Re: Capture http connect request information
Le dimanche 14 juin 2015 08:28:06, vous avez écrit : Hi Kevin, On Sat, Jun 13, 2015 at 10:34:07AM +0200, Kevin COUSIN wrote: Hi, Is it possible to capture the CONNECT method information? I try to capture the IP and port in http request CONNECT 172.20.69.22:5904 to create an ACL to redirect request to backend. Normally you can since it's the URL of the request, so the url sample fetch method will return it. Regards, Willy Thanks for the reply. I thing I want to use HAproxy like a proxy here, not a reverse proxy (see http://www.ovirt.org/Features/Spice_Proxy). Can HAproxy be used like a proxy (like squid) ? Regards -- Kevin
SPICE Proxy with haproxy
Hi list, Is it possible to use HAproxy instead of Squid for a SPICE Proxy (I already use Haproxy on this server, I'd rather avoir to install Squid) ? I try this oVirt +SPICE frontend fe_spice_proxy bind 172.18.1.99:8080 #bind 172.18.1.99:5900-6123 option tcpka default_backend bk_OVIR ## backend bk_OVIR option tcpka balance roundrobin server OVIR1 172.20.69.21:5900-6123 weight 10 server OVIR2 172.20.69.22:5900-6123 weight 10 But it seems I can't set a port range in the server directive. Somebody have an idea how can I setup ? Thanks a lot -- Kevin
Re: Load Balance individual requests
Le 31/08/2013 09:10, Willy Tarreau a écrit : On Thu, Aug 29, 2013 at 05:43:48PM +0200, Kevin COUSIN wrote: Very good guid, I will follow it. Thanks a lot ! You can thank Baptiste for this great one, and us for hearing him complain about the complex setup for all the time it took him to test over and over to ensure that what he wrote really works out of the box :-) Willy Hi, I follow this excellent guide (thanks to Baptiste ) but I have an issue. When I try to get the certificate on the 5061 port, I can't get it throught HAproxy. openssl s_client -connect 10.250.0.80:5061 CONNECTED(0003) 139851101718160:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 322 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE But I can get it if I request the Edge Servers directly. I use HAproxy 1.5-dev19.
Re: Load Balance individual requests
Le 02/09/2013 15:07, Lukas Tribus a écrit : Hi! Hi ! I follow this excellent guide (thanks to Baptiste ) but I have an issue. When I try to get the certificate on the 5061 port, I can't get it throught HAproxy. openssl s_client -connect 10.250.0.80:5061 CONNECTED(0003) 139851101718160:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: Looks like 5061 is a plaintext port? Did you configure the bind line with the ssl keyword and the appropriate certificate? Here is the configuration : frontend fe_edge_pool_external_access timeout client 30m mode tcp bind 10.250.0.80:443 name https bind 10.250.0.80:5061 name sip default_backend bk_edge_pool_external_access Does HAproxy pass TCP connection directly to backend ? Lukas Kevin C
Re: Load Balance individual requests
Le 02/09/2013 16:09, Lukas Tribus a écrit : Hi! Does HAproxy pass TCP connection directly to backend? It depends ... can you show the configuration of the backend as well? Sure, Here is the configuration : backend bk_edge_pool_external_access timeout server 30m timeout connect 5s mode tcp balance leastconn source 0.0.0.0 usesrc clientip stick on src table _edge_pool_external_persistence default-server inter 5s fall 3 rise 2 on-marked-down shutdown-sessions server LEDG02002-81 10.250.0.81:5061 weight 10 check observe layer4 port 5061 check-ssl server LEDG02003-82 10.250.0.82:5061 weight 10 check observe layer4 port 5061 check-ssl Regards, Lukas Regards, Kevin C
Re: Load Balance individual requests
Le 02/09/2013 16:26, Lukas Tribus a écrit : Hi! source 0.0.0.0 usesrc clientip So you are using using TPROXY mode. Does your network configuration allow that? Can you try without TPROXY mode? Just remove the source line and retry. Yes, it works. It don't know if I must set up a TPROXY for Load balancing Lync Edge Servers. Regards, Lukas
Load Balance individual requests
Hi, We plan to use HAProxy to load-balance an MS Lync 2010 Infrastructure. We also plan to use it as reverse proxy? Is HAproxy able to load balance individual requests within a TCP session ? This a requirements for effcient load-balance. Is somebody already use HAProxy with Lync 2010 ? Thanks a lot --- Kevin C
Re: Load Balance individual requests
Hi Lukas, Yes, link use SIP and HTTPS. The documentation says tha HAproxy must load balance individual requests within a TCP session and make persistence with a cookie. Regards, Kevin C Le 28/08/2013 19:06, Lukas Tribus a écrit : Hi Kevin, Is HAproxy able to load balance individual requests within a TCP session? If you're talking about HTTP, then yes, thats possibile. Individual requests may be served by different backends via content switching (if you want). It we talk about a proprietary application protocol based on TCP, its obvious all haproxy can do is load-balance the layer 4 payload as-is. Not sure if Lync uses HTTP. Regards, Lukas
Choosing outgoing IP
Hi list, I configure an haproxy instance on a Linux Cluster vith some virtual IPs. Is it possible to choose which IP haproxy use for a backend, like the tcp_outgoing_address in squid ? Thanks a lot kevin C
