDataSource? Load balancing between 2 master databases (on separate servers)? Appreciate your expertise Sue Comerford
Re: [PATCHES] Cache for larger HTTP objects
On 10/25/2018 07:01 PM, William Lallemand wrote:
Hi Fred!
On Thu, Oct 25, 2018 at 10:59:43AM +0200, Frederic Lecaille wrote:
Well, after having checked, haproxy could start with a cache bigger than
2047 MB on my PC due to parsing issue.
I provide three patches. The first fixes the "total-max-size" parsing
issue. The second patch is there to also parse "max-object-size" as an
unsigned int to avoid weird issues (implicit conversions). The last if
for the documentation update.
Note that the maximum value of "max-object-size" is 4095/2 MB which may
be stored as an int.
Good catch!
Could you split the patches which contains shctx changes? Changes in the shctx
API should have their own patches.
You last patch seems to contain several fixes, 1 on the cache configuration
parsing, and 2 others related to the way we test shctx_init. We mustn't have
patches on ssl_sock.c in a patch related to the cache.
Ok.
Here is a new series of patches.
Fred.
>From 03a27f53943b439cbaa1fe2bda92a57af1db13cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?=
Date: Thu, 25 Oct 2018 10:46:40 +0200
Subject: [PATCH 6/6] DOC: cache: Missing information about "total-max-size"
and "max-object-size"
---
doc/configuration.txt | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 4431e833..95b0b977 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -17493,11 +17493,12 @@ cache
total-max-size
Define the size in RAM of the cache in megabytes. This size is split in
- blocks of 1kB which are used by the cache entries.
+ blocks of 1kB which are used by the cache entries. Its maximum value is 4095.
max-object-size
- Define the maximum size of the objects to be cached. If not set, it equals
- to a 256th of the cache size.
+ Define the maximum size of the objects to be cached. Must not be greater than
+ an half of "total-max-size". If not set, it equals to a 256th of the cache size.
+ All objects with sizes larger than "max-object-size" will not be cached.
max-age
Define the maximum expiration duration. The expiration is set has the lowest
--
2.11.0
>From 6e5445c400b7272006e0d8e2d0f7d1fd14147295 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?=
Date: Thu, 25 Oct 2018 20:31:40 +0200
Subject: [PATCH 5/6] MINOR: shctx: Change max. object size type to unsigned
int.
This change is there to prevent implicit conversions when comparing
shctx maximum object sizes with other unsigned values.
---
include/proto/shctx.h | 3 ++-
include/types/shctx.h | 2 +-
src/shctx.c | 4 ++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/proto/shctx.h b/include/proto/shctx.h
index 594a81d5..9fc6fad8 100644
--- a/include/proto/shctx.h
+++ b/include/proto/shctx.h
@@ -32,7 +32,8 @@
#endif
int shctx_init(struct shared_context **orig_shctx,
- int maxblocks, int blocksize, int maxobjsz, int extra, int shared);
+ int maxblocks, int blocksize, unsigned int maxobjsz,
+ int extra, int shared);
struct shared_block *shctx_row_reserve_hot(struct shared_context *shctx,
struct shared_block *last, int data_len);
void shctx_row_inc_hot(struct shared_context *shctx, struct shared_block *first);
diff --git a/include/types/shctx.h b/include/types/shctx.h
index 53dca3f1..7d9d8c8a 100644
--- a/include/types/shctx.h
+++ b/include/types/shctx.h
@@ -40,7 +40,7 @@ struct shared_context {
struct list avail; /* list for active and free blocks */
struct list hot; /* list for locked blocks */
unsigned int nbav; /* number of available blocks */
- int max_obj_size; /* maximum object size. */
+ unsigned int max_obj_size; /* maximum object size (in bytes). */
void (*free_block)(struct shared_block *first, struct shared_block *block);
short int block_size;
unsigned char data[0];
diff --git a/src/shctx.c b/src/shctx.c
index 604fd7df..9fe12e81 100644
--- a/src/shctx.c
+++ b/src/shctx.c
@@ -292,7 +292,7 @@ int shctx_row_data_get(struct shared_context *shctx, struct shared_block *first,
* and 0 if cache is already allocated.
*/
int shctx_init(struct shared_context **orig_shctx, int maxblocks, int blocksize,
- int maxobjsz, int extra, int shared)
+ unsigned int maxobjsz, int extra, int shared)
{
int i;
struct shared_context *shctx;
@@ -359,7 +359,7 @@ int shctx_init(struct shared_context **orig_shctx, int maxblocks, int blocksize,
LIST_INIT(>hot);
shctx->block_size = blocksize;
- shctx->max_obj_size = maxobjsz;
+ shctx->max_obj_size = maxobjsz == (unsigned int)-1 ? 0 : maxobjsz;
/* init the free blocks after the shared context struct */
cur = (void *)shctx + sizeof(struct shared_context) + extra;
--
2.11.0
>From b12ab6b6922cad7c10dcf9503f97dff15e35d862 Mon Sep 17 00:00:00 2001
From:
Re: [PATCHES] Cache for larger HTTP objects
Hi Fred! On Thu, Oct 25, 2018 at 10:59:43AM +0200, Frederic Lecaille wrote: > Well, after having checked, haproxy could start with a cache bigger than > 2047 MB on my PC due to parsing issue. > > I provide three patches. The first fixes the "total-max-size" parsing > issue. The second patch is there to also parse "max-object-size" as an > unsigned int to avoid weird issues (implicit conversions). The last if > for the documentation update. > > Note that the maximum value of "max-object-size" is 4095/2 MB which may > be stored as an int. > Good catch! Could you split the patches which contains shctx changes? Changes in the shctx API should have their own patches. You last patch seems to contain several fixes, 1 on the cache configuration parsing, and 2 others related to the way we test shctx_init. We mustn't have patches on ssl_sock.c in a patch related to the cache. Thanks. -- William Lallemand
Re: [PATCHES] Cache for larger HTTP objects
On 10/24/2018 04:49 AM, Willy Tarreau wrote:
Hi Fred,
On Tue, Oct 23, 2018 at 02:57:05PM +0200, Frederic Lecaille wrote:
Hello ML,
Here is a serie of patches to make the cache capable of caching HTTP
objects larger than a buffer.
The 4th patch add "max-object-size" option to "cache" section so that
to limit the size of the HTTP objects to be cached.
Do not hesitate to test them.
Great, thanks, now applied!
I'm just having one concern I'd like you to take a look at. The
max-object-size and the "sent" argument are respectively unsigned int
and int, while the response's body_len is an uint64_t. Thus I have no
idea what happens when :
- max-object-size >= 2 GB is set
- content-length >= 2 GB or >= 4 GB is seen
- the sum of received chunks is larger than 2 GB
Well, after having checked, haproxy could start with a cache bigger than
2047 MB on my PC due to parsing issue.
I provide three patches. The first fixes the "total-max-size" parsing
issue. The second patch is there to also parse "max-object-size" as an
unsigned int to avoid weird issues (implicit conversions). The last if
for the documentation update.
Note that the maximum value of "max-object-size" is 4095/2 MB which may
be stored as an int.
I'm personally fine if all of these result in the object not being cached
(in which case it should be mentioned in the doc), but I'd like to be sure
we don't return truncated/corrupted objects and that we don't leak cache
entries or any such thing.
Thanks!
Willy
>From d9409e253dce6b0041f547645949de07b51b615d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?=
Date: Thu, 25 Oct 2018 10:46:40 +0200
Subject: [PATCH 3/3] DOC: cache: Missing information about "total-max-size"
and "max-object-size"
---
doc/configuration.txt | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 4431e833..95b0b977 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -17493,11 +17493,12 @@ cache
total-max-size
Define the size in RAM of the cache in megabytes. This size is split in
- blocks of 1kB which are used by the cache entries.
+ blocks of 1kB which are used by the cache entries. Its maximum value is 4095.
max-object-size
- Define the maximum size of the objects to be cached. If not set, it equals
- to a 256th of the cache size.
+ Define the maximum size of the objects to be cached. Must not be greater than
+ an half of "total-max-size". If not set, it equals to a 256th of the cache size.
+ All objects with sizes larger than "max-object-size" will not be cached.
max-age
Define the maximum expiration duration. The expiration is set has the lowest
--
2.11.0
>From 947047b4675cfed827c4fa9bac800f18e1d7abce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?=
Date: Thu, 25 Oct 2018 10:39:49 +0200
Subject: [PATCH 2/3] MINOR: cache: Avoid usage of atoi() when parsing
"max-object-size".
With this patch we avoid parsing "max-object-size" with atoi() and
we store its value as an unsigned int to prevent bad implicit conversion issues
especially when we compare it with others unsigned value (content length).
---
include/proto/shctx.h | 3 ++-
include/types/shctx.h | 2 +-
src/cache.c | 22 +++---
src/shctx.c | 4 ++--
4 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/include/proto/shctx.h b/include/proto/shctx.h
index 594a81d5..9fc6fad8 100644
--- a/include/proto/shctx.h
+++ b/include/proto/shctx.h
@@ -32,7 +32,8 @@
#endif
int shctx_init(struct shared_context **orig_shctx,
- int maxblocks, int blocksize, int maxobjsz, int extra, int shared);
+ int maxblocks, int blocksize, unsigned int maxobjsz,
+ int extra, int shared);
struct shared_block *shctx_row_reserve_hot(struct shared_context *shctx,
struct shared_block *last, int data_len);
void shctx_row_inc_hot(struct shared_context *shctx, struct shared_block *first);
diff --git a/include/types/shctx.h b/include/types/shctx.h
index 53dca3f1..7d9d8c8a 100644
--- a/include/types/shctx.h
+++ b/include/types/shctx.h
@@ -40,7 +40,7 @@ struct shared_context {
struct list avail; /* list for active and free blocks */
struct list hot; /* list for locked blocks */
unsigned int nbav; /* number of available blocks */
- int max_obj_size; /* maximum object size. */
+ unsigned int max_obj_size; /* maximum object size (in bytes). */
void (*free_block)(struct shared_block *first, struct shared_block *block);
short int block_size;
unsigned char data[0];
diff --git a/src/cache.c b/src/cache.c
index 77986fb9..b9ac2d50 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -50,7 +50,7 @@ struct cache {
struct eb_root entries; /* head of cache entries based on keys */
unsigned int maxage; /* max-age */
unsigned int maxblocks;
- unsigned int maxobjsz;
Re: apache proxy pass rules in HAproxy
On Thu, Oct 25, 2018 at 6:31 PM Igor Cicimov
wrote:
>
>
> On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote:
>
>> so I almost got this to work, based on the situation I am in. To
>> elaborate just a bit, my setup involves a shibboleth SP that I need to
>> authenticate my application. Since I can't set up the HA proxy node with
>> shibboleth SP - I had to wrap my application in the backend with apache so
>> I can pass REMOTE_USER to the application. the application I have is -
>> jupyterhub and it start with its own proxy. Long story short, here is my
>> current setup:
>>
>> frontend
>>bind :80
>>bind :443 ssl crt /etc/haproxy/crsplab2_1.pem
>>stats uri /haproxy?stats
>>default_backend web1_cluster
>>option httplog
>>log global
>>#option dontlognull
>>log /dev/log local0 debug
>>mode http
>>option forwardfor # forward IP
>>http-request set-header X-Forwarded-Port %[dst_port]
>>http-request add-header X-Forwarded-Proto https if { ssl_fc }
>>redirect scheme https if !{ ssl_fc }
>>
>> acl host_web3 path_beg /jhub
>> use_backend web3_cluster if host_web3
>>
>> backend
>> server web1.oit.uci.edu 128.110.80.5:80 check
>>
>> this works for the most part. But I am confused with a problem. when I
>> get to my application, my backend IP address shows up in the browser URL.
>>
>> for example, I see this in my browser:
>>
>> http://128.110.80.5/jhub/user/itoufiqu/tree?
>>
>> whereas, I was expecting that it would show the original URL, such as:
>>
>> http://crsplab2.domain.com/jhub/user/itoufiqu/tree? ( where
>> crsplab2.domain.com is the URL to get HAproxy )
>>
>
> You need to tell your backend app that it runs behind reverse proxy with
> ssl termination and that it's domain/url is https://crsplab2.domain.com
> . How you do that
> depends on the backend app you are using but most of them like apache2,
> tomcat etc. have specific configs that you can find in their documentation.
> For example if your backend is apache2 I bet you don't have the DomainName
> set in the config in which case it defaults to the host ip address.
>
You can also try:
rspirep ^Location:\ http://(.*):80(.*) Location:\ https://
crsplab2.domain.com :443\2
if { ssl_fc }
to fix the URL but note that this will not save you from hard coded url's
in the returned html pages the way apache does.
>
>> While I am no expert in HA proxy world, I think this might due to the
>> fact that my backend does not have SSL and HAproxy frontend does have SSL.
>> At this point, I would avoid that IP address showing up in the browser.
>> what is the best way to accomplish this?
>>
>> thanks for your continues help!
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 23, 2018 at 8:35 AM Aleksandar Lazic
>> wrote:
>>
>>> Hi.
>>>
>>> Am 23.10.2018 um 09:04 schrieb Imam Toufique:
>>> > I am looking for some help on how to write the following apache
>>> proxypass rules
>>> > in HAproxy. Not to mention I am at a bit of loss with my first try
>>> :-) . Here
>>> > are my current proxypass rules:
>>> >
>>> > ProxyPass http://10.1.100.156:8000/jhub
>>> > ProxyPassReverse http://10.1.100.156:8000/jhub
>>>
>>> Well ProxyPass and ProxyPassReverse do a lot of thinks not just
>>> rewrites, as
>>> mentioned in the doc
>>>
>>> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
>>> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse
>>>
>>>
>>> > >> "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)">
>>> > ProxyPassMatch ws://10.1.100.156:8000/jhub/$1/$2$3
>>> > ProxyPassReverse ws://10.1.100.156:8000/jhub/$1/$2$3
>>> >
>>> >
>>> > As I am not well versed in the massive HAproxy configuration guide, if
>>> any of
>>> > you can give me a hand with this, I would very much appreciate it.
>>>
>>> I'm also not "that" expert but I would try the following, untested.
>>>
>>> ###
>>> defaults
>>> mode http
>>> log global
>>>
>>> #... maybe some other settings
>>> timeout tunnel 10h
>>>
>>> frontend https_001
>>>
>>> #... maybe some other settings
>>>
>>> acl websocket path_beg /jhub
>>>
>>> #... maybe some other acls
>>>
>>> use_backend websocket_001 if websocket
>>>
>>> backend websocket_001
>>>
>>> reqrep "^([^\ :]*)
>>> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
>>> "/jhub/\1/\2\3"
>>>
>>> # You will need to replace the first column with the response from the
>>> # backend response
>>> # rspirep "^Location:
>>> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)" "Location:
>>> /jhub/\1/\2\3"
>>> # OR
>>> # http-response replace-header Location
>>> "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
>>> "/jhub/\1/\2\3"
>>>
>>> # add some checks
>>>
>>> server ws_01 10.1.100.156:8000 check
>>> ###
>>>
>>> Here are some links which may help you also.
>>>
>>>
Re: apache proxy pass rules in HAproxy
On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote:
> so I almost got this to work, based on the situation I am in. To
> elaborate just a bit, my setup involves a shibboleth SP that I need to
> authenticate my application. Since I can't set up the HA proxy node with
> shibboleth SP - I had to wrap my application in the backend with apache so
> I can pass REMOTE_USER to the application. the application I have is -
> jupyterhub and it start with its own proxy. Long story short, here is my
> current setup:
>
> frontend
>bind :80
>bind :443 ssl crt /etc/haproxy/crsplab2_1.pem
>stats uri /haproxy?stats
>default_backend web1_cluster
>option httplog
>log global
>#option dontlognull
>log /dev/log local0 debug
>mode http
>option forwardfor # forward IP
>http-request set-header X-Forwarded-Port %[dst_port]
>http-request add-header X-Forwarded-Proto https if { ssl_fc }
>redirect scheme https if !{ ssl_fc }
>
> acl host_web3 path_beg /jhub
> use_backend web3_cluster if host_web3
>
> backend
> server web1.oit.uci.edu 128.110.80.5:80 check
>
> this works for the most part. But I am confused with a problem. when I
> get to my application, my backend IP address shows up in the browser URL.
>
> for example, I see this in my browser:
>
> http://128.110.80.5/jhub/user/itoufiqu/tree?
>
> whereas, I was expecting that it would show the original URL, such as:
>
> http://crsplab2.domain.com/jhub/user/itoufiqu/tree? ( where
> crsplab2.domain.com is the URL to get HAproxy )
>
You need to tell your backend app that it runs behind reverse proxy with
ssl termination and that it's domain/url is https://crsplab2.domain.com
. How you do that
depends on the backend app you are using but most of them like apache2,
tomcat etc. have specific configs that you can find in their documentation.
For example if your backend is apache2 I bet you don't have the DomainName
set in the config in which case it defaults to the host ip address.
> While I am no expert in HA proxy world, I think this might due to the fact
> that my backend does not have SSL and HAproxy frontend does have SSL. At
> this point, I would avoid that IP address showing up in the browser. what
> is the best way to accomplish this?
>
> thanks for your continues help!
>
>
>
>
>
>
> On Tue, Oct 23, 2018 at 8:35 AM Aleksandar Lazic
> wrote:
>
>> Hi.
>>
>> Am 23.10.2018 um 09:04 schrieb Imam Toufique:
>> > I am looking for some help on how to write the following apache
>> proxypass rules
>> > in HAproxy. Not to mention I am at a bit of loss with my first try :-)
>> . Here
>> > are my current proxypass rules:
>> >
>> > ProxyPass http://10.1.100.156:8000/jhub
>> > ProxyPassReverse http://10.1.100.156:8000/jhub
>>
>> Well ProxyPass and ProxyPassReverse do a lot of thinks not just rewrites,
>> as
>> mentioned in the doc
>>
>> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
>> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse
>>
>>
>> > > "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)">
>> > ProxyPassMatch ws://10.1.100.156:8000/jhub/$1/$2$3
>> > ProxyPassReverse ws://10.1.100.156:8000/jhub/$1/$2$3
>> >
>> >
>> > As I am not well versed in the massive HAproxy configuration guide, if
>> any of
>> > you can give me a hand with this, I would very much appreciate it.
>>
>> I'm also not "that" expert but I would try the following, untested.
>>
>> ###
>> defaults
>> mode http
>> log global
>>
>> #... maybe some other settings
>> timeout tunnel 10h
>>
>> frontend https_001
>>
>> #... maybe some other settings
>>
>> acl websocket path_beg /jhub
>>
>> #... maybe some other acls
>>
>> use_backend websocket_001 if websocket
>>
>> backend websocket_001
>>
>> reqrep "^([^\ :]*)
>> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
>> "/jhub/\1/\2\3"
>>
>> # You will need to replace the first column with the response from the
>> # backend response
>> # rspirep "^Location:
>> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)" "Location:
>> /jhub/\1/\2\3"
>> # OR
>> # http-response replace-header Location
>> "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
>> "/jhub/\1/\2\3"
>>
>> # add some checks
>>
>> server ws_01 10.1.100.156:8000 check
>> ###
>>
>> Here are some links which may help you also.
>>
>> https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/
>> https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-reqirep
>> https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-rspirep
>>
>> I would run haproxy in Debug mode and see how the request pass haproxy
>> and adopt
>> the config.
>>
>> It would be nice when you show us the working conf ;-)
>>
>> It would be nice to have a
>>
>> http-request replace-uri
>>
>> to replace the reqrep.
>>
>> > thanks
>>
>> Hth
>> Aleks
>>
>>
>
> --
> Regards,
> *Imam Toufique*
>
Re: apache proxy pass rules in HAproxy
so I almost got this to work, based on the situation I am in. To
elaborate just a bit, my setup involves a shibboleth SP that I need to
authenticate my application. Since I can't set up the HA proxy node with
shibboleth SP - I had to wrap my application in the backend with apache so
I can pass REMOTE_USER to the application. the application I have is -
jupyterhub and it start with its own proxy. Long story short, here is my
current setup:
frontend
bind :80
bind :443 ssl crt /etc/haproxy/crsplab2_1.pem
stats uri /haproxy?stats
default_backend web1_cluster
option httplog
log global
#option dontlognull
log /dev/log local0 debug
mode http
option forwardfor # forward IP
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
redirect scheme https if !{ ssl_fc }
acl host_web3 path_beg /jhub
use_backend web3_cluster if host_web3
backend
server web1.oit.uci.edu 128.110.80.5:80 check
this works for the most part. But I am confused with a problem. when I get
to my application, my backend IP address shows up in the browser URL.
for example, I see this in my browser:
http://128.110.80.5/jhub/user/itoufiqu/tree?
whereas, I was expecting that it would show the original URL, such as:
http://crsplab2.domain.com/jhub/user/itoufiqu/tree? ( where
crsplab2.domain.com is the URL to get HAproxy )
While I am no expert in HA proxy world, I think this might due to the fact
that my backend does not have SSL and HAproxy frontend does have SSL. At
this point, I would avoid that IP address showing up in the browser. what
is the best way to accomplish this?
thanks for your continues help!
On Tue, Oct 23, 2018 at 8:35 AM Aleksandar Lazic wrote:
> Hi.
>
> Am 23.10.2018 um 09:04 schrieb Imam Toufique:
> > I am looking for some help on how to write the following apache
> proxypass rules
> > in HAproxy. Not to mention I am at a bit of loss with my first try :-)
> . Here
> > are my current proxypass rules:
> >
> > ProxyPass http://10.1.100.156:8000/jhub
> > ProxyPassReverse http://10.1.100.156:8000/jhub
>
> Well ProxyPass and ProxyPassReverse do a lot of thinks not just rewrites,
> as
> mentioned in the doc
>
> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse
>
>
> > "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)">
> > ProxyPassMatch ws://10.1.100.156:8000/jhub/$1/$2$3
> > ProxyPassReverse ws://10.1.100.156:8000/jhub/$1/$2$3
> >
> >
> > As I am not well versed in the massive HAproxy configuration guide, if
> any of
> > you can give me a hand with this, I would very much appreciate it.
>
> I'm also not "that" expert but I would try the following, untested.
>
> ###
> defaults
> mode http
> log global
>
> #... maybe some other settings
> timeout tunnel 10h
>
> frontend https_001
>
> #... maybe some other settings
>
> acl websocket path_beg /jhub
>
> #... maybe some other acls
>
> use_backend websocket_001 if websocket
>
> backend websocket_001
>
> reqrep "^([^\ :]*)
> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
> "/jhub/\1/\2\3"
>
> # You will need to replace the first column with the response from the
> # backend response
> # rspirep "^Location:
> /jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)" "Location:
> /jhub/\1/\2\3"
> # OR
> # http-response replace-header Location
> "/jhub/(user/[^/]*)/(api/kernels/[^/]+/channels/websocket)(.*)"
> "/jhub/\1/\2\3"
>
> # add some checks
>
> server ws_01 10.1.100.156:8000 check
> ###
>
> Here are some links which may help you also.
>
> https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/
> https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-reqirep
> https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-rspirep
>
> I would run haproxy in Debug mode and see how the request pass haproxy and
> adopt
> the config.
>
> It would be nice when you show us the working conf ;-)
>
> It would be nice to have a
>
> http-request replace-uri
>
> to replace the reqrep.
>
> > thanks
>
> Hth
> Aleks
>
>
--
Regards,
*Imam Toufique*
*213-700-5485*
