Re: Websockets and RTMP
The following config doesn't direct secure websocket connections to the backend. What am I doing wrong? global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghostlocal0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy daemon #debug #quiet defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 5 srvtimeout 5 frontend port443 bind :443 mode tcp clitimeout 65000 tcp-request inspect-delay 5s acl traffic_is_ssl req_ssl_ver gt 0 acl enough_non_ssl_bytes req_len ge 22 tcp-request content accept if traffic_is_ssl # accept SSL tcp-request content accept if enough_non_ssl_bytes # accept non-SSL use_backend ssl_backend if traffic_is_ssl default_backend rtmp_backend backend ssl_backend srvtimeout 65000 server nginx_server 127.0.0.1:4443 backend rtmp_backend srvtimeout 65000 server rtmp_server 127.0.0.1:1935 I also tried much simpler config but I still can't connect: frontend port443 bind :443 mode tcp default_backend ssl_backend backend ssl_backend srvtimeout 65000 server nginx_server 127.0.0.1:4443 On Tue, May 14, 2013 at 2:16 PM, pablo platt wrote: > Is my config reasonable? > > > On Sun, May 12, 2013 at 6:14 PM, Jonathan Matthews < > cont...@jpluscplusm.com> wrote: > >> On 12 May 2013 10:03, pablo platt wrote: >> > Can you please explain how to use ssl_fc? >> > I couldn't find it in the configuration docs. >> > >> > Please see below the global and defaults sections which I get when >> > installing the haproxy-1.4.18 deb package on ubuntu 12.04 >> >> ssl_fc is only in HAProxy 1.5. >> >> Jonathan >> -- >> Jonathan Matthews // Oxford, London, UK >> http://www.jpluscplusm.com/contact.html >> >> >
Re: Websockets and RTMP
Is my config reasonable? On Sun, May 12, 2013 at 6:14 PM, Jonathan Matthews wrote: > On 12 May 2013 10:03, pablo platt wrote: > > Can you please explain how to use ssl_fc? > > I couldn't find it in the configuration docs. > > > > Please see below the global and defaults sections which I get when > > installing the haproxy-1.4.18 deb package on ubuntu 12.04 > > ssl_fc is only in HAProxy 1.5. > > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html > >
Re: Websockets and RTMP
On 12 May 2013 10:03, pablo platt wrote: > Can you please explain how to use ssl_fc? > I couldn't find it in the configuration docs. > > Please see below the global and defaults sections which I get when > installing the haproxy-1.4.18 deb package on ubuntu 12.04 ssl_fc is only in HAProxy 1.5. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html
Re: Websockets and RTMP
Can you please explain how to use ssl_fc? I couldn't find it in the configuration docs. Please see below the global and defaults sections which I get when installing the haproxy-1.4.18 deb package on ubuntu 12.04 The frontend and backend parts are what I thought of using after reading the answer here http://www.mentby.com/Group/haproxy/route-http-connections-to-tcp-backend-instead-of-dropping-in-http-mode.html Do I need to add or remove any of the settings? Thanks global log 127.0.0.1local0 log 127.0.0.1local1 notice #log loghostlocal0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy daemon #debug #quiet defaults logglobal modehttp optionhttplog optiondontlognull retries3 option redispatch maxconn2000 contimeout5000 clitimeout5 srvtimeout5 frontend port443 bind :443 mode tcp tcp-request inspect-delay 5s acl traffic_is_ssl req_ssl_ver -gt 0 tcp-request content accept use_backend media_backend if traffic_is_ssl default_backend websocket_backend backend media_backend server media_server 127.0.0.1:1935 backend websocket_backend server websocket-server 127.0.0.1:4443 On Sat, May 11, 2013 at 10:41 PM, Baptiste wrote: > Hi Pablo, > > My answers inline. > > On Sat, May 11, 2013 at 6:20 PM, pablo platt > wrote: > > Hi, > > > > I need to proxy secure websockets and RTMP (normal tcp) on the same port. > > In the future I'll need normal HTTP requests and static files. > > haproxy will pass ssl requests to backend1 and RTMP requests to backend2. > > Processes will be open for a long time (minutes - hours). > > The backends are on the same machine and will be responsible for timeouts > > and pings. > > > > Do I need to change anythinging in the default configuration like > > contimeout, clitimeout and srvtimeout? I'm using the ubuntu 12.04 > package. > > Please paste your configuration. We don't know the default > configuration from each packager and OS ;) > > > > > Is this the correct way to check for ssl requests? > > acl traffic_is_ssl req_ssl_ver -gt 0 > > I would better use ssl_fc. > Using content inspection (tcp-request inspect) rules, you can do the > content switching based on ssl_fc and so split SSL and RTMP traffic to > 2 different farms. > (I guess this is the purpose you're trying to achieve). > > > When nginx will get ssl requests from haproxy it'll see haproxy's IP. > > Can I terminate ssl requests in nginx even when the client IP was > changed? > > IP change has no impact on SSL. > > > Thanks > > > > Baptiste >
Re: Websockets and RTMP
Hi Pablo, My answers inline. On Sat, May 11, 2013 at 6:20 PM, pablo platt wrote: > Hi, > > I need to proxy secure websockets and RTMP (normal tcp) on the same port. > In the future I'll need normal HTTP requests and static files. > haproxy will pass ssl requests to backend1 and RTMP requests to backend2. > Processes will be open for a long time (minutes - hours). > The backends are on the same machine and will be responsible for timeouts > and pings. > > Do I need to change anythinging in the default configuration like > contimeout, clitimeout and srvtimeout? I'm using the ubuntu 12.04 package. Please paste your configuration. We don't know the default configuration from each packager and OS ;) > > Is this the correct way to check for ssl requests? > acl traffic_is_ssl req_ssl_ver -gt 0 I would better use ssl_fc. Using content inspection (tcp-request inspect) rules, you can do the content switching based on ssl_fc and so split SSL and RTMP traffic to 2 different farms. (I guess this is the purpose you're trying to achieve). > When nginx will get ssl requests from haproxy it'll see haproxy's IP. > Can I terminate ssl requests in nginx even when the client IP was changed? IP change has no impact on SSL. > Thanks > Baptiste
Websockets and RTMP
Hi, I need to proxy secure websockets and RTMP (normal tcp) on the same port. In the future I'll need normal HTTP requests and static files. haproxy will pass ssl requests to backend1 and RTMP requests to backend2. Processes will be open for a long time (minutes - hours). The backends are on the same machine and will be responsible for timeouts and pings. Do I need to change anythinging in the default configuration like contimeout, clitimeout and srvtimeout? I'm using the ubuntu 12.04 package. Is this the correct way to check for ssl requests? acl traffic_is_ssl req_ssl_ver -gt 0 When nginx will get ssl requests from haproxy it'll see haproxy's IP. Can I terminate ssl requests in nginx even when the client IP was changed? Thanks