Re: Service down with TCP
Hi, Few notes: - If I disable the tcp services haproxy remains stable - I see the same behavior on both haproxy servers Sorry for the conf . De : Baptiste bed...@gmail.commailto:bed...@gmail.com Date : mercredi 22 juillet 2015 09:38 À : Thibault Labrut t.lab...@pickup-services.commailto:t.lab...@pickup-services.com Cc : haproxy@formilux.orgmailto:haproxy@formilux.org haproxy@formilux.orgmailto:haproxy@formilux.org Objet : Re: Service down with TCP On Tue, Jul 21, 2015 at 6:25 PM, Thibault LABRUT t.lab...@pickup-services.commailto:t.lab...@pickup-services.com wrote: Hello, I implemented the tcp flow at my haproxy . The problem is that since haproxy service stops after 5 minutes. I have seen rine especially in logs except this: kernel: Traps : haproxy [ 11939 ] Common IP protection : 7fe1ddc19f1a sp : 7fff12c2d580 error: 0 in haproxy [ + 7fe1ddbd5000 b6000 ] haproxy - systemd -wrapper : haproxy - systemd -wrapper : exit , haproxy RC = 0 Here is a sample configuration: frontend tcp_33101 fashion tcp tcplog option option tcpka capture request header Host len 200 bind 192.168.100.98:33101 default_backend prod_tools_tcp_33101 backend prod_tools_tcp_33101 fashion tcp tcplog option option tcpka server srv- prod_tools_tcp_33101-01 XXX.XXX.XXX.XXX:33101 check weight 100 Best regards, Thibault Hi Thibault, What troubleshooting steps have you already performed? Have you dug into systemd? NOTE: Please don't use a translator with your HAProxy configuration. That's why now, haproxy is in fashion tcp instead of mode tcp. Baptiste
Service down with TCP
Hello, I implemented the tcp flow at my haproxy . The problem is that since haproxy service stops after 5 minutes. I have seen rine especially in logs except this: kernel: Traps : haproxy [ 11939 ] Common IP protection : 7fe1ddc19f1a sp : 7fff12c2d580 error: 0 in haproxy [ + 7fe1ddbd5000 b6000 ] haproxy - systemd -wrapper : haproxy - systemd -wrapper : exit , haproxy RC = 0 Here is a sample configuration: frontend tcp_33101 fashion tcp tcplog option option tcpka capture request header Host len 200 bind 192.168.100.98:33101 default_backend prod_tools_tcp_33101 backend prod_tools_tcp_33101 fashion tcp tcplog option option tcpka server srv- prod_tools_tcp_33101-01 XXX.XXX.XXX.XXX:33101 check weight 100 Best regards, Thibault
HAproxy and UPD
Hi, I¹m going to implement Haproxy and I need to loadbalance upd flow (for example to centralize network equipment syslog). But I see that upd is not supported. Have you a solution for me? Best regards, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314
Re: Need help about ACLs settings
Hi, Thx for your help. But now I’ve an other issue. When we put on a bottom in form, the url is : http://foo.domain.com:42/index.htm. I want rewrite url like this : http://foo.domain.com/index.htm For this operation, I use the function rspirep in backend (LB) rspirep ^Location:\ (.*):30200(.*) Location:\ \1\2 But without success. Cordialement, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314 De : Thierry t...@thierry.1s.fr Date : jeudi 11 juin 2015 17:21 À : Thibault Labrut thibault.lab...@enioka.com Cc : haproxy@formilux.org haproxy@formilux.org Objet : Re: Need help about ACLs settings On Thu, 11 Jun 2015 16:51:14 +0200 Thibault Labrut thibault.lab...@enioka.com wrote: Hi Thierry, If I understand your propsition, my settings shourld be like this : You must add option forwardfor in the RP frontend. Thierry RP settings (no change) # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 (IP client) use_backend test if acl_test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL (new acl setting) acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 use_backend test if acl_test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check Thibault Labrut. De : Thierry FOURNIER tfourn...@haproxy.com Date : jeudi 11 juin 2015 11:56 À : Thibault Labrut t.lab...@pickup-services.com Cc : haproxy@formilux.org haproxy@formilux.org Objet : Re: Need help about ACLs settings On Thu, 11 Jun 2015 09:06:43 + Thibault LABRUT t.lab...@pickup-services.com wrote: Hello, I¹m going to install HA Proxy. My architecture is as folows : - 2 servers in DMZ = reverse proxy (RP) - 2 servers in LAN = Load balancing (LB) Several applications contact RP with different IP adress but with always de same port. With the settings as below the connection is up : RP settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 default_backend test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 default_backend test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check But in this case the connection is down : # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 (IP client) use_backend test if acl_test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 use_backend test if acl_test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check Can you say me what is the problem with my settings? Hi, If I understand, you have two HAProxy chained, RP is in front and LB is in back. In this case, the connexions received by the LB load balancer cannot known the original IP source, because the connexions are established by the LB load balancer with its own IP. You can use the header x-forwarded-for for string the original ip source. The directive is option forwardfor. On the LB HAProxy, you can use a sample taht returns the content of the header x-forwarded-for, like this: acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 best regards Thierry Best Regards, Thibault Labrut.
Re: Need help about ACLs settings
Hi Thierry, If I understand your propsition, my settings shourld be like this : RP settings (no change) # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 (IP client) use_backend test if acl_test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL (new acl setting) acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 use_backend test if acl_test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check Thibault Labrut. De : Thierry FOURNIER tfourn...@haproxy.com Date : jeudi 11 juin 2015 11:56 À : Thibault Labrut t.lab...@pickup-services.com Cc : haproxy@formilux.org haproxy@formilux.org Objet : Re: Need help about ACLs settings On Thu, 11 Jun 2015 09:06:43 + Thibault LABRUT t.lab...@pickup-services.com wrote: Hello, I¹m going to install HA Proxy. My architecture is as folows : - 2 servers in DMZ = reverse proxy (RP) - 2 servers in LAN = Load balancing (LB) Several applications contact RP with different IP adress but with always de same port. With the settings as below the connection is up : RP settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 default_backend test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 default_backend test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check But in this case the connection is down : # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 (IP client) use_backend test if acl_test # Backend backend test server srv_ test test.maycompany.local:42 check LB settings # Frontend frontend http_test bind xx.xx.xx.xx:42 capture request header Host len 200 # ACL acl acl_test src 12.34.56.78 use_backend test if acl_test # Backend backend test balance roundrobin server test01 xx.xx.xx.xx:42 check server test02 xx.xx.xx.xx:42 check Can you say me what is the problem with my settings? Hi, If I understand, you have two HAProxy chained, RP is in front and LB is in back. In this case, the connexions received by the LB load balancer cannot known the original IP source, because the connexions are established by the LB load balancer with its own IP. You can use the header x-forwarded-for for string the original ip source. The directive is option forwardfor. On the LB HAProxy, you can use a sample taht returns the content of the header x-forwarded-for, like this: acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 best regards Thierry Best Regards, Thibault Labrut.
Re: HA proxy - Need infromation
Hi, But I search a GUI to manage Ha proxy (add/remove services for example). Bes regards, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314 De : Igor Cicimov ig...@encompasscorporation.com Date : mardi 14 avril 2015 02:56 À : Thibault Labrut thibault.lab...@enioka.com Cc : haproxy@formilux.org Objet : Re: HA proxy - Need infromation On Tue, Apr 14, 2015 at 12:55 AM, Thibault Labrut thibault.lab...@enioka.com wrote: Hello, I currently installing HAProxy with keepalived to one of my clients. To facilitate the administration of this tool, I would like to know if you can advise me of administration web gui for HA proxy. Look for stats in the HAP documentation. Thank you for your help. Best regards, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314
HA proxy - Need infromation
Hello, I currently installing HAProxy with keepalived to one of my clients. To facilitate the administration of this tool, I would like to know if you can advise me of administration web gui for HA proxy. Thank you for your help. Best regards, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314