We had the same issue with NagiosXI - I just updated check_haproxy to
append ;csv to the url that it does a GET against. Seems like less
work then modifying all your HAProxy instances :-)
On 6/4/12 2:54 AM, Esteban Torres Rodríguez wrote:
2012/6/2 Willy Tarreauw...@1wt.eu:
On Fri, Jun 01,
Is haproxy adding X-Forwarded-For to the request it sends varnish? If
so, just don't have varnish manipulate X-Forwarded-For and your app will
use the header added by HAProxy.
David
On 6/5/12 9:04 PM, hapr...@serverphorums.com wrote:
Hi guys
Originally we had haproxy in front and connecting
You're better off running haproxy via pacemaker, so if haproxy dies then
you can not have your VIP run on that host.
We've been doing this for a while and it works nicely. Simple to
configure too.
On 6/28/12 6:39 AM, Türker Sezer wrote:
Hi,
We use HAProxy in our all high availability
primitive re-haproxy-lsb lsb:haproxy \
meta failure-timeout=60 \
op monitor interval=30 timeout=5s \
op start interval=0 timeout=5s \
op stop interval=0 timeout=5s
primitive re-adproxy-ip ocf:heartbeat:IPaddr \
meta failure-timeout=60 \
params
They failover IPs between hosts running haproxy using keepalived - The 2
(or more) IPs references by the DNS record will always be 'alive'.
On 6/28/12 7:00 AM, Thomas Manson wrote:
usually a client will cache the IP served by the DNS server, in order
to not query each time the DNS system.
So
Multiple IP addresses are used, and managed by keepalived.
On 6/28/12 7:11 AM, Thomas Manson wrote:
Ok,
but then, I don't get where is used DNS Round Robin, if only one IP
is used. (it may be obvious, sorry ;);)
Regards,
Thomas.
On Thu, Jun 28, 2012 at 1:08 PM, Türker Sezer
On 6/28/12 7:15 PM, Willy Tarreau wrote:
That's already what keepalived does, and it goes a bit further
in that you can monitor the service for real, not just the
process presence, and even decide several failover scenarios
using floating VRRP priorities. For instance, I usually assign
a weight
On 9/6/12 4:59 AM, ril.kidd wrote:
Hello,
I have setup anycast DNS using BIND as the DNS server and BIRD routing
daemon. I have 1 route server
and 5 route clients.
If you are using anycast, why not just let the routers load multiple
routes to the destination IP, and let it do 'load
the load to all the nodes.
*From:* David Coulson da...@davidcoulson.net
*To:* Hermes Flying flyingher...@yahoo.com
*Cc:* Baptiste bed...@gmail.com; haproxy@formilux.org
haproxy@formilux.org
*Sent:* Thursday, November 29, 2012 8:57 PM
*Subject:* Re: HAproxy and detect split-brain (network failures)
You
do?
*From:* David Coulson da...@davidcoulson.net
*To:* Hermes Flying flyingher...@yahoo.com
*Cc:* Baptiste bed...@gmail.com; haproxy@formilux.org
haproxy@formilux.org
*Sent:* Thursday, November 29, 2012 9:12 PM
*Subject:* Re: HAproxy and detect split-brain (network failures)
Again, you
and if
successfull will assume that the other node has crashed. But what if
the other node hasn't and it is just their communication link that
failed? Won't both become primary?
How does the ping help?
*From:* David Coulson da...@davidcoulson.net
*To:* Hermes Flying flyingher...@yahoo.com
*Cc
?
Should I look into it?
*From:* David Coulson da...@davidcoulson.net
*To:* Hermes Flying flyingher...@yahoo.com
*Cc:* Baptiste bed...@gmail.com; haproxy@formilux.org
haproxy@formilux.org
*Sent:* Thursday, November 29, 2012 11:04 PM
*Subject:* Re: HAproxy and detect split-brain (network failures
No. HAProxy does not care if the systems are on the same subnet.
Whatever you are using for VIP failover probably will though.
Most people use bonded interfaces and multiple switches. Nothing to do
with HAProxy.
David
On 12/8/12 8:20 AM, Hermes Flying wrote:
Hi,
I wanted to ask:
If I have
?
*From:* Willy Tarreau w...@1wt.eu
*To:* Hermes Flying flyingher...@yahoo.com
*Cc:* David Coulson da...@davidcoulson.net; haproxy@formilux.org
haproxy@formilux.org
*Sent:* Saturday, December 8, 2012 7:25 PM
*Subject:* Re: HAProxy basic setup question
On Sat, Dec 08, 2012 at 09:14:48AM -0800
On 2/12/13 7:32 AM, Cornelius Riemenschneider wrote:
The server is configured to listen to all traffic on eth1 to a specific port
(12340), so either traffic sent to its normal internal ip adress or to its VIP
address, in case keepalived assigned it to us will result in haproxy receiving
On 2/12/13 7:38 AM, Cornelius Riemenschneider wrote:
RE: Problems with 1.5-dev17 and bind to interface
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic
coming to the interface, not to bind to al ips which are bound to the
interface at the moment of starting haproxy. If
Configuration is below. Short story is my rspirep Location header
replacement is successful only ~20% of the time - I'm just testing w/
curl over and over. I saw mixed information about http-server-close and
http-pretend-keepalive, but it didn't seem to make much difference. I am
running
On 3/11/13 9:18 PM, David Coulson wrote:
Configuration is below. Short story is my rspirep Location header
replacement is successful only ~20% of the time - I'm just testing w/
curl over and over. I saw mixed information about http-server-close
and http-pretend-keepalive, but it didn't seem
On 3/12/13 7:31 AM, Cyril Bonté wrote:
I'm sorry to say that you've certainly met a bug while combining
http-send-name-header (which is a bit tricky in the code) and ssl
ciphering on servers. This is a case that has not been tested, I think.
I can also reproduce this with the configuration
On Mar 19, 2013, at 9:52 AM, Jérôme Benoit wrote:
cheap hosting with no control on their backbone and network load on one
box reach the max.
So what happens when you lose a system? If you are doing active/active and
either/both systems are above 50% utilized, you're going to have an issue
On 3/13/13 7:59 AM, Cyril Bonté wrote:
For now, I don't know where to look but maybe it can be useful to find
and fix the issue.
I also tried with :
v1.5-dev8 : it works
v1.5-dev9 : segfault
v1.5-dev10 : segfault
v1.5-dev11 : couldn't compile
v1.5-dev12 : couldn't compile
v1.5-dev13 : it
Looks good so far. Will do more testing tomorrow. Thanks Willy!
Sent from my iPhone
On Mar 25, 2013, at 8:19 PM, Willy Tarreau w...@1wt.eu wrote:
Hi guys,
On Mon, Mar 25, 2013 at 06:54:24AM -0400, David Coulson wrote:
On 3/13/13 7:59 AM, Cyril Bonté wrote:
For now, I don't know where
On 3/28/13 6:45 AM, Wolfgang Routschka wrote:
Hello everybody,
today a question about htaccess in haproxy config directly
Is it possible to configure a htaccess protect in haproxy config
similar apache htpasswd file
Greetings
htaccess can do a lot of things, so I'm assuming you're just
On 4/3/13 5:36 AM, Baptiste wrote:
Better using stick tables with store-response and store-request to
replace your appsession configuration.
Is there a configuration example of this method somewhere? Google didn't
turn up much for me.
David
On 4/8/13 6:19 AM, Will Glass-Husain wrote:
Hi,
I've set up two identical instances of haproxy, using a peer table. I
know they are identical because I cloned them from the same EC2 image.
(I edited the config file by hand, but ran a diff to be sure it's the
same).
The problem is that
On Apr 9, 2013, at 1:53 PM, Connelly, Zachary (CGI Federal) wrote:
HAProxy Mail List,
I am a new user of the HAProxy software. I am attempting to set it up for the
first time and am interested to see if the tool is able to parse the body of
a request. I saw in the configuration
On 4/9/13 5:27 PM, Jeff Zellner wrote:
Hey Phil,
I've recently been evaluating all of the above. Wackamole + Spread
have so far worked the best for me (distributing a number of VIP's
across a cluster of HAProxy machines with, allowing failover).
Heartbeat didn't seem to work well in my
On Apr 10, 2013, at 2:36 PM, Phil Daws wrote:
Hello,
have just started to explore HAProxy and am finding it amazing! As a long
time Zimbra user I wanted to see how one could balance the front-end web
client so had a play around. What I have at present is the following
configuration:
On Apr 12, 2013, at 11:26 AM, Jonathan Matthews wrote:
Does anyone have anything they could share about using HAProxy for
load-balancing SIP? Positive /or/ negative, of course! :-)
HAProxy doesn't support UDP traffic, so SIP won't work very well. Maybe look at
LVS, or one of the numerous SIP
On 4/25/13 2:12 PM, PiBa-NL wrote:
Hey Wei Kong,
Your probably using *option forwardfor
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor*
right?
Think a second about how that option works:
- HAProxyB recieves a connection from the Client IP, and adds a
On 4/25/13 2:12 PM, PiBa-NL wrote:
Hey Wei Kong,
Your probably using *option forwardfor
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20forwardfor*
right?
I checked this - HAProxy does append to the X-Forwarded-For header. In
this example 10.2.3.40 is the HAproxy
On 4/26/13 8:09 PM, Ahmed Osman wrote:
Hello Everyone,
I'm wondering if anyone is able to tell me if this is default behavior
or if I need to configure this. In a nutshell I have this setup:
LB_Pool1
Server1:6060
Server2:6060
LB_Pool2
Server1:80
Server2:80
I can do a check pretty
Haproxy 1.5-Dev can do this already
Sent from my iPhone
On Apr 30, 2013, at 8:47 AM, Chris Sarginson ch...@sargy.co.uk wrote:
Hi,
Are there any plans to allow HAProxy to take the traffic that it can now SSL
offload, perform header analysis, and then use an SSL encrypted connection to
What version? I had a similar issue with dev17.
Sent from my iPad
On May 29, 2013, at 3:12 PM, s...@siezeconsulting.com
s...@siezeconsulting.com wrote:
Hello,
rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2 if {
ssl_fc }
The above works but the following
Does rspirep work with tcp? Does it not need to be using HTTP mode?
David
On May 29, 2013, at 4:28 PM, s...@siezeconsulting.com wrote:
Hi Cyril ,
Sorry for the brevity .
Haproxy IP = 172.17.25.100 ( fiction IP for clarity)
Application server hostname = openamHost
Application server IP
On 6/10/13 11:55 AM, Lukas Tribus wrote:
Frontend SSL and backend SSL traffic has nothing to do with each other if
thats what you mean. So both backends would be used, independently of
whether the frontend connection is SSL or not.
Maybe that should be made clear in the example. Since you have
On 6/10/13 7:18 PM, Lukas Tribus wrote:
Do you have a concrete suggestion how to make this clearer?
I think just make it clear that if you want SSL front-end traffic to go
to SSL back-end traffic you need this:
use-server backend:80 if !{ ssl_fc }
use-server backend:443 if { ssl_fc }
IMHO,
On 7/1/13 7:10 PM, Qingshan Xie wrote:
Willy,
To explain my last question 3. Can HAProxy set a default frontend
service? I list a possible configuration below,
frontend PUBLIC
bind :80
acl rec_w7 path_beg /A
acl rec_w7 path_beg /B
acl rec_w7 path_beg /B
..
You can't just add mydomain.com to the *.mydomain.com certificate?
Not much you can do with HAProxy here. Since the cert is invalid for
https://mydomain.com/, users are going to get a SSL error when they connect.
On 10/1/13 6:51 AM, Matthieu Boret wrote:
Hi,
I've setup Haproxy 1.5 dev 19 to
No. You need to get a cert with both www.domain.com and domain.com in it so
both are valid in a browser.
Sent from my iPad
On Oct 28, 2013, at 9:33 PM, Felix fe...@ferchland.org wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into a problem
with our ssl
A wildcard cert is helpful for some things, but domain.com will not
validate against a cert issued for *.domain.com
On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:
If it is any help you can get a certificate for *. domain.com
http://domain.com
On Oct 28, 2013 9:37 PM, Felix
do that with a
redirection…
I’m a little surprised that this is simply impossible and i need another ssl
vertificate.
But thanks for the quick answers!
Von: Bhaskar Maddala [mailto:madda...@gmail.com]
Gesendet: Dienstag, 29. Oktober 2013 16:07
An: David Coulson
Cc: Felix; haproxy
, it worked.
I think the difference is he kind of redirect (url vs header redirect).
But I’m not an expert in proxy url rewriting, so I simply have to deal with
that.
I can’t order a new certificate for the domain because it’s an ev cert and
these are quite expensive…
Von: David Coulson
My environment uses Akamai for cdn and I've never heard of this requirement. We
get an x-forwarded-for header, along with some other Akamai specific stuff.
I've never has issues with our report on compliance running it this way.
I would push back on your provider. Is using option hdr 22 even a
You mean like this?
http://blog.haproxy.com/2014/10/15/haproxy-and-sslv3-poodle-vulnerability/
On 10/18/14, 10:34 AM, Malcolm Turnbull wrote:
I was thinking Haproxy could be used to block any non-TLS connection
Like you can with iptables:
What platform are you running, and what version of haproxy are you using?
There are probably precompiled binaries for 1.5 which is needed for ssl.
Sent from my iPad
On Dec 29, 2014, at 11:01 AM, Yosef Amir amir.yo...@comverse.com wrote:
I would like that HAProxy will use the OPENSSL
Add 'ssl' to your server line so it uses ssl for the backend connection.
Sent from my iPhone
On Apr 16, 2015, at 12:12 PM, Phil Daws ux...@splatnix.net wrote:
Hello all!
Long time no post but have lost some of my old notes and hitting an issue
with SSL. In my haproxy.conf I have:
You want to reconfigure your MySQL server to only bind to the IP address
you want it to, rather than to *:3306 so your haproxy instance can bind
to 3306 on the VIP.
On 4/16/15 4:19 PM, Tim Dunphy wrote:
Hello,
I'm trying to get haproxy to work with two database servers. But I'm
getting
48 matches
Mail list logo