Re: Alternatives to PayPal
What about a Patron account. https://www.patreon.com/europe Cause I already asked multiple times for some other means of contribution as well. That would help a great deal, makeing it easier. I'm supporting multiple Opensource projects already this way. Would that be an option? Best regards Sebastian On 07.10.2020 11:03, Nicolas CARPi wrote: Dear list, Haproxy is an amazing project and it is clear that the devs are pouring a lot of energy and time into it. As a (very) small entrepreneur, I use Haproxy to host my services and I'm quite happy with it. It is an essential part of my business. I wish to redistribute a small part of the money I generate to this project, as I believe open source projects do need this, nothing is free in this world. Unfortunately, the only way to donate is through PayPal, and like many, I have a strong aversion to this company. May I suggest setting up an OpenCollective or Liberapay account (or both)? These services also allow to be transparent about who gets what and to remunerate recurrent contributors. Let me know what you think! :) Regards, ~Nicolas CARPi -- Far-Galaxy Networks Sebastian Fohler Asternstr. 5, 80689 München Mobil: 0173 8796211 E-Mail: i...@far-galaxy.de Web: http://www.far-galaxy.de Firmenangaben: http://www.far-galaxy.de/impressum <>
Re: monitor fail condition
This is the option I've set in my backend pool: option ssl-hello-chk HEAD /rmo/login.rmo HTTP/1.0 and the configuration is: apache[proxy]:443 -> jboss:8080 and if that fails apache shows a service is not available site which is at least in the browser a 503 error. On 31.10.2014 10:57, Willy Tarreau wrote: On Fri, Oct 31, 2014 at 10:44:30AM +0100, Sebastian Fohler wrote: Hi Willy, thank you for answering. The problem is that the standard health check right now checks the URI /.../ But as soon as the jboss backend fails, I get a 503 error page, which still is responding to the health check. I don't get it, are you using "option httpchk" ? If so, there's no way it will consider a 503 as a valid response, or this is a bug! So the failover I configured does not trigger. Eighter I must be able to check the jboss directly, with a sepearte check line or I need the "monitor fail" condition to be set to "if 503 erropage is showing up" Is that discription better for understanding that problem? No because I still don't understand the relation with monitor here. Monitor is for *another* component to check haproxy, not for haproxy to test something else. For example, let's say you have the following architecture : +--+ | router + sla monitor | +--+ | | V ++ | haproxy | ++ || || VV +---++---+ | srv1 || srv2 | +---++---+ Above, haproxy would be configured with *health checks* to check that the servers are OK. In your case it would likely be "option httpchk". Then you can have a "monitor fail" line in haproxy's frontend with a rule saying that if there is no more server available behind, it should report an error. That way the upper router periodically checks haproxy's monitor and decides to advertise the route depending on *haproxy's* status. Thus as I said, the monitor rule is for the frontend while the health checks are for the backend. Hoping this helps, Willy
Re: monitor fail condition
Hi Willy, thank you for answering. The problem is that the standard health check right now checks the URI /.../ But as soon as the jboss backend fails, I get a 503 error page, which still is responding to the health check. So the failover I configured does not trigger. Eighter I must be able to check the jboss directly, with a sepearte check line or I need the "monitor fail" condition to be set to "if 503 erropage is showing up" Is that discription better for understanding that problem? Best regards Sebastian On 31.10.2014 09:58, Willy Tarreau wrote: Hi Sebastian, On Fri, Oct 31, 2014 at 03:37:39AM +0100, Sebastian Fohler wrote: Hi Guys, I've searched the documentation but can't find a condition to set the "monitor fail" to react to a page with error code 503. I have an apache server which uses a jboss as proxy backend. So every time the jboss stops, I have a 503 error page but haproxy does not react to that. So how can I fix that? I don't understand well what you're trying to achieve. Either you mean that jboss is checking haproxy and only supports 503 or you're talking about health checks in fact. So just to try to narrow down your needs : - do you want haproxy to test apache/jboss's availability, in which case you need to configure health checks ; - or do you want some external components to test haproxy's availability (in which case it's the monitor fail) - or maybe a combination of the two ? Regards, Willy
monitor fail condition
Hi Guys, I've searched the documentation but can't find a condition to set the "monitor fail" to react to a page with error code 503. I have an apache server which uses a jboss as proxy backend. So every time the jboss stops, I have a 503 error page but haproxy does not react to that. So how can I fix that? Thank you for your help. Best regards Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Debugging Backendforwarding and UP status
Hi Lukas, thank you for that hint. It seems I never got that email, or it went straight to my spam folder. I'll check that. So I'll take it back, someone did answer. Thank you as well, Willy. :) Best regards Sebastian On 01.09.2013 16:39, Lukas Tribus wrote: Hi! Since no one answered, till now and I'm still had no success to find the problem, it would be great if someone could guide me in the right direction. Willy answered, did you overlook that? http://thread.gmane.org/gmane.comp.web.haproxy/13203/focus=13219 Lukas -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Debugging Backendforwarding and UP status
Hi there, Since no one answered, till now and I'm still had no success to find the problem, it would be great if someone could guide me in the right direction. For example, why are my logs only show the established connections eventhough I enabled the debug logging. Is there some other source to give me some more information about, why and how the checks are failing. Thank you in advance. Best regards Sebastian On 30.08.2013 07:38, Baptiste wrote: Sebastian, 1. when you talk to a ML, you should say 'Hi' 2. when you talk to a ML, you shouldn't send HTML mails Now, I can see you have absolutely no experience with Load-Balancing. Here are a few clues for you: - when you have a 503 error, then no need to think, it means ALL the servers from the farm are seen DOWN - the purpose of the health check is to ensure the service is UP and RUNNING on the servers - Usually, it is a good idea to enable health checking when load-balancing, to allow haproxy to know server status to avoid sending client requests to dead servers - instead of disabling health checking, you should be troubleshooting it: HAProxy logs will tell you why the health check was not working. Good luck, Baptiste On Fri, Aug 30, 2013 at 6:19 AM, Sebastian Fohler wrote: Ok, I disabled the health check and it's working now, so it's definitly a problem of haproxy shuting down the backends. On 30.08.2013 05:55, Sebastian Fohler wrote: Some help, would be to disable the health check for the time being, is that possible. At least it would be a quickfix. On 30.08.2013 05:25, Sebastian Fohler wrote: Is there some simple way to find out why I get this error from my haproxy cluster? 503 Service Unavailable No server is available to handle this request. It looks like all my backend servers are down. Even in pools which are shown as up in my stats. How can I debug that sensible? Thank you in advance. Best regards Sebastian
Re: Debugging Backendforwarding and UP status
Baptiste, at first, sorry, I meant to say hi, but I had a very long night and it seems I have missed it. About the html. Thunderbird has a default html and txt message setting by default, normaly I change that, but as I said, I had a long night. The next time I'll remember that. Concerning the load balancing, I have experience with load balancing, and yes I knew it was a backend Problem. Most of the backends have been shown as down in my stats, as I already written in my last message. The only thing I thought strange was, that one was shown up and still got me that 503 error. About that debugging, that was the question. How much information does HAProxy provide to find the error concerning those backend health checks and shuting down those systems. I've set the log to debug mode but everything I got were this sort of log entries: Aug 30 09:48:49 localhost haproxy[17568]: Connect from 81.44.136.142:54570 to 192.168.48.12:80 (www.adworxs.net-merged/HTTP) So I couldn't find the reason, why all the backends have been shutdown. Obviously cause the check thought they were not availabe, but the problem is, that the same configuration has been working already. I had a network problem yesterday and had to reboot those haproxy systems, since that moment none of the websites configured did work anymore. So my question was, which log interface gives me the correct information about the checks and what would be the best way to analyze this problem. Thank you so far. Best regards Sebastian On 30.08.2013 07:38, Baptiste wrote: Sebastian, 1. when you talk to a ML, you should say 'Hi' 2. when you talk to a ML, you shouldn't send HTML mails Now, I can see you have absolutely no experience with Load-Balancing. Here are a few clues for you: - when you have a 503 error, then no need to think, it means ALL the servers from the farm are seen DOWN - the purpose of the health check is to ensure the service is UP and RUNNING on the servers - Usually, it is a good idea to enable health checking when load-balancing, to allow haproxy to know server status to avoid sending client requests to dead servers - instead of disabling health checking, you should be troubleshooting it: HAProxy logs will tell you why the health check was not working. Good luck, Baptiste On Fri, Aug 30, 2013 at 6:19 AM, Sebastian Fohler wrote: Ok, I disabled the health check and it's working now, so it's definitly a problem of haproxy shuting down the backends. On 30.08.2013 05:55, Sebastian Fohler wrote: Some help, would be to disable the health check for the time being, is that possible. At least it would be a quickfix. On 30.08.2013 05:25, Sebastian Fohler wrote: Is there some simple way to find out why I get this error from my haproxy cluster? 503 Service Unavailable No server is available to handle this request. It looks like all my backend servers are down. Even in pools which are shown as up in my stats. How can I debug that sensible? Thank you in advance. Best regards Sebastian
Re: Debugging Backendforwarding and UP status
Ok, I disabled the health check and it's working now, so it's definitly a problem of haproxy shuting down the backends. On 30.08.2013 05:55, Sebastian Fohler wrote: Some help, would be to disable the health check for the time being, is that possible. At least it would be a quickfix. On 30.08.2013 05:25, Sebastian Fohler wrote: Is there some simple way to find out why I get this error from my haproxy cluster? 503 Service Unavailable No server is available to handle this request. It looks like all my backend servers are down. Even in pools which are shown as up in my stats. How can I debug that sensible? Thank you in advance. Best regards Sebastian
Re: Debugging Backendforwarding and UP status
Some help, would be to disable the health check for the time being, is that possible. At least it would be a quickfix. On 30.08.2013 05:25, Sebastian Fohler wrote: Is there some simple way to find out why I get this error from my haproxy cluster? 503 Service Unavailable No server is available to handle this request. It looks like all my backend servers are down. Even in pools which are shown as up in my stats. How can I debug that sensible? Thank you in advance. Best regards Sebastian
Debugging Backendforwarding and UP status
Is there some simple way to find out why I get this error from my haproxy cluster? 503 Service Unavailable No server is available to handle this request. It looks like all my backend servers are down. Even in pools which are shown as up in my stats. How can I debug that sensible? Thank you in advance. Best regards Sebastian
HAProxy Hardware LB
Hi, I'm trying to build a small size loadbalancing maschine which fit's into a small 19" rackmountable case. Are there any experiences which some specific hardware, for example ATOM boards or something similiar? Can someone recomment anything special? Best regards Sebastian
Re: Performance optimization on VMWare VM's
Hi, How important is it to assign a specific NIC to the single haproxy vm with physical passthrough? Best regards Sebastian On 16.04.2012 07:01, Baptiste wrote: Hey, You have to reserve resources for the VM. FYI, At exceliance, we were able to go up to 55K rps in a VM on a core i7. You'll need to tune your sysctl as well. cheers On Sun, Apr 15, 2012 at 6:30 PM, Willy Tarreau wrote: On Sun, Apr 15, 2012 at 05:35:59PM +0200, Lukas Tribus wrote: Does that mean Sandy/Ivy Bridge based Intel Platforms can't be undoubtedly recommended for high performance usage with haproxy or is there a workaround? It's never all white or black. It also depends on the L3 cache latency. My experience with first gen i5 CPUs is quite good and much better than with the 12-core AMD 6172. What platform would you recommend for a new setup? i3/i5 are really good performers. Pick one with a high frequency and you should be fine. Regards, Willy
Performance optimization on VMWare VM's
I use HAPROXY on a ESXi 5.0 VM. To be exact I use two of them to load balance. My greates problem seems to be the finetuneing and the ability to get the VM's stable enough. For some reasons my haproxy instances are always giving up on estimated 2500 connections. Is there some howto or configuration guide for haproxy on vm's? Best regards Sebastian
Re: Performance problems
Thank you for your reply, I had to stop the testing, cause it made to much trouble. Has someone a good idea how to produce enough load to reconstruct the situation? I need load to solve this problem. Everything is working fine without. As soon as I find a way to construct some test condition I will answer the next questions. Thank you again for helping. On 13.02.2012 07:59, Willy Tarreau wrote: On Sun, Feb 12, 2012 at 02:29:12PM +0100, Sebastian Fohler wrote: On 12.02.2012 14:24, Cyril Bonté wrote: You said that you couldn't find anything useful in the logs. > From the configuration you just posted, you're using the default log format. You should use an enhanced one, at least with "option tcplog" or better for http : "option httplog". This is a prerequisite to find useful information : it will help you find where time is spent (See chapter 8.2.3 in the documentation). Btw, talking about the configuration, your line "stat refresh s" is wrong and ineffective (missing numbers for the refresh, which currently disables the action, but could implies a bug in future versions). Thank you for that hint, I will correct that right away. To the log option, I've already found that entry too, the only thing with the pfsense implementation is to change that setting. And I suspect that in the logs you'll find some "sC" flags before the loss of the last server, indicating a timeout trying to establish a connection. If you see some "RC" flags (which are quite rare), they would indicate a socket or source port shortage. Please also run a "netstat -an" on your haproxy machine in order to check for too many FIN_WAIT2 or TIME_WAITs going to the server, just in case... Regards, Willy
Re: Performance problems
I've noticed that too. The problem is, when I try to reach the backendservers themselves (they are all reachable by there own name, adserve1/adserver2/...). The don't show any problems at all, the question in that case is, how do I find out which error they throw, seen from the lb end. Sure I have checked that, and a ping from the lb server to the backend system is without any trouble even when the haproxy frontend tells me, they are not. On 12.02.2012 21:27, Baptiste wrote: On the last screenshot you set, you had a lot of retries... Which means there may be some issues for your HAProxy to reach the server sometimes. Have you checked all the network settings (speed and duplex) on both servers (web and vsphere) and switches?
Re: Performance problems
I've changed nbproc to 1 now, as I did change the httpclose option, it seems to help a little. The adserver.adworxs.net backends are physical servers. The adserver.dev.adworxs.net backends are vm's. There are four physical NICs used by the vsphere server. Greets, Sebastian On 12.02.2012 14:42, Baptiste wrote: Your nbproc is still 2. You should turn it to 1. You should also remove the option httpclose, replacing it by option http-server-close. It will save some packets on the client side. Are the backend servers VMs too? Are they hosted on the same vsphere server? How many physical network cards are used by your vsphere server? Vsphere won't bother about bandwith usage, but small packets is very hard for a Virtualized infrastrcuture to handle. Like Cyril, I have no experience in running HAProxy on FreeBSD. To be honest, I've not touched any FreeBSD since 5.4 :) Cheers -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Performance problems
On 12.02.2012 14:24, Cyril Bonté wrote: Take into account that virtualization can be a bottleneck for a network component like haproxy. I know that, that's the reason I used one physical nic especially for the haproxy instances. Sure there could still be some problem, but that would be a metter of testing it out. Right now the traffic doesn't seem to be a problem, cause it's being relayed as it should be. You said that you couldn't find anything useful in the logs. From the configuration you just posted, you're using the default log format. You should use an enhanced one, at least with "option tcplog" or better for http : "option httplog". This is a prerequisite to find useful information : it will help you find where time is spent (See chapter 8.2.3 in the documentation). Btw, talking about the configuration, your line "stat refresh s" is wrong and ineffective (missing numbers for the refresh, which currently disables the action, but could implies a bug in future versions). Thank you for that hint, I will correct that right away. To the log option, I've already found that entry too, the only thing with the pfsense implementation is to change that setting. Regards Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Performance problems
I did sent you the screenshot, before the changes. Just to clear that out. How do I know that HAProxy is taking all the CPU resources? PFSense shows the CPU and NIC Traffic resources, I get a rising CPU load until it's 100% and after that haproxy stops the adserver.adworxs.net frontend the adserver.dev.adworxs.net frontend ist still working, which is the one without much network traffic. Greets On 12.02.2012 14:15, Baptiste wrote: I was interested by a screenchot before applying the changes. you have a lot of retries... You should try to add a maxconn on the server line definition. Try set it up at 100 and see what happens. How do you know that HAProxy is taking all the resources in your VM? cheers On Sun, Feb 12, 2012 at 1:52 PM, Sebastian Fohler wrote: The changes you recommended, are cause to much cpu load and making it kill my haproxy frontend with the highest load. On 12.02.2012 13:00, Baptiste wrote: Hi Sebastian, Can you take a screenshot of your stats page and share it with us? Then, please do the changes below in your configuration: turn nbproc to 1 increase the maxconn on the frontend to 4000 cheers -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Performance problems
3476K kqread 1 0:01 0.00% lighttpd 13054 root1 440 5988K 3968K select 0 0:01 0.00% racoon 15747 root1 76 20 3656K 1492K wait0 0:01 0.00% sh 13628 root1 440 8232K 6776K select 1 0:00 0.00% bsnmpd 6216 root1 440 7992K 3556K select 0 0:00 0.00% sshd last pid: 62088; load averages: 0.37, 0.39, 0.41up 0+03:07:43 13:17:37 43 processes: 1 running, 42 sleeping CPU: 0.0% user, 0.0% nice, 1.5% system, 3.7% interrupt, 94.8% idle Mem: 146M Active, 13M Inact, 86M Wired, 23M Buf, 236M Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 21153 www 1 500 80216K 55464K kqread 0 1:10 9.96% haproxy 20994 www 1 480 75096K 52084K kqread 0 1:00 8.98% haproxy 47172 root1 450 4948K 2536K select 0 6:32 0.98% syslogd 28115 root1 760 43356K 17136K accept 0 0:06 0.00% php 11387 root1 450 43356K 18416K accept 0 0:06 0.00% php 45128 root1 440 3316K 924K piperd 0 0:04 0.00% logger 44876 root1 440 7960K 4740K bpf 0 0:04 0.00% tcpdump 51723 root1 440 3316K 1344K select 1 0:03 0.00% apinger 61582 root1 440 43356K 16932K accept 1 0:02 0.00% php 60511 root1 470 43356K 18248K accept 1 0:02 0.00% php 56598 root1 440 6724K 3476K kqread 1 0:01 0.00% lighttpd 13054 root1 440 5988K 3968K select 0 0:01 0.00% racoon 15747 root1 76 20 3656K 1492K wait0 0:01 0.00% sh 13628 root1 440 8232K 6776K select 1 0:00 0.00% bsnmpd 6216 root1 440 7992K 3556K select 0 0:00 0.00% sshd - which version of haproxy? have you compiled it from sources or is 1.4.18 Package of the Pfsense bundle this the one from your distro? - are you using client side keepalives? No and any kind of information which may help. I use nginx on my backend servers As you can see, saying you have performance issues without giving a minimal set of information prevent us from helping you accurately. Thank you for trying to help me, sorry for the minimal information I gave you. Right now I don't know which information I could give furthermore. -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Performance problems
. It's really difficult to follow you. At this time, in this new thread, I can't guess which configuration your are using, nor I can't guess if your other issues were solved without having to reread completely *all* the threads, and I doubt I'm the only one. Here, you're talking about values Willy posted, this is typically an email that should stay in that previous thread, then. It would be easier for everyone. Thanks for your help, I guess you'll have better answers with such an effort ;-) Le 12/02/2012 11:05, Sebastian Fohler a écrit : I've checked the values Willy posted on the haproxy page. All my hardware configurations should meet the needs of haproxy. Still I have major performance problems. How do I best find out why? The logs tell me not nearly anything I neec to now to fix that problems. Since I use vm's to try haproxy, I'm able to change some specifics in case I need to. My Hardware assigned to the vm's is: Two cores: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz 512 MB Ram The second problem I have is, as I posted before, down reportings for my backend server which are definitly not down. I've run those servers on DNS RR before where each server could handle at least 700 sessions http connections. Right now in use with haproxy every server only can keep 300 - 400. Seems strange to me. Thank you for any help you can give me. Best regards Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Performance problems
The memory usage right now is around 65% now. So that shouldn't be the problem. We are talking about around 9 MBps Traffic, for around 700 session in short times for every webserver which are four right now. On 12.02.2012 12:24, Łukasz Jagiełło wrote: 2012/2/12 Sebastian Fohler: I've checked the values Willy posted on the haproxy page. All my hardware configurations should meet the needs of haproxy. Still I have major performance problems. How do I best find out why? The logs tell me not nearly anything I neec to now to fix that problems. Since I use vm's to try haproxy, I'm able to change some specifics in case I need to. My Hardware assigned to the vm's is: Two cores: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz 512 MB Ram Did you try increase memory ? 512MB for system even virtual isn't much nowadays. What traffic we talk about ? -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Performance problems
I've checked the values Willy posted on the haproxy page. All my hardware configurations should meet the needs of haproxy. Still I have major performance problems. How do I best find out why? The logs tell me not nearly anything I neec to now to fix that problems. Since I use vm's to try haproxy, I'm able to change some specifics in case I need to. My Hardware assigned to the vm's is: Two cores: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz 512 MB Ram The second problem I have is, as I posted before, down reportings for my backend server which are definitly not down. I've run those servers on DNS RR before where each server could handle at least 700 sessions http connections. Right now in use with haproxy every server only can keep 300 - 400. Seems strange to me. Thank you for any help you can give me. Best regards Sebastian
Re: Finding the cause of Socket Errors
This is the definition of the backend checks: server adserver2 192.168.10.61:80 check inter 24 we ight 100 listen adserver.adworxs.net bind192.168.10.68:80 modehttp log global option dontlognull option httpclose option forwardfor maxconn 1 clitimeout 120 balance roundrobin contimeout 120 srvtimeout 120 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.adworxs.net stats auth admin: stats show-node stats refresh s I've already had the problem that the check intervals collided with the check timeouts, but I thought I solved that problem by configuring longer timeouts and check intervals longer than timeout times. Best regards Sebastian On 12.02.2012 09:40, Baptiste wrote: On Sun, Feb 12, 2012 at 9:12 AM, Sebastian Fohler wrote: I get this socket error: haproxy[63881]: Server adserver.dev.adworxs.net/adserver2.dev is DOWN, reason: Socket error, check duration: 8ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. The check duration changes with every error entry, and a manual check won't show me any errors. Is there some way to get more information about the error. The stats are no help eighter. Best regards Sebastian Hey, It seems HAProxy was not able to do the TCP connection to the server. How is this server declared in your configuration? I'm also interested by your timeout values. cheers
Re: Check backend servers
Thank you for all your help. I've fixed the problem now in configuring the backends to just answer with a index.php file as default, for every unspecific request. That seems to solve the problem for now. Greets Sebastian On 10.02.2012 14:12, Graeme Donaldson wrote: On 10 February 2012 14:50, Sebastian Fohler <mailto:i...@far-galaxy.de>> wrote: What URL does haproxy use exactly to check the service? Is it the realm + the url part or something else? Just to be sure to test the correct option. Hi Sebastian If you are just using the "check" option for the backends, then the health check is considered successful if a successful TCP connection can be established on the IP/port specified for the backend. This is often not a good indicator of health for HTTP applications, and for those you can use "option httpchk" to do actual HTTP requests. This option may take any of these forms: option httpchk - Does an HTTP/1.0 GET for the URI "/" option httpchk - As above, but you can specify the URI to use instead of "/" option httpchk - As above, but you can specify the HTTP method as well (GET, POST, etc.) option httpchk , As above but you can also specify the version, i.e. if you want to use HTTP/1.1 instead. To use this you probably need to send the HTTP Host: header as well, you can see in my example below how that's done. In all cases, the health check is considered successful if the HTTP status code returned from the backend is 2xx or 3xx. The last form is typically the most useful. Let's say your app is www.example.com <http://www.example.com> and you decide that retrieving the URI /test is the way to determine if it's healthy or not, you would then use the following in the backend definition: option httpchk GET /test HTTP/1.1\r\nHost:\ www.example.com <http://www.example.com> If you still have questions, please post the backend definition from your config file. Graeme. , which the docs (http://haproxy.1wt.eu/download/1.4/doc/configuration.txt) describe as follows:
Finding the cause of Socket Errors
I get this socket error: haproxy[63881]: Server adserver.dev.adworxs.net/adserver2.dev is DOWN, reason: Socket error, check duration: 8ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. The check duration changes with every error entry, and a manual check won't show me any errors. Is there some way to get more information about the error. The stats are no help eighter. Best regards Sebastian
Re: Check backend servers
so I could use: adserver.dev.local/www/admin/index.php as uri part? Regards Sebastian On 10.02.2012 15:13, Baptiste wrote: option httpchk -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Check backend servers
This is my backend definition: listen adserver.dev.adworxs.net bind192.168.10.70:80 modehttp log global option dontlognull option httpclose option forwardfor maxconn 1000 clitimeout 12 balance roundrobin contimeout 12 srvtimeout 12 retries 10 option httpchk HEAD /index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.dev.local stats auth admin: stats show-node stats refresh m server adserver1.dev 192.168.10.41:80 check inter 24000 0 weight 100 server adserver2.dev 192.168.10.52:80 check inter 24000 0 weight 100 Since I'm using httpchk HEAD /index.php in this case, can you tell me which realm would be used for the check then? Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Fwd: Re: Check backend servers
What URL does haproxy use exactly to check the service? Is it the realm + the url part or something else? Just to be sure to test the correct option. Best regards Sebastian On 10.02.2012 09:56, Baptiste wrote: Hi, Maybe you're server require a Host header in the health check. Have you tried running the check using wget or curl on the server IP address? cheers On Fri, Feb 10, 2012 at 9:00 AM, Sebastian Fohlermailto:i...@far-galaxy.com>> wrote: Hi Is there some way to check the backendservers manually? I'm always get this errors: Feb 9 13:42:56 haproxy[57652]: Server adserver.dev.adworxs.net/adserver1.dev <http://adserver.dev.adworxs.net/adserver1.dev> is DOWN, reason: Layer7 wrong status, code: 404, info: "Not Found", check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Feb 9 13:59:36 haproxy[57652]: Server adserver.dev.adworxs.net/adserver2.dev <http://adserver.dev.adworxs.net/adserver2.dev> is DOWN, reason: Layer7 wrong status, code: 404, info: "Not Found", check duration: 1ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. But can't find out why. Log doesn't show me more informations and just calling the server seem to show no such 404 errors. It must be something between haproxy and my backend system. I've configured very long timeouts and nearly half that long check times but still the same problem. For some reason the physical servers are sending a 404 and after that haproxy shuts them down. They work called by haproxy without any trouble until the check followed by a shutdown. Best regards Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Geotargeting and Server DOWN problem
Thank you for your answer. Sorry Cyril I've missed the messeges between my textlines somehow, no offense, just plain laziness. Should have read the complete text before I asked for further advice. I'll check your hints now and will reconfigure my system hope it helps. Thank you again. Best regards Sebastian On 30.01.2012 07:20, Baptiste wrote: Hi Sebastian, I think Cyril's email is full of advices for you, explaining you where your problem may be. Basically you have several options for your configuration. Either you turn all your listeneners to tcp, removing the http health checks, HAProxy will do basic tcp. Or you can also splitting your configuration based on the frontend port: http vs https. If you need affinity per user on http and https, you can use this configuration example: http://blog.exceliance.fr/2011/07/12/send-user-to-the-same-backend-for-both-http-and-https/ And the second example below will show you how to do persistence based on the SSL id: http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ cheers On Mon, Jan 30, 2012 at 1:14 AM, Sebastian Fohler wrote: Where is the problem? As I already said before, it's my first haproxy config. I only used hardware loadbalancing before. Any help would be appreciated. Best regards Sebastian On 29.01.2012 23:27, Cyril Bonté wrote: Hi Sebastian, Is this really your configuration ? I'm afraid to say that it can't work the way it is done (or I missed something). For those reasons : Le 29/01/2012 14:09, Sebastian Fohler a écrit : Sure no problem, here is my config: the points the points # cat haproxy.cfg global maxconn 9 log 127.0.0.1 local0 uid 80 gid 80 nbproc 1 chroot /var/empty daemon listen adserver.adworxs.local bind 192.168.10.68:80 bind 192.168.10.68:443 mode http First of all, haproxy doesn't understand HTTPS natively. I guess that if you bind on port 443 this is because you want haproxy to receive HTTPS, but it can't. If you want to use haproxy in HTTP mode, you'll have to decode HTTPS into plain text HTTP with a ssl termination such as stunnel or stud. => Don't bind on port 443 with "mode http" enabled. log global option dontlognull option httpclose option forwardfor maxconn 1 clitimeout 3 balance roundrobin contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.adworxs.local stats auth admin: stats show-node stats refresh s server adserver1 192.168.10.61:80 check inter 1000 weight 10 server adserver1 192.168.10.61:443 check inter 1000 weight 10 Here, several issues occur : - You shouldn't use several times the same server name, this is maybe what made your diagnostics difficult in the stats page and in the logs. (In your first post, you said : "The first problem I had was, while checking the haproxy stats, that they show every backendserver is at least the same time DOWN as it is UP") - You've mixed HTTP servers and HTTPS ones in the backend : haproxy will load balance the incoming connections on them (in round robin as you've configured it some lines before). Those connecting to port 443 will probably be always DOWN so you'll think it works if you only send HTTP requests. But as soon as you try to send HTTPS requests, you'll get in trouble. - You can't use "check" on your https server because you've configured "option httpchk" : haproxy will try to send plain text HTTP where the server is waiting for HTTPS. server adserver2 192.168.10.62:80 check inter 1000 weight 10 server adserver2 192.168.10.62:443 check inter 1000 weight 10 server adserver4 192.168.10.67:80 check inter 1000 weight 120 server adserver4 192.168.10.67:443 check inter 1000 weight 120 server adserver5 192.168.10.66:80 check inter 1000 weight 120 server adserver5 192.168.10.66:443 check inter 1000 weight 120 ...same issues for each "adserver" listen adserver.dev.adworxs.local bind 192.168.10.70:80 bind 192.168.10.70:443 mode http log global option dontlognull option httpclose option forwardfor maxconn 6000 clitimeout 3 balance leastconn contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.dev.adworxs.local stats auth admin: stats show-node stats refresh m server adserver1.dev 192.168.10.41:80 check inter 10 weight 100 server adserver1.dev 192.168.10.41:443 check inter 10 weight 100 and same issues for this proxy. I'd suggest you to remove every lines containing a reference to port 443 (binds and servers) and add stunnel or stud in front of haproxy, configured to receive incoming HTTPS request on port 443 and forward the plain text HTTP request to haproxy on port 80. Hope this helps. -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de
Re: Geotargeting and Server DOWN problem
Where is the problem? As I already said before, it's my first haproxy config. I only used hardware loadbalancing before. Any help would be appreciated. Best regards Sebastian On 29.01.2012 23:27, Cyril Bonté wrote: Hi Sebastian, Is this really your configuration ? I'm afraid to say that it can't work the way it is done (or I missed something). For those reasons : Le 29/01/2012 14:09, Sebastian Fohler a écrit : Sure no problem, here is my config: the points the points # cat haproxy.cfg global maxconn 9 log 127.0.0.1 local0 uid 80 gid 80 nbproc 1 chroot /var/empty daemon listen adserver.adworxs.local bind 192.168.10.68:80 bind 192.168.10.68:443 mode http First of all, haproxy doesn't understand HTTPS natively. I guess that if you bind on port 443 this is because you want haproxy to receive HTTPS, but it can't. If you want to use haproxy in HTTP mode, you'll have to decode HTTPS into plain text HTTP with a ssl termination such as stunnel or stud. => Don't bind on port 443 with "mode http" enabled. log global option dontlognull option httpclose option forwardfor maxconn 1 clitimeout 3 balance roundrobin contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.adworxs.local stats auth admin: stats show-node stats refresh s server adserver1 192.168.10.61:80 check inter 1000 weight 10 server adserver1 192.168.10.61:443 check inter 1000 weight 10 Here, several issues occur : - You shouldn't use several times the same server name, this is maybe what made your diagnostics difficult in the stats page and in the logs. (In your first post, you said : "The first problem I had was, while checking the haproxy stats, that they show every backendserver is at least the same time DOWN as it is UP") - You've mixed HTTP servers and HTTPS ones in the backend : haproxy will load balance the incoming connections on them (in round robin as you've configured it some lines before). Those connecting to port 443 will probably be always DOWN so you'll think it works if you only send HTTP requests. But as soon as you try to send HTTPS requests, you'll get in trouble. - You can't use "check" on your https server because you've configured "option httpchk" : haproxy will try to send plain text HTTP where the server is waiting for HTTPS. server adserver2 192.168.10.62:80 check inter 1000 weight 10 server adserver2 192.168.10.62:443 check inter 1000 weight 10 server adserver4 192.168.10.67:80 check inter 1000 weight 120 server adserver4 192.168.10.67:443 check inter 1000 weight 120 server adserver5 192.168.10.66:80 check inter 1000 weight 120 server adserver5 192.168.10.66:443 check inter 1000 weight 120 ...same issues for each "adserver" listen adserver.dev.adworxs.local bind 192.168.10.70:80 bind 192.168.10.70:443 mode http log global option dontlognull option httpclose option forwardfor maxconn 6000 clitimeout 3 balance leastconn contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.dev.adworxs.local stats auth admin: stats show-node stats refresh m server adserver1.dev 192.168.10.41:80 check inter 10 weight 100 server adserver1.dev 192.168.10.41:443 check inter 10 weight 100 and same issues for this proxy. I'd suggest you to remove every lines containing a reference to port 443 (binds and servers) and add stunnel or stud in front of haproxy, configured to receive incoming HTTPS request on port 443 and forward the plain text HTTP request to haproxy on port 80. Hope this helps.
Re: Geotargeting and Server DOWN problem
Another thing which might help to understand the problem: Jan 29 14:24:57 haproxy[61441]: Server adserver.adworxs.local/adserver2 is DOWN, reason: Socket error, info: "Operation not permitted", check duration: 0ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:25:07 haproxy[61441]: Server adserver.adworxs.local/adserver2 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 610ms. 3 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:25:11 haproxy[61441]: Server adserver.adworxs.local/adserver2 is DOWN, reason: Layer7 timeout, check duration: 1009ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:25:18 haproxy[61441]: Server adserver.adworxs.local/adserver2 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 341ms. 3 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:25:34 haproxy[61441]: Server adserver.adworxs.local/adserver2 is DOWN, reason: Socket error, info: "Operation not permitted", check duration: 0ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:26:03 haproxy[61441]: Server adserver.adworxs.local/adserver4 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 100ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:26:03 haproxy[61441]: Server adserver.adworxs.local/adserver5 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 144ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:26:04 haproxy[61441]: Server adserver.adworxs.local/adserver2 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 553ms. 3 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:26:15 haproxy[61441]: Server adserver.adworxs.local/adserver2 is DOWN, reason: Layer7 timeout, check duration: 1019ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:26:26 haproxy[61441]: Server adserver.adworxs.local/adserver4 is DOWN, reason: Socket error, info: "Operation not permitted", check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:26:26 haproxy[61441]: Server adserver.adworxs.local/adserver5 is DOWN, reason: Socket error, info: "Operation not permitted", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. Jan 29 14:26:26 haproxy[61441]: proxy adserver.adworxs.local has no server available! Jan 29 14:26:28 haproxy[61441]: Server adserver.adworxs.local/adserver4 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 152ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jan 29 14:26:28 haproxy[61441]: Server adserver.adworxs.local/adserver5 is UP, reason: Layer7 check passed, code: 200, info: "OK", check duration: 235ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Best regards Sebastian On 27.01.2012 20:54, Sander Klein wrote: On 27.01.2012 16:01, Sebastian Fohler wrote: Sorry just found out that I definitly do an active check. But for some reason every second refresh of my stats shows the servers down. Any idea why that could be? The servers are definitly up all that time. Hmz, I don't know. It think it's helpful if you post more info like your haproxy config. Greets, Sander
Re: Geotargeting and Server DOWN problem
Sure no problem, here is my config: # cat haproxy.cfg global maxconn 9 log 127.0.0.1 local0 uid 80 gid 80 nbproc 1 chroot /var/empty daemon listen adserver.adworxs.local bind192.168.10.68:80 bind192.168.10.68:443 modehttp log global option dontlognull option httpclose option forwardfor maxconn 1 clitimeout 3 balance roundrobin contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.adworxs.local stats auth admin: stats show-node stats refresh s server adserver1 192.168.10.61:80 check inter 1000 weight 10 server adserver1 192.168.10.61:443 check inter 1000 weight 10 server adserver2 192.168.10.62:80 check inter 1000 weight 10 server adserver2 192.168.10.62:443 check inter 1000 weight 10 server adserver4 192.168.10.67:80 check inter 1000 weight 120 server adserver4 192.168.10.67:443 check inter 1000 weight 120 server adserver5 192.168.10.66:80 check inter 1000 weight 120 server adserver5 192.168.10.66:443 check inter 1000 weight 120 listen adserver.dev.adworxs.local bind192.168.10.70:80 bind192.168.10.70:443 modehttp log global option dontlognull option httpclose option forwardfor maxconn 6000 clitimeout 3 balance leastconn contimeout 3 srvtimeout 3 retries 10 option httpchk HEAD /www/admin/index.php HTTP/1.0 stats enable stats uri /haproxy?stats stats realm adserver.dev.adworxs.local stats auth admin: stats show-node stats refresh m server adserver1.dev 192.168.10.41:80 check inter 10 weight 100 server adserver1.dev 192.168.10.41:443 check inter 10 weight 100 Thank you in advance. Best regards Sebastian On 27.01.2012 20:54, Sander Klein wrote: On 27.01.2012 16:01, Sebastian Fohler wrote: Sorry just found out that I definitly do an active check. But for some reason every second refresh of my stats shows the servers down. Any idea why that could be? The servers are definitly up all that time. Hmz, I don't know. It think it's helpful if you post more info like your haproxy config. Greets, Sander
Re: Geotargeting and Server DOWN problem
Sorry just found out that I definitly do an active check. But for some reason every second refresh of my stats shows the servers down. Any idea why that could be? The servers are definitly up all that time. Best regards Sebastian Sander Klein wrote: Hi, On 26.01.2012 18:45, Sebastian Fohler wrote: I'm trying to setup a loadbalancing configuration with four backend server on nginx basis. The first problem I had was, while checking the haproxy stats, that they show every backendserver is at least the same time DOWN as it is UP, how can this be, and what could be the problem? Are you doing active check against the backend servers using haproxy? Another problem I have is that the backend servers are using geotargeting to deliver specific content to specific country locations, since the haproxy loadbalancing has always the same ip the seem to be some confusion with the geotargeting after activating haproxy. You might use real ip (http://wiki.nginx.org/HttpRealIpModule) and the haproxy 'option forwardfor' to solve the geotargetting problem. Greets, Sander
Geotargeting and Server DOWN problem
I'm trying to setup a loadbalancing configuration with four backend server on nginx basis. The first problem I had was, while checking the haproxy stats, that they show every backendserver is at least the same time DOWN as it is UP, how can this be, and what could be the problem? Another problem I have is that the backend servers are using geotargeting to deliver specific content to specific country locations, since the haproxy loadbalancing has always the same ip the seem to be some confusion with the geotargeting after activating haproxy. Can someone help me to find out which configuration would be need to overcome these obstacles? Thank you in advance. Best regards Sebastian -- Sebastian Fohler Far-Galaxy Networks Web: http://www.far-galaxy.de Tel.: +49 (0)173 8796211 E-Mail: i...@far-galaxy.de