On 6 December 2013 20:13, Qingshan Xie wrote:
> Jonathan,
> I am interested in what you mentioned about using 1.5 "peers". I googled
> it, but a little confused about "peers". Is "peers" used for Failover or
> for Load-Balancer scaling? I do not find a detail information how "peers"
> is workin
On 6 December 2013 17:50, Qingshan Xie wrote:
> Godbach,
> Thanks for the quick reply and suggestions.
> To enable multi-process mode does increase the capacity but limited by host
> NIC bandwidth. Can HAProxy be scaled to multi-node to host the same
> traffic?
Yes it can, but *you* have to make
this list's
archives to find information that's come up in the past on this exact
topic. This list is archived in a few different places - once such
place is here: http://marc.info/?l=haproxy
Regards,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
On 19 November 2013 15:42, sushant dangare wrote:
> Hi,
>
> we are going to set an Ha-proxy setup so please let us know if we need an
> any help / support will you help me?
>
> or can we get purchased licence any thing like that...?
>
> please revert on urgent basis.
Hi Sushant -
This is the pub
On 5 November 2013 11:16, Willy Tarreau wrote:
>> It is a Xeon E5-2650 Dual (So we have 16 physical cores to use here and 32
>> threads).
>
> OK. Do you know if you have a single or multiple interrupts on your NICs,
> and if they're delivered to a single core, multiple cores, or floating
> around
On 29 October 2013 08:30, Ge Jin wrote:
> Hi, Baptiste!
>
> Thanks for your reply, I found there is an incorrect configure in my
... email client? >;-)
On 24 Oct 2013 08:31, "Abdul Majid Yaqub Compaore" <
abdul.profit...@gmail.com> wrote:
> I would like to know how to deal with HA proxy without load balancing.I'm
only requiring fail over. Any suggestion? Thanks in advance.
Hi Abdul -
Your colleague (?) Lisa asked the same question on this list s
al with because you opened up a SMTP port online.
Just my 2 cents. Other opinions are available ;-)
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
Have you tried searching online for the answer?
on this list.
Regards,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
and add www?
As David said, there is nothing that HAProxy can do to help here.
Regards,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
e documentation linked
from it, please do make that suggestion here, on this public mailing
list.
> also can I install HA Proxy without
> root userid.
I would imagine that would work just fine with certain caveats. Let us
know how you get on!
Regards,
Jonathan
--
Jonathan Matthews
Ox
ature: http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#http-check
expect
Regards,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ick
tables in as features.
That stable/dev difference may decide it for you - it would for me in
most circumstances. I'm sure more knowledgable people will chime in
with more detailed comparisons.
J
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
to put a high number of
required successes for the non-backup servers' health checks. I.e.
several thousand (or whatever - do the mathS that makes sense for your
situation) in the per-server "rise" setting:
http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#rise
On 14 June 2013 10:10, Ashish Jaiswal wrote:
> HI Jonathan,
>
> You mean to say that the hrsp_2xx will always increment. But it doesn't
> seems to be as the value are always floating.
> My major concern is how will one manage to see that how many client are
> getting and 3xx/2xx code when they ar
ntal counters over the lifetime of the
HAProxy process.
I don't think the 2 (rate & counters) are directly comparable, and I'd
definitely expect them to show different values.
HTH,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ttp-downloads for some
more information on this.
Regards,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
HTTP,
of course :-)
> Does HAProxy help in this context?
It can do, due to its extremely configurable health checks. If you've
committed to solving this problem entirely, however, it will need more
than just HAProxy. That's the sort of situation into which I normally
step wearing my "
n HAProxy. I do appreciate your comments.
I don't think that HAProxy's sessions are related to the kind of
in-request failure you seem to be concerned about. But I haven't run
the current 1.5 development version, so I may be out of touch with
what it does in this area.
Regards,
Jo
member that #33 is useful if
you're looking at it at a single point in time, but if you're trying
to graph it, you might find it more useful to collect "stot" directly
and calculate rates from that instead.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
erver has to explicitly
support the PROXY protocol.
Either way - if it's just something being tickled in the postfix code
which replies with a multi-line response or if it doesn't understand
PROXY messages entirely - I'm afraid I don't have any suggestions for
fixing it. You mi
ou start by looking at
http://en.wikipedia.org/wiki/WURFL for a generic solution to this
problem. I'm not sure if anyone has it integrated with HAProxy,
however.
Regards,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
In the past I've used a ludicrously high setting on the primary for
"rise", the number of health checks it has to pass before it's
considered to be up again.
It's definitely a hack, though that's not to say I haven't used it in
production ;-)
Jonathan
--
J
only in HAProxy 1.5.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
Does anyone have anything they could share about using HAProxy for
load-balancing SIP? Positive /or/ negative, of course! :-)
Jonathan
te unusual perks.
>
> regards,
> Anthony
>
> --
> Anthony Mansfield - Technical Recruiter - couchsurfing.com
> anthony.mansfi...@couchsurfing.com
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
st_port 8080
I don't understand how you hope to see traffic aimed at ports 80 or
8080 on a frontend bound to port 5800.
If you believe this /should/ work, I suggest you've misunderstood
HAProxy's role somehow, and should reread the fine documentation.
Jonathan
PS Please avoid sending
figure out how many users each of
your HAProxy instances will support, then this isn't helpful. But then
you wouldn't care about distinguishing user1 from user2 - you'd just
look at actual simultaneous connections, I guess :-)
HTH,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
http-defaults -f conf/http-listeners -f
conf/tcp-defaults -f conf/tcp-listeners
HTH
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
he default cert to clients that don't provide SNI hints.
Other than moving to IP-per-SSL-site, I don't believe there's anything
you can do to avoid this when you don't control the clients.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
the entire box.
> We've been running perfectly stable this way for months.
Thanks for that, Brendon - great data points.
I wish more people would post information like this, relating req/s
and the hardware that delivers it in production.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ere's
anything you'd like to add, get involved in, or test ...
Cheers!
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
s down to your judgement, and the
operational trade-offs you and the business around you need to make.
Cheers,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
t do this at the infra level myself.
Cheers,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
om-killer
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
endpoints for HAProxy's use that can withstand 1Hz checks
(i.e. 2 active/passive HAProxy nodes @ 2 second intervals).
30 seconds isn't frequent enough, for my money. YMMV.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ng in the backend:
http://cbonte.github.com/haproxy-dconv/configuration-1.4.html#option%20httpclose
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
and log of the steps you took, what
you saw, and what you expected to see.
Thanks,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
On 18 January 2013 02:26, Joel Krauska wrote:
> monitor-uri looks like it would only work as a path match.
>
> I need to match a Host header.
Could you elaborate a bit on why you're trying to do this? Is it for a
human or machine audience? Etc etc ...
Jonathan
--
Jonathan Matt
quot;monitor-uri":
http://cbonte.github.com/haproxy-dconv/configuration-1.4.html#monitor-uri.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ancing algorithm is
applied.
---
The "otherwise" caveat sounds like what you're looking for.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
nd-same-port
Until SNI is more widely adopted, you need a distinct IP address for
each cert you wish to use.
Regards,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
is more of a user question, what is the real use-case for the
> check command? Is it okay to just leave it out?
The documentation describes what it does. Have you read it?
What information do you feel you need that isn't there?
http://cbonte.github.com/haproxy-dconv/configuration-1.5.html#che
ss. I don't have access to a working HAProxy to
check against at the moment ...
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
calability.com/blog/2012/9/12/using-varnish-for-paywalls-moving-logic-to-the-edge.html).
Keep HAP for what it's awesome at - routing requests based on backend
*health*, not backed *logic*.
My 2 cents,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ckends as-is. [ This would result in the loss of
some information at the HTTP level, such as the client's IP, but may
be sufficient for you. ]
Jonathan
PS Please disable HTML mail to this list if you're able. Thanks.
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
On 5 December 2012 12:47, David Touzeau wrote:
> Thanks Willy for this clarification but if i turn to tunnel mode,did i lose
> the x-forwarded-for HTTP header ?
Yes, on all but the first request I believe.
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplu
e to be responding to health checks for
the service to be considered "up"
3) configure backup servers for the service to use instead of the
normal server pool, once the service has been determined to have gone
"down" as per the criteria you defined in #2.
If it's possibl
speak as for any problems you see after you fix that - I've
never seen POSTs and request bodies being used in a health check
before!
HTH,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html
question, but I think you're
missing an extra "\r\n" that should represent the blank line between
the POST's headers and its body.
Also, I think the length of 35 might be wrong, as it doesn't take into
account the last "\r\n" (which might be superfluou
t; default_backend: 'tester'.
> [ALERT] 299/152956 (5477) : Fatal errors found in configuration.
>
> Any ideas? I thought you could have http and tcp backends running
> simultaneously.
Hasn't the "frontend tester" picked up the default "mode http", h
Is it a bug or am I missing something?
Percentage signs are valid in URIs. Your application could be doing
/anything/ with them; HAProxy doesn't know what.
I don't /believe/ it's a validating parser's job to disallow these -
it sounds like you want more of a WAF.
All IMHO,
of using the PROXY protocol, but I have
no idea if Apache speaks it. It would require a dev version of HAProxy
in the 1.5 branch. See
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol-v2-draft-20120621.txt
Cheers,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
**
That's just a simplification of your config. I'm pretty sure there
would be more that could be removed if I knew WP better ;-)
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ithub.com/haproxy-dconv/configuration-1.4.html#http-check%20disable-on-404
help? It allow for the nicer (IMHO) behaviour of variable rise/fall
settings for the healthcheck, but an immediate drop out on (and *only*
on) 404s.
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
care of
> flapping services? Any help would be appreciated.
Have you looked at the "rise" (and "fall") server parameters?
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
simpler solution than
either of these.
HTH,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
ease of setup) OpenVPN? With those,
you'd have the advantage of being able to do TCP checks of the remote
port instead of a localhost one, without having to care about the
layer7 checks. Which isn't a /good/ thing - layer7 checks are the way
forward! But it helps if you're not talking a layer7 protocol that
HAProxy knows about.
HTH,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
On 7 July 2012 15:09, Willy Tarreau wrote:
> On Sat, Jul 07, 2012 at 01:22:01PM +0100, Jonathan Matthews wrote:
>> Willy - how is this actually configured? I'm assuming you don't mean
>> by using 2 separate instances ...
>
> It's like I suggested at the end of
outs differ a lot).
Willy - how is this actually configured? I'm assuming you don't mean
by using 2 separate instances ...
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
on't need to be
notified of multiple PIDs in non-daemon mode - it's just the parent's
single child that needs to be monitored.
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
h does not report
>> addresses or ports inside the payload. For instance, it works well
>> on SSH, SMTP, LDAP, RDP, PeSIT, SSL, etc... but not on FTP, most RPC,
>> etc... In general, any protocol which can easily be translated will
>> work. I think this is the case for all tho
On 27 April 2012 21:37, Andres Thomas Stivalet wrote:
> Currently, if haproxy tries to start up and a webserver is down (and
> it's defined as a hostname in the config file) haproxy refuses to
> start.
Do you really mean "down", or "unresolvable" as per your su
gt; right thing?
That's exactly what I use on our production boxes. Works for me.
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
dispensable. Thanks for
> doing this!
+2. Our Junior SA grits her teeth when I point her at the text doc for
answers; I'm sure this will ease such annoyance hugely :-)
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
er a "server DOWN" log from one process, another process still
>> sends
>> traffic to it because it has not detected it as down yet.
>>
>> I'm seeing nothing particularly wrong below. You could improve your end
>> user experience by replacing "httpclose" with "http-server-close".
>>
>> Regards,
>> Willy
>>
>
--
Jonathan Matthews
London, Oxford, UK
http://www.jpluscplusm.com/contact.html
On 7 April 2012 04:27, Jonathan Matthews wrote:
> On 7 April 2012 01:43, Aman Gupta wrote:
>> The mailing list archive at http://www.formilux.org/archives/haproxy/
>> appears to be broken. Are messages archived anywhere else?
>
> Works for me. What are you seeing?
My ba
On 7 April 2012 01:43, Aman Gupta wrote:
> The mailing list archive at http://www.formilux.org/archives/haproxy/
> appears to be broken. Are messages archived anywhere else?
Works for me. What are you seeing?
Jonathan
--
Jonathan Matthews
London, Oxford, UK
http://www.jpluscplu
valents. Not a complete superset, of course, but
sufficiently greater timing and switching information that you may
want to to consider keeping them in preference to nginx's.
Jonathan
--
Jonathan Matthews
London, Oxford, UK
http://www.jpluscplusm.com/contact.html
oes this work?
acl path_match path_beg /url1
use_backend options if path_match METH_OPTIONS
It seems more visible to me to avoid acl accumulation at definition
time, and to make the use_backend the place that they're AND'd. YMMV.
Jonathan
--
Jonathan Matthews
London, Oxford, UK
http://www.jpluscplusm.com/contact.html
- but I may not totally grok a 204's intended usage,
to be honest .. :-)
Jonathan
--
Jonathan Matthews
London, Oxford, UK
http://www.jpluscplusm.com/contact.html
On 2 April 2012 19:28, Sameh Ghane wrote:
> Le (On) Mon, Apr 02, 2012 at 06:32:31PM +0100, Jonathan Matthews ecrivit
> (wrote):
>> On 2 April 2012 17:25, Sameh Ghane wrote:
>> >
>> > Is there anything I missed ? Like setting a specific request header which
>
On 2 April 2012 17:25, Sameh Ghane wrote:
>
> Is there anything I missed ? Like setting a specific request header which
> would
> be the result of a regexp on the URI, and balancing on that header ?
I don't understand what you've written. Could you say it again, but differently?
Some examples wo
QL connections.
Whilst you /can/ get HAProxy to kill connections after a certain
timeout, it's not a good solution unless your clients have robust
error handling. You more likely need your MySQL clients to implement a
connection timeout themselves, so that they control the process.
J
r B will never be
> removed/updated.
>
> I am not sure this is a bug or not, but I guess this might be one problem.
http://martinfowler.com/bliki/TwoHardThings.html
This is not a problem that HAProxy is in any place to help you with, IMHO :-)
You will need to solve the cach
or anyone on list to fix your
script, hence providing a simple command using very simple primitives
(bash; socat; etc) that we can repeat until failure occurs will really
help to clarify the failure you're observing. FWIW, I suggest you
/don't/ provide the script :-)
All the best,
Jonathan
erence between these. One is
for checking request headers and the other is for checking response
headers.
Cheers,
Jonathan
--
Jonathan Matthews
London and Oxford, UK
http://www.jpluscplusm.com/contact.html
On 10 March 2012 07:20, Willy Tarreau wrote:
> On Wed, Mar 07, 2012 at 02:40:20PM +0000, Jonathan Matthews wrote:
>> It seems to me that there's a trivial DoS available whenever "observe
>> layer7" is enabled if, as I'm imagining, the set of acceptable
>&g
bserve layer4", of course. This is unhelpful in this
scenario, as we're vhosting to a single IP on the origin servers. It
will only guard against the entire HTTPd dying - not a specific vhost
having problems.
Any ideas?
Cheers,
Jonathan
PS Thanks to all involved for HAProxy - an awesome bit of kit :-)
--
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
or-net; or perhaps just an
increase in the number of times it can be specified incrementally
without overriding the last setting?
Many thanks,
Jonathan
--
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
On 13 May 2011 13:32, Willy Tarreau wrote:
> On Fri, May 13, 2011 at 12:00:59AM +0100, Jonathan Matthews wrote:
>> Just wondered if there'd ever been any discussion of recording each
>> connection's Time To First Byte in the log output?
>
> Time to end of response
e relatively standardised metric of TTFB that I thought I'd
raise the idea here.
Any thoughts?
Cheers!
Jonathan
--
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
t yet", the rest of your
email was rather light on *detail*. If other people are comprehending
and happily using the functionality based on the existing config
requirements and documentation, then perhaps the flaw doesn't lie with
the config and/or documentation.
My 2-pence,
Jonathan
--
101 - 184 of 184 matches
Mail list logo
