subscribe
First of all, sorry for the previous list spam. I pasted the wrong
address while subscribing.
I am setting up FTP load balancing using HAProxy. The rub is that I
want something similar to the X-Forwarded-For header supported in
HTTP.
I am aware of TPROXY, but I don't wish to maintain my own
OK, first off, the FTP SITE command is reserved for specific FTP
server extensions. It is commonly used for banning IP addresses. So
that the user can, via their FTP client issue a command such as:
SITE ADDIP XXX.XXX.XXX.XXX
The server knows what to do with this IP address because it has an
On Sat, Feb 26, 2011 at 9:34 AM, Willy Tarreau w...@1wt.eu wrote:
If you maintain your own servers, wouldn't you be interested in making
them support the proxy protocol we've added between stunnel and haproxy ?
It provides the server with a first line containing the protocol (TCPv4,
TCPv6),
On Sat, Feb 26, 2011 at 12:04 PM, Willy Tarreau w...@1wt.eu wrote:
It has been implement on the client side in haproxy but not yet on the
server side, though it should not be difficult at all. You can find
information on the protocol here :
On Fri, Mar 18, 2011 at 2:00 PM, Antony ddj...@mail.ru wrote:
Hi guys!
I'm new to HAProxy and currently I'm testing it.
So I've read this on the main page of the web site:
The reliability can significantly decrease when the system is pushed to its
limits. This is why finely tuning the
On Thu, Mar 24, 2011 at 4:35 PM, bradford fingerm...@gmail.com wrote:
I know there have been several emails about this, but what is the most
secure way of logging the client's IP address in the application code?
Do you just log the full X-Forwarded-For comma delimited value?
Also, can't they
On Thu, Mar 24, 2011 at 5:01 PM, Ben Timby bti...@gmail.com wrote:
Delete any existing headers using reqdel/reqidel.
reqidel X-Forwarded-For
option forwardfor
This will ensure the only one the backed sees is the one you added.
Sorry, more like:
reqidel ^X-Forwarded-For:.*
Found
On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hi All,
I'm trying to find documentation on configuring HAProxy to do half-NAT, but
can't seem to find any. Does HAProxy not support half-NAT or does it call it
something else? Thank you in advance for your
On Thu, Mar 24, 2011 at 6:03 PM, Willy Tarreau w...@1wt.eu wrote:
Hi Ben,
I'm sure you hit the issue that David has fixed a few days ago.
In short, due to a parsing issue on the server address, haproxy
is reconnecting to IP 0.0.0.0 on the target port. IP 0.0.0.0 is
any IP, and the system
On Thu, Mar 24, 2011 at 7:02 PM, Ben Timby bti...@gmail.com wrote:
On Thu, Mar 24, 2011 at 6:03 PM, Willy Tarreau w...@1wt.eu wrote:
Hi Ben,
I'm sure you hit the issue that David has fixed a few days ago.
In short, due to a parsing issue on the server address, haproxy
is reconnecting to IP
I am using haproxy in combination with stunnel to perform SSL. My
backend servers expect an X-Forwarded-Proto: https header to indicate
that the request was sent over SSL. If this header is missing, the
request is redirected to the https:// flavor of the URL.
However, with haproxy-1.5-dev5, I am
I found the issue. From the haproxy manual:
By default HAProxy operates in a tunnel-like mode with regards to persistent
connections: for each connection it processes the first request and forwards
everything else (including additional requests) to selected server. Once
established, the
On Fri, Apr 1, 2011 at 12:24 PM, Delta Yeh delta@gmail.com wrote:
Hi all,
When setting up a web hosting service with haproxy, there is a requirement.
The case is :
clientnginx---haproxy---wwws
client :1.1.1.1
nginx 2.2.2.1
haorxy:2.2.2.2
wwws:3.3.3.1
nginx sit
On Sat, Apr 9, 2011 at 2:07 PM, Joseph Hardeman jwharde...@gmail.com wrote:
Hi Guys,
I was wondering if someone has a good example I could use for proxying https
traffic. We are trying to proxy multiple sites that use https and I was
hoping for a way to see how to proxy that traffic between
On Tue, Apr 12, 2011 at 12:15 AM, Joseph Hardeman jwharde...@gmail.com wrote:
HI,
Considering these are for a customer and they have already purchased their
certs, I don't want to go through the hassle of converting them and causing
them any issues.
I don't see how this would inconvenience
Simplification is not always possible. You must use the tools at hand.
Reading the article you linked to everything seemed pretty
straightforward to me. A feature like rate limiting can only be
simplified so much.
That said, look into using stunnel for your SSL decryption. There is a
patch that
On Fri, May 6, 2011 at 5:41 PM, Brian Carpio bcar...@broadhop.com wrote:
Hi,
I have a very simple setup for doing load balancing for MySQL DBs.
listen mysql_proxy vip01:3306
mode tcp
option tcpka
balance roundrobin
server mysql01 mysql01:3306
On 2011-05-17 17:21, Johannes Smith wrote:
Hi, are there chances to get something like option dontlogip which
dumps all logged ips with 0.0.0.0 (in order to stay compatibel with log
analyzing tools)?
Another option is to look at your log analyzer. The one I use allows
the log file config
Le samedi 28 mai 2011 08:05:59, Jirapong Kijkiat a écrit :
Dear. w...@1wt.eu, haproxy@formilux.org
How i can config haproxy for load balance my ftp server. now my
haproxy.cnf
FTP is not easy to load balance. Here is the solution I use.
1. HAProxy machine is the NAT gateway for FTP
On Thu, Aug 11, 2011 at 10:16 AM, Ran S r...@sheinberg.net wrote:
But the majority of the guides are not relevant to my problem. as far as I
understand, in order for a frontend to use a different IP than the machine's
IP (in an internal network), all is needed is:
Why do you think that? You
On Thu, Sep 22, 2011 at 10:24 AM, İbrahim Ercan
ibrahim.er...@engineer.com wrote:
Hi, I am new haproxy user. I wonder that is there a way to make haproxy send
notifications when a server down or up?
Thank you for interested in...
Hi Ibrahim,
Use Nagios or a similar monitoring tool. These
On Thu, Sep 22, 2011 at 11:30 AM, Guillaume Bourque
guillaume.bour...@gmail.com wrote:
option log-health-checks
:-) I took notification to mean something other than logging.
On Mon, Jul 16, 2012 at 4:39 PM, Gabriel Sosa sosagabr...@gmail.com wrote:
IMHO
if you run your servers in a trusted network, **haproxy == stunnel
== server** part adds a lot of overhead
I see your point but have to chime in with this: A trusted network is
one small step away from being an
I am using haproxy to load balance a pool of FTP servers. Since
haproxy only handles the command channel and I am using leastconn, it
is able to pretty much keep the load balanced between all servers.
However, not all users (or command channels) are equal. For example a
specific user may open a
Willy,
On Tue, Oct 23, 2012 at 2:10 AM, Willy Tarreau w...@1wt.eu wrote:
Some of us have already been discussing about the possibility to adapt the
HTTP checks to report a header to modulate the server's weight (in fact it
was planned for 1.3.14 but skipped because of no use at this time). But
I am trying to find a health check suitable for FTP servers. Sometimes
the FTP server is in a state where it accepts a connection, but does
not respond for several seconds. I would like to be able to simply
ensure that the FTP server banner is returned by a server, ensuring
it's healthy operation.
On Tue, Jan 8, 2013 at 11:14 AM, Baptiste bed...@gmail.com wrote:
that said, I'm not sure that you can remove this char.
Jeremy, it is not pretty, but we run analytics on a bunch of log
files. We format them as best we can in the producers, but some still
need transformation. Our analytics
On Mon, Jan 21, 2013 at 7:30 PM, Sölvi Páll Ásgeirsson sol...@gmail.com wrote:
Hello!
I have a small question on 'idiomatic' haproxy configuration, when
serving multiple independent applications from
a a shared group of webservers and if I should define each
application/virtual directory as
On Tue, Jan 22, 2013 at 9:57 AM, Olivier Desport
olivier.desp...@ac-versailles.fr wrote:
I use Haproxy with two web servers. The CSS are not well displayed (images,
fonts...). The look of the page is different every time I refresh ! It works
correctly when Haproxy is not used. Is there
I run about 50 FTP server clusters. Each cluster consists of 3 backend FTP
servers. I am using haproxy to load balance each of these clusters to three
backends. I am using smtpchk to verify the FTP banner. I run the HTTP admin
interface, which shows the status of all the front/backends.
Running
Alok,
On Tue, Apr 16, 2013 at 8:26 PM, Alok Kumar a_sa...@yahoo.com wrote:
I have a HA Proxy server(1.4), thzt is load balacing FTP traffic to Six
FTP
servers.
I noticed that Load Balancer is dropping traffic after 50 sec, where as
there
was a valid ftp control port and Large file
On Thu, Apr 18, 2013 at 3:38 PM, Alok Kumar a_sa...@yahoo.com wrote:
Hi Ben,
In my case we are load balancing across FTP servers.
FTP uses two data channel and command channel port for data transfer.
I use haproxy for the same purpose. Closing the command channel will not
affect a transfer
Alok,
Sorry have been out of the office for a while.
You could try increasing the clitimeout and srctimeout values in your
defaults section. These values are ninety and one hundred and twenty
seconds respectively. My guess is that tcpka has no effect on activity
from haproxy's point of view as
TCP mode load balancing would treat each TCP quad (source ip/source port,
dest ip/dest port), stream, or flow as a session or in other words, the
TCP stream is the basic unit of TCP load balancing.
You can enable the stats http interface and monitor that in your browser
for some useful metrics
Read the manual about `rise` and `fall` parameters. These allow you to
control how many successive checks must pass or fail before the server
transitions up or down (rises / falls). The check interval is used as the
check timeout unless you specify a check timeout. See timeout check in
the manual.
While this does not answer your question per se you can use the track
option to eliminate the duplicate check.
In other words, the SSL backend can track the checks done by the non-SSL
backend.
backend nginx-ssl
modetcp
balance leastconn
server app1
Baptiste gave you the proper answer already. The SSL backend is using TCP
mode, so the check is a TCP check without the `option httpchk` defined on
the backend, which just checks that the port is open. Add the httpchk
option without check-ssl and you will be all set. Or you can use track to
skip
With some iptables rules you can use FTP active and passive mode via
haproxy.
The key is to assign unique passive port ranges to each backend then port
forward those ranges. You must be able to configure each FTP server daemon
with it's own range.
You must also be able to configure your FTP
Nick,
HAProxy provides statistics via socket or HTTP interface. You can easily
monitor these stats and run scripts. Some cron jobs and regex should
suffice. Specific cases like this are usually not something I would imagine
belongs in HAProxy core, since it is not directly related to load
Nick,
Here is some information on using socat to interact with the stats socket.
This might be useful for shell scripting.
http://www.mgoff.in/2010/07/14/haproxy-gathering-stats-using-socat/
41 matches
Mail list logo