load balance https with routing traffic rules
Hello Our problem is about we need balance https with some filter or matching layer4 that can help you to redirect the incoming web service transactions for the port 443 (https) of the different servers with different applications, we have tried with /acl src/ and /rdp_cookie/ but we don't have the expected results. The problem is that https require mode tcp but that setting TCP mode meant we wouldn't have access to certain ACL information, like the domain name on the incoming request, in order to know how to route traffic? our idea is some like this: frontend xx:443 mode tcp acl firt_webpage xxx filter acl second_webpage xxx filter acl nwebpage xxx filter use_backend fwp if firt_webpage use_backend swp if second_webpage ... use_backend nwp if n_webpage backend fwp server fwpSSL xxx:443 backend swp server swpSSL xxx:443 ... ... backend nwp server nwpSSL xxx:443 -- Cordialmente, Gustavo A. Jiménez Correa Infrastructure Manager Web: www.aplicaciones.com.co Bogotá, Colombia Si tiene alguna felicitación, petición o reclamo, envíe por favor un correo a servicioalclie...@aplicaciones.com.co mailto:servicioalclie...@aplicaciones.com.co El contenido de este correo y/o sus anexos es de carácter confidencial y para uso exclusivo de la persona natural o jurídica, a la que se encuentra dirigido. Si usted no es su destinatario intencional, por favor, devuélvalo de inmediato y elimine el documento y sus anexos. Cualquier retención, copia, reproducción, difusión, distribución y, en general, cualquier uso indebido, es prohibido y penalizado por la Ley. Aplicaciones S.A. manifiesta que los anexos han sido revisados y estima que se encuentran sin virus, pero quien los reciba, se hace responsable de las pérdidas o daños que su uso pueda causar.
Custom log message when text matches
I've been looking around for the answer to this question, but so far I've turned up nothing. Can I have haproxy (currently 1.5-dev3) spit out a custom log message, preferably at a custom level, when certain text is found in a request? I need to do this because the text I'm looking for will be beyond the 1024 character cutoff in the normal syslog. Thanks, Shawn
outage backend for haproxy
Here is snippet from my haproxy config file. Two backends, one for and outage page and one for the cdn. listen http-pool 0.0.0.0:80 mode http balance roundrobin option httpclose stats uri /haproxy-status acl is_outage always_true use_backend outage if is_outage default_backend cdn backend outage mode http reqirep ^Host:\ haproxy-host-01 Host:\ foo.s3-website-us-east-1.amazon.com server s3 foo.s3-website-us-east-1.amazon.com backend cdn mode http server s3 10.10.222.175:8555 check inter 3000 rise 2 fall 3 maxconn 10 server s3 10.10.222.209:8555 check inter 3000 rise 2 fall 3 maxconn 10 In my test client if I enter haproxy-host -01, the client is served content from the s3 bucket in amazon. Yeah! But it I enter, haproxy-host-01/foo/bar/gore, then I get an error. Is there something I can add to to the backend to make sure I land on the outage page at the correct location? I am assuming that /foo/bar/gore is passed on to amazon. Trying various incantations of reqirep, no joy. -- Regs -Tiz
Re: load balance https with routing traffic rules
Hi, As you said, since your traffic is encrypted, haproxy can't dig into http protocol, so you must you tcp mode to load balance https. If you want to take advantage of all the smart stuff in Haproxy about http, you must decrypt the traffic before it's forwarded to haproxy (using pound, stunnel, nginx or whatever). I hope this helps. cheers 2011/5/26 Gustavo Jiménez gustavo.jime...@aplicaciones.com.co: Hello Our problem is about we need balance https with some filter or matching layer4 that can help you to redirect the incoming web service transactions for the port 443 (https) of the different servers with different applications, we have tried with acl src and rdp_cookie but we don't have the expected results. The problem is that https require mode tcp but that setting TCP mode meant we wouldn't have access to certain ACL information, like the domain name on the incoming request, in order to know how to route traffic? our idea is some like this: frontend xx:443 mode tcp acl firt_webpage xxx filter acl second_webpage xxx filter acl nwebpage xxx filter use_backend fwp if firt_webpage use_backend swp if second_webpage ... use_backend nwp if n_webpage backend fwp server fwpSSL xxx:443 backend swp server swpSSL xxx:443 ... ... backend nwp server nwpSSL xxx:443 -- Cordialmente, Gustavo A. Jiménez Correa Infrastructure Manager Web: www.aplicaciones.com.co Bogotá, Colombia Si tiene alguna felicitación, petición o reclamo, envíe por favor un correo a servicioalclie...@aplicaciones.com.co El contenido de este correo y/o sus anexos es de carácter confidencial y para uso exclusivo de la persona natural o jurídica, a la que se encuentra dirigido. Si usted no es su destinatario intencional, por favor, devuélvalo de inmediato y elimine el documento y sus anexos. Cualquier retención, copia, reproducción, difusión, distribución y, en general, cualquier uso indebido, es prohibido y penalizado por la Ley. Aplicaciones S.A. manifiesta que los anexos han sido revisados y estima que se encuentran sin virus, pero quien los reciba, se hace responsable de las pérdidas o daños que su uso pueda causar.