bytes_sent?
The HTTP Log Format tracks bytes_read, which appears to be the number of bytes in the HTTP response send from the backend to the requesting client. https://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat I feel also that bytes_sent may be an interesting field to track. For example: An Image upload site may care a lot more about image uploads to their servers than downloads. (esp for an upload backend pool) Checking the ratio of bytes_read vs bytes_sent also provides interesting insight in to how an application is performing. Is there anyway I can lobby to get bytes_sent added to future revisions of the HTTP Log format? Is there any other method to collect this info? The stats page is already collecting Bytes in and Bytes out, but I'm missing it in the log format, so I can't look at it on a per-request level. Thanks, Joel
Re: HAproxy tproxy problem when try to make transparent proxy
Hello, L. Alberto Giménez ha scritto: Please check that: * You have the tproxy enabled in your kernel * You have haproxy compiled with tproxy support Your backend servers *can't* see the clients directly (i.e., they have the haproxy box as default gateway and *no other* gateways). The same for the clients (not mandatory, but if they can see the servers, it may cause trouble). Like I wrote before, I use ubuntu server 9.10, with kernel 2.6.31 and iptables 1.4.4, so with built-in tproxy support (if I'm not wrong). And I compiled Haproxy by hands with correct parameters I think... lsmod [...] nf_tproxy_core24281 xt_socket, [...] haproxy -vv HA-Proxy version 1.4.2 2010/03/17 Copyright 2000-2010 Willy Tarreau Build options : TARGET = linux26 CPU = i686 CC = gcc CFLAGS = -O2 -march=i686 -g OPTIONS = USE_LINUX_TPROXY=1 USE_STATIC_PCRE=1 [...] The client can't see directly the backend server. ping -c 1 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. From 192.168.1.2 icmp_seq=1 Destination Host Unreachable --- 192.168.0.2 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms The backend server can't see the clients directly. ping -c 1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. *From 192.168.1.21 icmp_seq=1 Destination Host Unreachable* (not From 192.168.0.2 like expected) --- 192.168.1.2 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms So, incredible.. I find the trick.. Alberto, you save my mind.. :-) In backend server I have 2nd ethernet card configured with 192.168.1.21. The cable is out but I forget to disable it (how I'm chicken..).. So everytime the backend try to access to client from this route. Many times errors are in the most simple things. Thanks, thank you very much.. Really! Daniele Hi all, perhaps there is hope for me too ... I have HAProxy running on 192.168.1.101, with this configuration: ... backend test mode http source 0.0.0.0 usesrc clientip server serv1 192.168.4.41 frontend test mode http bind 192.168.1.101:8090 default_backend test the HAProxy is from 1.5-dev6, build with TARGET=linux26 USE_LINUX_TPROXY=1, kernel is 2.6.26-2-amd64 The server is in my vmware player, debian 6 kernel 2.6.32-5-686). By default, player is bridged and dhcp assings it ip 192.168.1.28 (host xp is 192.168.1.62), and default gateway is 192.168.1.2 So manually change ip address on server (eth0, no other cards) to 192.168.4.41 255.255.0.0, and set default gateway to be 192.168.1.101 (the HAProxy machine). On HAProxy I have done routing commands as Daniele did. And I still get 503. What have I done wrong? Is there any known issue if SERVER is in virtual machine? --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,120994,707061#msg-707061
Re: Selective logging
Hi Willy, I've dug the mailing list and found this, which would so come in handy for me right now. Any updates on this, are you still considering its implementation? Your proposed solution log disable if acl would work just fine, or even no log if acl. Thanks, Pedro. On 9 Jul 2009, at 05:54, Willy Tarreau w...@1wt.eu wrote: Hi, On Tue, Jul 07, 2009 at 05:41:40PM +0100, Alex Forrow wrote: Hi, We have been using HAProxy very successfully on a busy website for a while now, sending all logs via syslog to a separate server. A single frontend is used to serve all public requests, and currently logs everything. We would like to just log requests for dynamic pages, is it possible to have HAProxy selectively log requests, either based on an acl, or ideally, backend? No, unfortunately it's not possible right now, and since the logs are configured in the frontend, you cannot even use the backend to make a difference. I think that the simplest solution would be to implement something like log disable if acl which would work both in the frontend and in the backend. I understand your requirement and in my opinion it really makes sense to log only dynamic pages. I'm adding that on the TODO list. Regards, Willy
Re: stick-table and URL
i was able to generate in the server the cookie (SERVERID) and i can pass it i also altered the line cookie SERVERID insert indirect nocache to cookie SERVERID and also try without the line however it is not working curl header: Set-Cookie: SERVERID=memtom1 is it possible to see the stick table content? -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime. On Mon, May 13, 2013 at 10:01 PM, Baptiste bed...@gmail.com wrote: Hi Rui, This is normal: HAProxy can't store in a stick table headers it has itself setup. So the line stick store-response set-cookie(SERVERID) table webservers_backend will work only if the server set-up the cookie. If you manage your server to setup this cookie, it may work with the configuration below: stick store-response set-cookie(SERVERID) table webservers_backend stick on cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend HAProxy will first try to collect stickiness information from the Cookie. If it can't find it, then it will look for the information in the url parameter. Baptiste On Mon, May 13, 2013 at 6:47 PM, Rui Luís rui.l...@gmail.com wrote: Good day. For a few days i am trying to use stick-table with cookies and url parameters because flash does not support cookies i have the following configuration: backend webservers_backend cookie SERVERID insert indirect nocache stick-table type string len 40 size 20k stick store-response set-cookie(SERVERID) table webservers_backend stick on url_param(SERVERID) table webservers_backend server memtom1 ip1 check inter 5000 cookie memtom1 server memtom2 ip2 check inter 5000 cookie memtom2 i also try other configurations.. however it does not work.. the call from flash.. getConfig?val1=xcv93ec9SERVERID=memtom2;%20path=/ i also try getConfig?val1=xcv93ec9SERVERID=memtom2 but it does not work for both.. I am entering a dead lock... -- Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime.
1.5 Dev Becomes Stable?
Hi All, Does anyone know roughly (I know its hard to be specific with these things) when 1.5 will become the latest stable version? Whilst I understand this is a bit how long is a peice of string, I mean loosely; This year (2013) ? Q3 this year? Before then, Q2? Cheers, James.
Re: bytes_sent?
This is already present in haproxy 1.5. 1.5 has a `log-format` parameter which lets you specify a custom format. The format has a `%U` parameter which is the number of bytes sent by the client. -Patrick On 2013/15/05 02:23, Joel Krauska wrote: The HTTP Log Format tracks bytes_read, which appears to be the number of bytes in the HTTP response send from the backend to the requesting client. https://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat I feel also that bytes_sent may be an interesting field to track. For example: An Image upload site may care a lot more about image uploads to their servers than downloads. (esp for an upload backend pool) Checking the ratio of bytes_read vs bytes_sent also provides interesting insight in to how an application is performing. Is there anyway I can lobby to get bytes_sent added to future revisions of the HTTP Log format? Is there any other method to collect this info? The stats page is already collecting Bytes in and Bytes out, but I'm missing it in the log format, so I can't look at it on a per-request level. Thanks, Joel
Re: Websockets and RTMP
The following config doesn't direct secure websocket connections to the backend. What am I doing wrong? global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghostlocal0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy daemon #debug #quiet defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 5 srvtimeout 5 frontend port443 bind :443 mode tcp clitimeout 65000 tcp-request inspect-delay 5s acl traffic_is_ssl req_ssl_ver gt 0 acl enough_non_ssl_bytes req_len ge 22 tcp-request content accept if traffic_is_ssl # accept SSL tcp-request content accept if enough_non_ssl_bytes # accept non-SSL use_backend ssl_backend if traffic_is_ssl default_backend rtmp_backend backend ssl_backend srvtimeout 65000 server nginx_server 127.0.0.1:4443 backend rtmp_backend srvtimeout 65000 server rtmp_server 127.0.0.1:1935 I also tried much simpler config but I still can't connect: frontend port443 bind :443 mode tcp default_backend ssl_backend backend ssl_backend srvtimeout 65000 server nginx_server 127.0.0.1:4443 On Tue, May 14, 2013 at 2:16 PM, pablo platt pablo.pl...@gmail.com wrote: Is my config reasonable? On Sun, May 12, 2013 at 6:14 PM, Jonathan Matthews cont...@jpluscplusm.com wrote: On 12 May 2013 10:03, pablo platt pablo.pl...@gmail.com wrote: Can you please explain how to use ssl_fc? I couldn't find it in the configuration docs. Please see below the global and defaults sections which I get when installing the haproxy-1.4.18 deb package on ubuntu 12.04 ssl_fc is only in HAProxy 1.5. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html
Haproxy SSL Termination question
Hi Everyone, I am in need of a little help, currently I need to send traffic to a haproxy setup and terminate the SSL certificate there, which I have working, but until I can get a backend application changed from redirecting when it gets the https request to a login page, is there any way I can connect to the backend server(s) over port 443 so it fakes it to the server and the page redirection continues to work? At least until we can get the code updated to use say port 8443 on the server instead of 443? Just curious and thought I would ask the experts out there. :-) Thanks in advance. Joe
Re: Haproxy SSL Termination question
Hi Joe, Sounds like you need the 'ssl' option for your backend server. This option enables SSL ciphering on outgoing connections to the server. Just below the source option: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5-source (#5-ssl goes to wrong part of the help.. for 'bind' instead of 'server') Op 15-5-2013 23:14, Joseph Hardeman schreef: Hi Everyone, I am in need of a little help, currently I need to send traffic to a haproxy setup and terminate the SSL certificate there, which I have working, but until I can get a backend application changed from redirecting when it gets the https request to a login page, is there any way I can connect to the backend server(s) over port 443 so it fakes it to the server and the page redirection continues to work? At least until we can get the code updated to use say port 8443 on the server instead of 443? Just curious and thought I would ask the experts out there. :-) Thanks in advance. Joe
HAProxy and MySQL failover
Hi, We are using HAProxy to check for MySQL availability and failing over to a slave. Is it possible to stop HAProxy going back to the master once it is up? We want that to happen after manual intervention. Regards, Jayadevan DISCLAIMER: The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect.