Unsubscribe
How do I unsubscribe from this mailing list? I have emailed haproxy+unsubscr...@formilux.org with and without unsubscribe in the subject but it hasn't worked. Anyone know how? Ta, James.
Re: Performance tuning
Hi, All those options are related to the networking performance of the Kernel, have you also considered memory options for the applications (such as HAProxy) ? https://www.kernel.org/doc/Documentation/sysctl/vm.txt Cheers, James.
1.5 Dev Becomes Stable?
Hi All, Does anyone know roughly (I know its hard to be specific with these things) when 1.5 will become the latest stable version? Whilst I understand this is a bit "how long is a peice of string", I mean loosely; This year (2013) ? Q3 this year? Before then, Q2? Cheers, James.
Re: TCP Keepalives
On 3 May 2013 17:28, Lukas Tribus wrote: > Hi James! > > >> Are the docs refering to these timers? >> http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html > > Correct. Thanks Lukas, just wanted to check before I start trashing my test servers :) Cheers, James.
TCP Keepalives
Hi All, When setting TCP keep alive options like tcpka, clitcpka and srvtcpka (https://code.google.com/p/haproxy-docs/wiki/tcpka) Where are these controlled in the host? Are the docs refering to these timers? http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html Many thanks, James.
Re: Monitor always returns HTTP 200
On 3 May 2013 14:49, Lukas Tribus wrote: > Hi James, > >> I am packet capturing on a client (172.22.0.220, not in the monitor >> subnet), browsing to the monitor uri (GET /oowahboh6eibooca) you can >> see at 14:08:24 I get a response "200 OK". Then I refresh the page 2 >> seconds later at 14:08:26.215969 and at 14:08:26.217989 I get a 404 >> response. I just tested this with Telnet and I always get 200 back so it must be something odd with my browser or test machine etc. Ignore this :) > You are running HAProxy 1.4.8, which is ancient. Please upgrade to > 1.4.23 which contains a ton of bugfixes. Received, roger! Cheers, James.
Re: Monitor always returns HTTP 200
Hi Willy, Thanks for clearing that up; On 3 May 2013 12:28, Willy Tarreau wrote: > As explained in the doc, "monitor-net" unconditionally returns 200 to > all connections coming from the specified network. > > If your request comes from another network, then "monitor fail" will > apply to requests matching "monitor-uri". I must confess it's the first > time I see the two mechanisms mixed and that's a bit confusing. I did read the docs but bad sadly, "understanding fail"! OK so now everything is working as expected; If I make a request from a host in my monitor subnet I always receive HTTP 200 so that tells my that HAProxy is running. Then from a host outside the monitor subnet to the monitor URI I can see how many backends HAProxy sees (any less than my configured 2 and it returns 503, which I have tested and is working perfectly now thanks!). One last point! :D I have noticed that if I point a browse to my monitor URI (not in the monitor subnet) when both my back ends are up I receive HTTP 200 OK "HAProxy: service ready." However if I refresh this page any quicker than about once a minute, it doesn't load? Check out this paste bin; http://pastebin.com/raw.php?i=1xyNtcYq I am packet capturing on a client (172.22.0.220, not in the monitor subnet), browsing to the monitor uri (GET /oowahboh6eibooca) you can see at 14:08:24 I get a response "200 OK". Then I refresh the page 2 seconds later at 14:08:26.215969 and at 14:08:26.217989 I get a 404 response. This doesn't really matter as I will only be checking every 5 minutes or so, but I thought I should mentioned it in case it's a bug or I'm being silly again. Cheers, James.
Re: Monitor always returns HTTP 200
Hi guys, Thanks for the responses, my replies are below! On 2 May 2013 17:48, Lukas Tribus wrote: >> I always receive a HTTP 200 response to my browser > > How do you know that? tcpdump > In what condition does this happen (when you have less than 2 > backends alive or even with 2 or more backends alive?) With 2, 1, or 0 back ends alive (I have been adding iptables rules to the Apache servers [there are two] one at a time so that haproxy backend server checks fail, and I can see this reflected in the haproxy log) . >> default_backend http--servers >> [...] >> backend http-servers > The config doesn't seem to match That was just a typo from me copying the config into my original email, sorry about that! > Please post the output of haproxy -vv. sudo haproxy -vv HA-Proxy version 1.4.8 2010/06/16 Copyright 2000-2010 Willy Tarreau Build options : TARGET = linux26 CPU = generic CC = gcc CFLAGS = -O2 -g OPTIONS = Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. On 2 May 2013 22:39, Bryan Talbot wrote: > On Thu, May 2, 2013 at 8:55 AM, James Bensley wrote: >> >> acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see >> lee than 2 backend servers >> monitor-uri /checkuri >> monitor-net 172.22.0.0/24 > > What's the address of the computer making the requests? If it's in the > 172.22.0.0/24 network, all responses for any URI will be 200 as long as > "monitor fail" is false. Ah! This was the information I was missing. I changed that to a /32 and tried from another machine and the behaviour is now more like what I expected is seen. The other machine passes through haproxy to the backends as it should, and requests to the monitor URL return 404, which is what I wanted. However I do still have another problem, I always get HTTP 200 from the machine in "monitor-net". I can add an iptables rules on either of my two Apache servers or both, to stop haproxy from contacting them (which I can verify via tcpdump on Apache and tcpump on the haproxy server. I can see it can't get past TCP syn because there is no syn-ack back from the apache servers). This first paste bin entry shows the haproxy server detecting the first Apache server as down, I browse to my monitor uri and as you can see from the tcpdump output, I get HTTP 200 back: http://pastebin.com/raw.php?i=va57gf0K In this second paste bin entry I have added the log line from haproxy after adding a drop rule to the second Apache server iptables config, you can see here that haproxy can now see neither Apache server. yet I still get HTTP 200; http://pastebin.com/raw.php?i=bPcNP8kH If anyone can shed any light on this I would be very grateful. Cheers, James.
Monitor always returns HTTP 200
Hi all, I have configured haproxy using the below configuration. No matter what URL I browser to I always receive a HTTP 200 response to my browser. If I comment out the ACL and three monitor lines from the frontend configuration, normal behaviour is resumed. I have that gut feeling that I have done something obviously wrong, but I can't spot it :) Where am I going wrong with this? I assume that haproxy captures requests to /checkuri and sends back HTTP 200 when at least 2 back end servers are up (which they are, I can see the requests coming into them) and 503 when one or more is down. Otherwise, all other requests are passed directly to the back end servers. It seems to be intercepting whatever URI I request via GET and returns HTTP 200 OK, nothing reaches the back end servers when the monitor URI is configured. frontend monitor-http-servers bind 1.2.3.4:80 acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see lee than 2 backend servers monitor-uri /checkuri monitor-net 172.22.0.0/24 monitor fail if backend_down default_backend http--servers backend http-servers cookie cook insert option persist option redispatch server cook1 192.168.0.1:80 cookie c1 check inter 2000 rise 3 fall 3 server cook2 192.168.0.2:80 cookie c2 check inter 2000 rise 3 fall 3 balance roundrobin Cheers, James.
Re: Balance Roundrobin vs Balance Source
On 18 April 2013 21:13, wrote: > balance roundrobin > cookie SERVERID insert indirect nocache > server server01 xxx.xxx.xxx.:8081 check cookie s1 > server server02 xxx.xxx..xxx:8081 check cookie s2 Presumably you want this to be "balance source" though anyway. If you have a client which doesn't accept cookies, they will be balanced in a round robin style for every request they make, so "balance source" give a kind of stickiness for clients that don't allow/support cookies? Cheers, James.
Re: Two HAProxy instances with a shared IP
Hi Phil, I have just been through this exact exercise. I have just posted my results to the Pound Proxy mailing list (so sorry to anyone that is a subscriber there, here is comes again!). This is the post I just sent, keepalived is so simple and I have it working with Pound and HAProxy; Hi All, Thanks for all your responses! I have successfully implemented this now using keepalived. I would thoroughly recommend this to anyone looking for IP failover, is really easy to do. Download & compile which is as easy as; wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz gunzip keepalived-1.2.7.tar.gz tar -xf keepalived-1.2.7.tar cd keepalived-1.2.7/ sudo apt-get install libpopt-dev snmp snmpd libnl1 libnl-dev libssl-dev make libsnmp-dev ./configure --enable-snmp make sudo make install Then the following basic config will get you up and running with a basic set up; vrrp_instance pound_ips { state MASTER interface eth1 virtual_router_id 10 priority 100 advert_int 1 nopreempt virtual_ipaddress { 192.168.0.250 } authentication { auth_type PASS auth_pass bxUcbz52FE38 } } That reall is the bare minimum which will get you up and running. I made some notes here; http://null.53bits.co.uk/index.php?page=keepalived Cheers to all, James. On 8 April 2013 14:36, Phil Daws wrote: > Hello, > > am making my first foray into setting up a test lab to play around with > HAProxy. Ideally I am hoping to build an environment which consists of two > HAProxy nodes that share an IP address, and each node then offloads HTTP > connections to two backend web servers. Basically build a meshed architecture > for no single point of failure. It looks like the best route would be to use > Wackamole and Spread for the shared IP address. Am building on CentOS 6.4 so > would be grateful for your thoughts on this setup or whether there is a more > appropriate one. If all works well then hopefully can start to look at LB/HA > for other services. > > Many thanks, >
Re: HAProxy isn't balancing/distributing 127.0.0.1 requests
On 24 January 2013 11:34, Chris Sarginson wrote: > Change: > balance source > > to > > balance roundrobin > > This will allow haproxy to send each new request to a different server, and > then maintain sessions by tracking the appsession cookie you are inserting. > > Chris What an absolute plonker I have been, this works as expected :) Thanks Chris (and Baptiste and Unai!)
Re: HAProxy isn't balancing/distributing 127.0.0.1 requests
Woops! Sorry guys, Cheers, James global log 127.0.0.1 local0 user haproxy group haproxy daemon stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin defaults log global modehttp option httplog option dontlognull retries 3 maxconn 1 contimeout 5000 clitimeout 5 srvtimeout 5 listen https-servers 127.0.0.1:80 cookie appserver insert option persist option redispatch server appserver1 10.0.0.1:80 cookie server1 check inter 2000 rise 3 fall 3 server appserver2 10.0.0.2:80 cookie server2 check inter 2000 rise 3 fall 3 balance source listen http-servers public.ip:80 cookie appserver insert option persist option redispatch server appserver1 10.0.0.1:80 cookie server1 check inter 2000 rise 3 fall 3 server appserver2 10.0.0.2:80 cookie server2 check inter 2000 rise 3 fall 3 balance source
HAProxy isn't balancing/distributing 127.0.0.1 requests
Hi All, I have Pound Proxy and HAProxy on the same box; HTTPS requests come into Pound, Pound then passes them using plan text HTTP to HAProxy listening on 127.0.0.1, HAProxy then balances the connections across the back end servers. Plain text HTTP requests that come into the box and go strait to HAProxy, no Pound, I am just suing Pound for some HTTPS shenanigans. I can see in my logs that all requests from 127.0.0.1 (so HTTPS requests via Pound) are always sent to the same back end server (server2). HTTP requests that come from all different IPs directly into HAProxy are being balanced over back end server1 and server2. I assume this is possibly because 127.0.0.1 always passes through the balancing hash algorithm (or whatever HAProxy uses) and comes out with the same value each time. Is there anything I can do about this? Kind regards, James.
Re: Tactics for load balancing all connections
On 18 January 2013 00:03, Unai Rodriguez wrote: > Yes that works in the way I mentioned (cookies then source IP) Thanks very much for the info Unai! Cheers, James.
Re: Tactics for load balancing all connections
On 17 January 2013 12:39, Jonathan Matthews wrote: > From the fine documentation: > > --- > appsession > > The "otherwise" caveat sounds like what you're looking for. Thanks for the info Jonathan. I am aware of the appsession feature, however when I trialled it I could get it to evenly distribute the traffic. Under my current configuration which I previously posted, I think there is a very uneven distribution of traffic to the two back-end servers. I need to look through the logs and confirm what the ratio is, but just looking at the graphs for network traffic, CPU load and memory usage; One back-end server is using much more than the other. Cheers, James.
Re: Tactics for load balancing all connections
Hi Unai, Well that is what I have in the configuration, as I included in my first email, but will this actually work? Does HAProxy support listing more than one mechanism at once? If so, is there some sort of priority list on which I can see the order they are used in? Many thanks, James.
Tactics for load balancing all connections
Howdy All, I wondered if anyone could entertain me with some ideas and thoughts on being able to load balance all connections that pass through HAProxy, perhaps by using more that one method, to "catch all" connections (I have a single box set up in mind which is troubling me). I have placed a snippet of the config below. We are inserting a cooking to the request, either s1 for server1 or s2 for server2 so that customers are having sticky sessions with the web servers. For customers that don't support cookies, the servers redirect the user to a different URL that carries the session ID in the URL all throughout the session (an SSL session is terminated in front of HAProxy, so HAProxy is HTTP only below).In the cookie-less scenario we would like to use source IP based balancing; whilst this isn't the most even distribution of traffic, it will be a minority of traffic. So, can I enable two balancing techniques? Is there a way of having priority based balancing so cookies are preferred, failing that, source IP? If not, what do others do if you want to use balancing method A, but some clients might not fit into the criteria for that? Cheers, James. global log 127.0.0.1 local0 notice info user haproxy group haproxy daemon stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin defaults log global modehttp option httplog option dontlognull retries 3 maxconn 1 contimeout 5000 clitimeout 5 srvtimeout 5 listen https-iis-servers 127.0.0.1:80 cookie apps insert option persist option redispatch # Active WebApp servers server server1 192.168.1.1:80 cookie s1 check inter 2000 rise 3 fall 3 server server2 192.168.1.2:80 cookie s2 check inter 2000 rise 3 fall 3 balance source
Re: Issue with HAProxy - Potential time out but no error
You were absolutely right sir, I was being a fool and overlooking the answer staring me right in the face. Cheers, James.
Issue with HAProxy - Potential time out but no error
Hi all, I am having an issue on a load-balancer running Pound and HAProxy. I believe the error is with HAProxy but it doesn't give an error. Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning and I can see it is comming from Pound. They see no log entry in their web app (IIS) server logs, so its not hitting the back end servers. I think the problem is possibly with HAProxy. Lets review the logs: Initialy the users (1.2.3.4) hits Pound on the load balancer: Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:23 +] "POST /eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d HTTP/1.1" 200 155721 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d"; "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +] "GET /Controls/ReferringOrganisationLogoImageHandler.ashx HTTP/1.1" 200 142 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d"; "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +] "GET /eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWVCO_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092&__ac_ssid= HTTP/1.1" 200 11206 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d"; "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +] "GET /eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWCCIL_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092 HTTP/1.1" 200 43496 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d"; "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:42 lb1 pound: (7f819fff8700) e500 for 1.2.3.4 response error read from 127.0.0.1:80/POST /eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d HTTP/1.1: Connection timed out (15.121 secs) Above we can see the request coming in from the user at IP address 1.2.3.4, eventually Pound returns error 500 with the message "Connection timed out (15.121 secs)". Running HAProxy in debug mode, we can see the request come in; user@box:/var/log$ sudo /etc/init.d/haproxy restart Restarting haproxy: haproxy[WARNING] 316/100042 (19218) : mode incompatible with and . Keeping only. Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. Using sepoll() as the polling mechanism. ... 0008:iis-servers.srvrep[0008:0009]: HTTP/1.1 200 OK 0008:iis-servers.srvhdr[0008:0009]: Cache-Control: private 0008:iis-servers.srvhdr[0008:0009]: Pragma: no-cache 0008:iis-servers.srvhdr[0008:0009]: Content-Length: 22211 0008:iis-servers.srvhdr[0008:0009]: Content-Type: text/plain; charset=utf-8 0008:iis-servers.srvhdr[0008:0009]: Server: Microsoft-IIS/7.0 0008:iis-servers.srvhdr[0008:0009]: X-AspNet-Version: 2.0.50727 0008:iis-servers.srvhdr[0008:0009]: X-Powered-By: ASP.NET 0008:iis-servers.srvhdr[0008:0009]: Date: Mon, 12 Nov 2012 10:01:25 GMT 0009:iis-servers.accept(0004)=000a from [127.0.0.1:53556] 0009:iis-servers.clireq[000a:]: GET /Logoff.aspx HTTP/1.1 0009:iis-servers.clihdr[000a:]: Host: a-website.com 0009:iis-servers.clihdr[000a:]: Connection: keep-alive 0009:iis-servers.clihdr[000a:]: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4 0009:iis-servers.clihdr[000a:]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 0009:iis-servers.clihdr[000a:]: Referer: https://a-website.com/eventmanagement/eventmanagement.aspx 0009:iis-servers.clihdr[000a:]: Accept-Encoding: gzip,deflate,sdch 0009:iis-servers.clihdr[000a:]: Accept-Language: en-GB,en;q=0.8,it;q=0.6 000