Re: hundreds of backends, one for each client

2012-10-14 Thread Willy Tarreau 
Hi Jones,

On Sat, Oct 13, 2012 at 06:48:11PM -0700, Allteams Jones wrote:
 Hi,
 
 I'm trying to find the best way to proxy a few thousand TCP clients and make
 sure each one connects to their own backend server. Essentially I have a few
 hundred DB servers and each one of them belongs to a single client. I want to
 have a single HAProxy server and based on the destination TCP port, use the
 appropriate backend. Those connections need to be persistent and security is
 not an issue (DB authenticates client). What is the best way to go about
 this? Should I define a few thousand ACLs or define a separate section for
 each port-DB mapping?

What you describe sounds exactly like the simplest relaying configuration :
  - defaults section for all common settings (mode tcp, timeouts, ...)
  - one listen section with bind for the listening port and server
for the server, per client.

It also has the benefit of being more debuggable and observable (eg: think
about the stats).

Hoping this helps,
Willy

Re: HAProxy sometimes selects wrong acl

2012-10-14 Thread Vivek Malik 
Oops. I read your email wrong. Re-reading your email. I see that you are
having problem with haproxy + long polling and websockets.

There was a discussion earlier in this thread on websockets breaking http
protocol (See http://marc.info/?l=haproxym=127803250504340w=2. Also see
http://stackoverflow.com/questions/4360221/haproxy-websocket-disconnection)

For Comet (long polling), haproxy might be closing the connection due to
server timeout.

I personally use websockets and comets by connecting client directly to the
backend server for websocket and comet connections bypassing the load
balancer all together. However, there might be better ways to do it which I
am not aware of.

Regards,
Vivek

On Sun, Oct 14, 2012 at 7:46 PM, Vivek Malik vivek.ma...@gmail.com wrote:

 I am not sure of how mikrokit could be having problems with
 http-server-close. http-server-close only affects the haproxy - backend
 connection, so it hidden from any front end.

 Having said that, I can think of one way to do http-server-close for
 specific conditions. It might not be the best method, but here it is.

 option http-server-close can be specified in backend. So, you can have a
 normal backend with http-server-close enabled and a mikrotik backend with
 http-server-close disabled. You can then use acl to choose the backend
 depending on http headers.

 Regards,
 Vivek

 On Sun, Oct 14, 2012 at 4:05 PM, Milan Babuskov 
 milan.babus...@gmail.comwrote:

 On Fri, Oct 12, 2012 at 4:51 PM, Vivek Malik vivek.ma...@gmail.com
 wrote:
  Yes, option http-server-close would make haproxy run acls for every
 request.
  It will also enable keep-alive between client (or proxy) and haproxy.

 Thanks, this fixed to problem for Mikrotik users, but now I have
 problems with Safari users who cannot establish websockets or
 xhr-polling connections anymore :(

 So, I reverted to old config and have a new question. Is it possible
 to activate http-server-close option only for Mikrotik users? I read
 the docs, but appears I can only access http headers withing acls for
 frontend selection?

 I would like to achieve something like:

 option http-server-close WHEN http headers CONTAIN Mikrotik

 Thanks,

 --
 Milan Babuskov
 http://www.guacosoft.com