Unsubscribe

2014-01-20 Thread James Bensley 
How do I unsubscribe from this mailing list?

I have emailed haproxy+unsubscr...@formilux.org with and without
unsubscribe in the subject but it hasn't worked.

Anyone know how?

Ta,
James.

Re: Performance tuning

2013-10-15 Thread James Bensley 
Hi,

All those options are related to the networking performance of the
Kernel, have you also considered memory options for the applications
(such as HAProxy) ?

https://www.kernel.org/doc/Documentation/sysctl/vm.txt

Cheers,
James.

1.5 Dev Becomes Stable?

2013-05-15 Thread James Bensley 
Hi All,

Does anyone know roughly (I know its hard to be specific with these
things) when 1.5 will become the latest stable version?

Whilst I understand this is a bit "how long is a peice of string", I
mean loosely; This year (2013) ? Q3 this year? Before then, Q2?

Cheers,
James.

Re: TCP Keepalives

2013-05-03 Thread James Bensley 
On 3 May 2013 17:28, Lukas Tribus  wrote:
> Hi James!
>
>
>> Are the docs refering to these timers?
>> http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html
>
> Correct.


Thanks Lukas, just wanted to check before I start trashing my test servers :)

Cheers,
James.

TCP Keepalives

2013-05-03 Thread James Bensley 
Hi All,

When setting TCP keep alive options like tcpka, clitcpka and srvtcpka
(https://code.google.com/p/haproxy-docs/wiki/tcpka)

Where are these controlled in the host? Are the docs refering to these timers?
http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html

Many thanks,
James.

Re: Monitor always returns HTTP 200

2013-05-03 Thread James Bensley 
On 3 May 2013 14:49, Lukas Tribus  wrote:
> Hi James,
>
>> I am packet capturing on a client (172.22.0.220, not in the monitor
>> subnet), browsing to the monitor uri (GET /oowahboh6eibooca) you can
>> see at 14:08:24 I get a response "200 OK". Then I refresh the page 2
>> seconds later at 14:08:26.215969 and at 14:08:26.217989 I get a 404
>> response.

I just tested this with Telnet and I always get 200 back so it must be
something odd with my browser or test machine etc. Ignore this :)

> You are running HAProxy 1.4.8, which is ancient. Please upgrade to
> 1.4.23 which contains a ton of bugfixes.

Received, roger!

Cheers,
James.

Re: Monitor always returns HTTP 200

2013-05-03 Thread James Bensley 
Hi Willy,

Thanks for clearing that up;

On 3 May 2013 12:28, Willy Tarreau  wrote:
> As explained in the doc, "monitor-net" unconditionally returns 200 to
> all connections coming from the specified network.
>
> If your request comes from another network, then "monitor fail" will
> apply to requests matching "monitor-uri". I must confess it's the first
> time I see the two mechanisms mixed and that's a bit confusing.

I did read the docs but bad sadly, "understanding fail"!

OK so now everything is working as expected; If I make a request from
a host in my monitor subnet I always receive HTTP 200 so that tells my
that HAProxy is running. Then from a host outside the monitor subnet
to the monitor URI I can see how many backends HAProxy sees (any less
than my configured 2 and it returns 503, which I have tested and is
working perfectly now thanks!).

One last point! :D
I have noticed that if I point a browse to my monitor URI (not in the
monitor subnet) when both my back ends are up I receive HTTP 200 OK
"HAProxy: service ready." However if I refresh this page any quicker
than about once a minute, it doesn't load? Check out this paste bin;
http://pastebin.com/raw.php?i=1xyNtcYq

I am packet capturing on a client (172.22.0.220, not in the monitor
subnet), browsing to the monitor uri  (GET /oowahboh6eibooca)  you can
see at 14:08:24 I get a response "200 OK". Then I refresh the page 2
seconds later at 14:08:26.215969 and at 14:08:26.217989 I get a 404
response. This doesn't really matter as I will only be checking every
5 minutes or so, but I thought I should mentioned it in case it's a
bug or I'm being silly again.

Cheers,
James.

Re: Monitor always returns HTTP 200

2013-05-03 Thread James Bensley 
Hi guys,

Thanks for the responses, my replies are below!

On 2 May 2013 17:48, Lukas Tribus  wrote:
>> I always receive a HTTP 200 response to my browser
>
> How do you know that?

tcpdump

> In what condition does this happen (when you have less than 2
> backends alive or even with 2 or more backends alive?)

With 2, 1, or 0 back ends alive (I have been adding iptables rules to
the Apache servers [there are two] one at a time so that haproxy
backend server checks fail, and I can see this reflected in the
haproxy log) .

>> default_backend http--servers
>> [...]
>> backend http-servers

> The config doesn't seem to match

That was just a typo from me copying the config into my original
email, sorry about that!

> Please post the output of haproxy -vv.

sudo haproxy -vv
HA-Proxy version 1.4.8 2010/06/16
Copyright 2000-2010 Willy Tarreau 

Build options :
  TARGET  = linux26
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g
  OPTIONS =

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes

Available polling systems :
 sepoll : pref=400,  test result OK
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 4 (4 usable), will use sepoll.



On 2 May 2013 22:39, Bryan Talbot  wrote:
> On Thu, May 2, 2013 at 8:55 AM, James Bensley  wrote:
>>
>> acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see
>> lee than 2 backend servers
>> monitor-uri /checkuri
>> monitor-net 172.22.0.0/24
>
> What's the address of the computer making the requests?  If it's in the
> 172.22.0.0/24 network, all responses for any URI will be 200 as long as
> "monitor fail" is false.

Ah! This was the information I was missing. I changed that to a /32
and tried from another machine and the behaviour is now more like what
I expected is seen. The other machine passes through haproxy to the
backends as it should, and requests to the monitor URL return 404,
which is what I wanted.

However I do still have another problem, I always get HTTP 200 from
the machine in "monitor-net". I can add an iptables rules on either of
my two Apache servers or both, to stop haproxy from contacting them
(which I can verify via tcpdump on Apache and tcpump on the haproxy
server. I can see it can't get past TCP syn because there is no
syn-ack back from the apache servers).

This first paste bin entry shows the haproxy server detecting the
first Apache server as down, I browse to my monitor uri and as you can
see from the tcpdump output, I get HTTP 200 back:
http://pastebin.com/raw.php?i=va57gf0K

In this second paste bin entry I have added the log line from haproxy
after adding a drop rule to the second Apache server iptables config,
you can see here that haproxy can now see neither Apache server. yet I
still get HTTP 200; http://pastebin.com/raw.php?i=bPcNP8kH

If anyone can shed any light on this I would be very grateful.

Cheers,
James.

Monitor always returns HTTP 200

2013-05-02 Thread James Bensley 
Hi all,

I have configured haproxy using the below configuration. No matter
what URL I browser to I always receive a HTTP 200 response to my
browser. If I comment out the ACL and three monitor lines from the
frontend configuration, normal behaviour is resumed. I have that gut
feeling that I have done something obviously wrong, but I can't spot
it :)

Where am I going wrong with this? I assume that haproxy captures
requests to /checkuri and sends back HTTP 200 when at least 2 back end
servers are up (which they are, I can see the requests coming into
them) and 503 when one or more is down. Otherwise, all other requests
are passed directly to the back end servers. It seems to be
intercepting whatever URI I request via GET and returns HTTP 200 OK,
nothing reaches the back end servers when the monitor URI is
configured.

frontend monitor-http-servers

bind 1.2.3.4:80

acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see
lee than 2 backend servers
monitor-uri /checkuri
monitor-net 172.22.0.0/24
monitor fail if backend_down

default_backend http--servers

backend http-servers

cookie cook insert
option persist
option redispatch
server  cook1 192.168.0.1:80 cookie c1 check inter 2000 rise 3 fall 3
server  cook2 192.168.0.2:80 cookie c2 check inter 2000 rise 3 fall 3
balance roundrobin



Cheers,
James.

Re: Balance Roundrobin vs Balance Source

2013-04-27 Thread James Bensley 
On 18 April 2013 21:13,   wrote:
>  balance roundrobin
>   cookie SERVERID insert indirect nocache
>   server server01 xxx.xxx.xxx.:8081 check cookie s1
>   server server02 xxx.xxx..xxx:8081 check cookie s2

Presumably you want this to be "balance source" though anyway. If you
have a client which doesn't accept cookies, they will be balanced in a
round robin style for every request they make, so "balance source"
give a kind of stickiness for clients that don't allow/support
cookies?

Cheers,
James.

Re: Two HAProxy instances with a shared IP

2013-04-13 Thread James Bensley 
Hi Phil,

I have just been through this exact exercise. I have just posted my
results to the Pound Proxy mailing list (so sorry to anyone that is a
subscriber there, here is comes again!). This is the post I just sent,
keepalived is so simple and I have it working with Pound and HAProxy;

Hi All,

Thanks for all your responses!

I have successfully implemented this now using keepalived. I would
thoroughly recommend this to anyone looking for IP failover, is really
easy to do. Download & compile which is as easy as;

wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
gunzip keepalived-1.2.7.tar.gz
tar -xf keepalived-1.2.7.tar
cd keepalived-1.2.7/
sudo apt-get install libpopt-dev snmp snmpd libnl1 libnl-dev
libssl-dev make libsnmp-dev
./configure --enable-snmp
make
sudo make install

Then the following basic config will get you up and running with a basic set up;

vrrp_instance pound_ips {
state MASTER
interface eth1
virtual_router_id 10
priority 100
advert_int 1
nopreempt
virtual_ipaddress {
192.168.0.250
}
authentication {
auth_type PASS
auth_pass bxUcbz52FE38
}
}

That reall is the bare minimum which will get you up and running. I
made some notes here;
http://null.53bits.co.uk/index.php?page=keepalived

Cheers to all,
James.

On 8 April 2013 14:36, Phil Daws  wrote:
> Hello,
>
> am making my first foray into setting up a test lab to play around with 
> HAProxy.  Ideally I am hoping to build an environment which consists of two 
> HAProxy nodes that share an IP address, and each node then offloads HTTP 
> connections to two backend web servers. Basically build a meshed architecture 
> for no single point of failure.  It looks like the best route would be to use 
> Wackamole and Spread for the shared IP address.  Am building on CentOS 6.4 so 
> would be grateful for your thoughts on this setup or whether there is a more 
> appropriate one.  If all works well then hopefully can start to look at LB/HA 
> for other services.
>
> Many thanks,
>

Re: HAProxy isn't balancing/distributing 127.0.0.1 requests

2013-01-24 Thread James Bensley 
On 24 January 2013 11:34, Chris Sarginson  wrote:
> Change:
> balance source
>
> to
>
> balance roundrobin
>
> This will allow haproxy to send each new request to a different server, and
> then maintain sessions by tracking the appsession cookie you are inserting.
>
> Chris

What an absolute plonker I have been, this works as expected :)

Thanks Chris (and Baptiste and Unai!)

Re: HAProxy isn't balancing/distributing 127.0.0.1 requests

2013-01-24 Thread James Bensley 
Woops! Sorry guys,

Cheers,
James

global
log 127.0.0.1 local0
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin

defaults
log global
modehttp
option  httplog
option  dontlognull
retries 3
maxconn 1
contimeout  5000
clitimeout  5
srvtimeout  5

listen  https-servers   127.0.0.1:80

cookie appserver insert
option persist
option redispatch

server appserver1 10.0.0.1:80 cookie server1 check inter 2000 rise 3 
fall 3
server appserver2 10.0.0.2:80 cookie server2 check inter 2000 rise 3 
fall 3

balance source

listen  http-servers public.ip:80

cookie appserver insert
option persist
option redispatch

server  appserver1 10.0.0.1:80 cookie server1 check inter 2000
rise 3 fall 3
server  appserver2 10.0.0.2:80 cookie server2 check inter 2000
rise 3 fall 3

balance source

HAProxy isn't balancing/distributing 127.0.0.1 requests

2013-01-24 Thread James Bensley 
Hi All,

I have Pound Proxy and HAProxy on the same box; HTTPS requests come
into Pound, Pound then passes them using plan text HTTP to HAProxy
listening on 127.0.0.1, HAProxy then balances the connections across
the back end servers. Plain text HTTP requests that come into the box
and go strait to HAProxy, no Pound, I am just suing Pound for some
HTTPS shenanigans.

I can see in my logs that all requests from 127.0.0.1 (so HTTPS
requests via Pound) are always sent to the same back end server
(server2). HTTP requests that come from all different IPs directly
into HAProxy are being balanced over back end server1 and server2. I
assume this is possibly because 127.0.0.1 always passes through the
balancing hash algorithm (or whatever HAProxy uses) and comes out with
the same value each time.

Is there anything I can do about this?

Kind regards,
James.

Re: Tactics for load balancing all connections

2013-01-22 Thread James Bensley 
On 18 January 2013 00:03, Unai Rodriguez  wrote:
> Yes that works in the way I mentioned (cookies then source IP)

Thanks very much for the info Unai!

Cheers,
James.

Re: Tactics for load balancing all connections

2013-01-17 Thread James Bensley 
On 17 January 2013 12:39, Jonathan Matthews  wrote:
> From the fine documentation:
>
> ---
>   appsession
>
> The "otherwise" caveat sounds like what you're looking for.

Thanks for the info Jonathan.

I am aware of the appsession feature, however when I trialled it I
could get it to evenly distribute the traffic.

Under my current configuration which I previously posted, I think
there is a very uneven distribution of traffic to the two back-end
servers. I need to look through the logs and confirm what the ratio
is, but just looking at the graphs for network traffic, CPU load and
memory usage; One back-end server is using much more than the other.

Cheers,
James.

Re: Tactics for load balancing all connections

2013-01-17 Thread James Bensley 
Hi Unai,

Well that is what I have in the configuration, as I included in my
first email, but will this actually work? Does HAProxy support listing
more than one mechanism at once? If so, is there some sort of priority
list on which I can see the order they are used in?

Many thanks,
James.

Tactics for load balancing all connections

2013-01-17 Thread James Bensley 
Howdy All,

I wondered if anyone could entertain me with some ideas and thoughts
on being able to load balance all connections that pass through
HAProxy, perhaps by using more that one method, to "catch all"
connections (I have a single box set up in mind which is troubling
me). I have placed a snippet of the config below. We are inserting a
cooking to the request, either s1 for server1 or s2 for server2 so
that customers are having sticky sessions with the web servers. For
customers that don't support cookies, the servers redirect the user to
a different URL that carries the session ID in the URL all throughout
the session (an SSL session is terminated in front of HAProxy, so
HAProxy is HTTP only below).In the cookie-less scenario we would like
to use source IP based balancing; whilst this isn't the most even
distribution of traffic, it will be a minority of traffic.

So, can I enable two balancing techniques? Is there a way of having
priority based balancing so cookies are preferred, failing that,
source IP? If not, what do others do if you want to use balancing
method A, but some clients might not fit into the criteria for that?

Cheers,
James.

global
log 127.0.0.1   local0 notice info
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin

defaults
log global
modehttp
option  httplog
option  dontlognull
retries 3
maxconn 1
contimeout  5000
clitimeout  5
srvtimeout  5

listen  https-iis-servers   127.0.0.1:80

cookie apps insert
option persist
option redispatch

# Active WebApp servers
server  server1 192.168.1.1:80 cookie s1 check inter 2000 rise 3 fall 3
server  server2 192.168.1.2:80 cookie s2 check inter 2000 rise 3 fall 3

balance source

Re: Issue with HAProxy - Potential time out but no error

2012-11-15 Thread James Bensley 
You were absolutely right sir,

I was being a fool and overlooking the answer staring me right in the face.

Cheers,
James.

Issue with HAProxy - Potential time out but no error

2012-11-12 Thread James Bensley 
Hi all,

I am having an issue on a load-balancer running Pound and HAProxy. I
believe the error is with HAProxy but it doesn't give an error.

Pound sits in front of HAProxy (on the same box) to perform SSL
off-load. Requests are passed to 127.0.0.1:80 where HAProxy then
balances the requests across backend servers for a hosted ASP .NET web
app.

A user is getting HTTP error 500 (Internal Server Error) returned to
their browser this morning and I can see it is comming from Pound.
They see no log entry in their web app (IIS) server logs, so its not
hitting the back end servers. I think the problem is possibly with
HAProxy.

Lets review the logs:

Initialy the users (1.2.3.4) hits Pound on the load balancer:

Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - -
[12/Nov/2012:10:02:23 +] "POST
/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d
HTTP/1.1" 200 155721
"https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d";
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like
Gecko) Chrome/22.0.1229.96 Safari/537.4"

Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - -
[12/Nov/2012:10:02:24 +] "GET
/Controls/ReferringOrganisationLogoImageHandler.ashx HTTP/1.1" 200 142
"https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d";
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like
Gecko) Chrome/22.0.1229.96 Safari/537.4"

Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - -
[12/Nov/2012:10:02:24 +] "GET
/eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWVCO_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092&__ac_ssid=
HTTP/1.1" 200 11206
"https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d";
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like
Gecko) Chrome/22.0.1229.96 Safari/537.4"

Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - -
[12/Nov/2012:10:02:24 +] "GET
/eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWCCIL_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092
HTTP/1.1" 200 43496
"https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d";
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like
Gecko) Chrome/22.0.1229.96 Safari/537.4"

Nov 12 10:02:42 lb1 pound: (7f819fff8700) e500 for 1.2.3.4
response error read from 127.0.0.1:80/POST
/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d
HTTP/1.1: Connection timed out (15.121 secs)

Above we can see the request coming in from the user at IP address
1.2.3.4, eventually Pound returns error 500 with the message
"Connection timed out (15.121 secs)".

Running HAProxy in debug mode, we can see the request come in;

user@box:/var/log$ sudo /etc/init.d/haproxy restart
Restarting haproxy: haproxy[WARNING] 316/100042 (19218) : 
mode incompatible with  and . Keeping  only.
Available polling systems :
 sepoll : pref=400,  test result OK
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 4 (4 usable), will use sepoll.
Using sepoll() as the polling mechanism.
...
0008:iis-servers.srvrep[0008:0009]: HTTP/1.1 200 OK
0008:iis-servers.srvhdr[0008:0009]: Cache-Control: private
0008:iis-servers.srvhdr[0008:0009]: Pragma: no-cache
0008:iis-servers.srvhdr[0008:0009]: Content-Length: 22211
0008:iis-servers.srvhdr[0008:0009]: Content-Type: text/plain;
charset=utf-8
0008:iis-servers.srvhdr[0008:0009]: Server: Microsoft-IIS/7.0
0008:iis-servers.srvhdr[0008:0009]: X-AspNet-Version: 2.0.50727
0008:iis-servers.srvhdr[0008:0009]: X-Powered-By: ASP.NET
0008:iis-servers.srvhdr[0008:0009]: Date: Mon, 12 Nov 2012 10:01:25 GMT
0009:iis-servers.accept(0004)=000a from [127.0.0.1:53556]
0009:iis-servers.clireq[000a:]: GET /Logoff.aspx HTTP/1.1
0009:iis-servers.clihdr[000a:]: Host: a-website.com
0009:iis-servers.clihdr[000a:]: Connection: keep-alive
0009:iis-servers.clihdr[000a:]: User-Agent: Mozilla/5.0
(Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko)
Chrome/22.0.1229.96 Safari/537.4
0009:iis-servers.clihdr[000a:]: Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
0009:iis-servers.clihdr[000a:]: Referer:
https://a-website.com/eventmanagement/eventmanagement.aspx
0009:iis-servers.clihdr[000a:]: Accept-Encoding: gzip,deflate,sdch
0009:iis-servers.clihdr[000a:]: Accept-Language:
en-GB,en;q=0.8,it;q=0.6
000