Re: HTTP and send-proxy
Hi, Baptiste! Thanks for your reply, I found there is an incorrect configure in my On Sat, Oct 12, 2013 at 5:47 PM, Baptiste bed...@gmail.com wrote: Hi Jinge, None of your servers are available in the farm so HAProxy returns 503. you should have a look at your logs or run a tcpdump between HAProxy and the server to know the issue. Maybe your HTTP check URL is wrong or you need a Host header. Baptiste On Sat, Oct 12, 2013 at 4:48 AM, jinge altman87...@gmail.com wrote: Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always there. the configure there ha-L0.conf -- # frontend ## frontend tcp-in bind 192.168.137.41:2220 bind 192.168.132.41:2221 bind 192.168.133.41: mode tcp log global option tcplog #distingush HTTP and non-HTTP tcp-request inspect-delay 30s tcp-request content accept if HTTP #ACL DEFINE acl squid_incompatiable-Host hdr_reg(Host) -f /usr/local/etc/acl-define.d/squid_incompatiable-Host.txt acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend Direct if !HTTP use_backend Direct if HTTP_1.1 missing_host use_backend Direct if direct-dstip use_backend Direct if METH_CONNECT use_backend Direct if QQClient default_backend HAL1 backend HAL1 mode http log global source 0.0.0.0 server ha2-l1-n1 localhost:3330 send-proxy ha-L1.conf -- # frontend ## frontend localhostlister bind localhost:3330 accept-proxy mode http #ACL DEFINE acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr_beg(Host) -i ws acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend NginxClusterWebsockets if is_websocket default_backend SquidCluster backend SquidCluster mode http option forwardfor header X-Client balance uri whole log global acl mgmt-src src -f /usr/local/etc/acl-define.d/mgmt-src.txt errorfile 502 /usr/local/etc/errorfiles/504.http acl is_internal_error status ge 500 rspideny . if is_internal_error !mgmt-src rspidel ^via:.* unless mgmt-src rspidel ^x-cache:* unless mgmt-src rspidel ^x-cache-lookup:* unless mgmt-src rspidel ^X-Ecap:* unless mgmt-src source 0.0.0.0 option httpchk GET http://192.168.172.4/check.txt server sq-L1-n1a x.x.x.x:3129 weight 20 check inter 5s maxconn 1 And we use the haproxy -d argument found the ha0 seems never send the msg to the ha1 0090:HAL1.clireq[0019:]: GET http://www.taobao.com/ HTTP/1.1 0090:HAL1.clihdr[0019:]: User-Agent: curl/7.26.0 0090:HAL1.clihdr[0019:]: Host: www.taobao.com 0090:HAL1.clihdr[0019:]: Accept: */* 0090:HAL1.clihdr[0019:]: Proxy-Connection: Keep-Alive 008d:HAL1.clicls[000e:001a] 008d:HAL1.closed[000e:001a] Is there any one can help what's the problem there ? --- Regards Jinge
Re: HTTP and send-proxy
On 29 October 2013 08:30, Ge Jin altman87...@gmail.com wrote: Hi, Baptiste! Thanks for your reply, I found there is an incorrect configure in my ... email client? ;-)
Re: HTTP and send-proxy
Hi Jinge, None of your servers are available in the farm so HAProxy returns 503. you should have a look at your logs or run a tcpdump between HAProxy and the server to know the issue. Maybe your HTTP check URL is wrong or you need a Host header. Baptiste On Sat, Oct 12, 2013 at 4:48 AM, jinge altman87...@gmail.com wrote: Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always there. the configure there ha-L0.conf -- # frontend ## frontend tcp-in bind 192.168.137.41:2220 bind 192.168.132.41:2221 bind 192.168.133.41: mode tcp log global option tcplog #distingush HTTP and non-HTTP tcp-request inspect-delay 30s tcp-request content accept if HTTP #ACL DEFINE acl squid_incompatiable-Host hdr_reg(Host) -f /usr/local/etc/acl-define.d/squid_incompatiable-Host.txt acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend Direct if !HTTP use_backend Direct if HTTP_1.1 missing_host use_backend Direct if direct-dstip use_backend Direct if METH_CONNECT use_backend Direct if QQClient default_backend HAL1 backend HAL1 mode http log global source 0.0.0.0 server ha2-l1-n1 localhost:3330 send-proxy ha-L1.conf -- # frontend ## frontend localhostlister bind localhost:3330 accept-proxy mode http #ACL DEFINE acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr_beg(Host) -i ws acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend NginxClusterWebsockets if is_websocket default_backend SquidCluster backend SquidCluster mode http option forwardfor header X-Client balance uri whole log global acl mgmt-src src -f /usr/local/etc/acl-define.d/mgmt-src.txt errorfile 502 /usr/local/etc/errorfiles/504.http acl is_internal_error status ge 500 rspideny . if is_internal_error !mgmt-src rspidel ^via:.* unless mgmt-src rspidel ^x-cache:* unless mgmt-src rspidel ^x-cache-lookup:* unless mgmt-src rspidel ^X-Ecap:* unless mgmt-src source 0.0.0.0 option httpchk GET http://192.168.172.4/check.txt server sq-L1-n1a x.x.x.x:3129 weight 20 check inter 5s maxconn 1 And we use the haproxy -d argument found the ha0 seems never send the msg to the ha1 0090:HAL1.clireq[0019:]: GET http://www.taobao.com/ HTTP/1.1 0090:HAL1.clihdr[0019:]: User-Agent: curl/7.26.0 0090:HAL1.clihdr[0019:]: Host: www.taobao.com 0090:HAL1.clihdr[0019:]: Accept: */* 0090:HAL1.clihdr[0019:]: Proxy-Connection: Keep-Alive 008d:HAL1.clicls[000e:001a] 008d:HAL1.closed[000e:001a] Is there any one can help what's the problem there ? --- Regards Jinge
HTTP and send-proxy
Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always there. the configure there ha-L0.conf -- # frontend ## frontend tcp-in bind 192.168.137.41:2220 bind 192.168.132.41:2221 bind 192.168.133.41: mode tcp log global option tcplog #distingush HTTP and non-HTTP tcp-request inspect-delay 30s tcp-request content accept if HTTP #ACL DEFINE acl squid_incompatiable-Host hdr_reg(Host) -f /usr/local/etc/acl-define.d/squid_incompatiable-Host.txt acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend Direct if !HTTP use_backend Direct if HTTP_1.1 missing_host use_backend Direct if direct-dstip use_backend Direct if METH_CONNECT use_backend Direct if QQClient default_backend HAL1 backend HAL1 mode http log global source 0.0.0.0 server ha2-l1-n1 localhost:3330 send-proxy ha-L1.conf -- # frontend ## frontend localhostlister bind localhost:3330 accept-proxy mode http #ACL DEFINE acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr_beg(Host) -i ws acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend NginxClusterWebsockets if is_websocket default_backend SquidCluster backend SquidCluster mode http option forwardfor header X-Client balance uri whole log global acl mgmt-src src -f /usr/local/etc/acl-define.d/mgmt-src.txt errorfile 502 /usr/local/etc/errorfiles/504.http acl is_internal_error status ge 500 rspideny . if is_internal_error !mgmt-src rspidel ^via:.* unless mgmt-src rspidel ^x-cache:* unless mgmt-src rspidel ^x-cache-lookup:* unless mgmt-src rspidel ^X-Ecap:* unless mgmt-src source 0.0.0.0 option httpchk GET http://192.168.172.4/check.txt server sq-L1-n1a x.x.x.x:3129 weight 20 check inter 5s maxconn 1 And we use the haproxy -d argument found the ha0 seems never send the msg to the ha1 0090:HAL1.clireq[0019:]: GET http://www.taobao.com/ HTTP/1.1 0090:HAL1.clihdr[0019:]: User-Agent: curl/7.26.0 0090:HAL1.clihdr[0019:]: Host: www.taobao.com 0090:HAL1.clihdr[0019:]: Accept: */* 0090:HAL1.clihdr[0019:]: Proxy-Connection: Keep-Alive 008d:HAL1.clicls[000e:001a] 008d:HAL1.closed[000e:001a] Is there any one can help what's the problem there ? --- Regards Jinge