Re: Difference frontend/backend to listen?
Hi PiBa-NL, I just found the difference - there is none - I simplified and anonimized the configuration before posting it and I did not recognize that the frontend NGINX servers are also listening on different ports hosting different application code. An example: listen application80 0.0.0.0:80 balance roundrobin option forwardfor option httplog monitor-uri /haproxymon option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome #option accept-invalid-http-response acl site_dead nbsrv lt 2 monitor fail if site_dead server frontend01.xxx 10.10.20.72:80 check server frontend02.xxx 10.10.20.73:80 check server frontend03.xxx 10.10.20.74:80 check server frontend04.xxx 10.10.20.75:80 check listen application8078 0.0.0.0:8078 balance roundrobin option forwardfor option httplog monitor-uri /haproxymon option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome #option accept-invalid-http-response acl site_dead nbsrv lt 2 monitor fail if site_dead server frontend01.xxx 10.10.20.72:8078 check server frontend02.xxx 10.10.20.73:8078 check server frontend03.xxx 10.10.20.74:8078 check server frontend04.xxx 10.10.20.75:8078 check Sorry and thank you for help! Regards, Florian On 20.01.2014 09:24, Florian Engelmann wrote: Hi PiBa-NL, Only advice i have left is to configure a 'stats' listen section and syslogs. I did this and I was not able to see any difference. Besides that you should try and perform some tcpdump/wireshark traffic capturing to see what kind of traffic / headers / content is passing along. As i'm not aware of any differences between frontend/backend and listen sections besides the obvious. And to me it seems like the changes in default section and frontends backends should result in the same behavior.. Using the traffic dump you could then try to compare those and spot any differences.. Good point - I will try to do so and record some traffic for analysis. b.t.w. are you replacing the config on the same machine and then testing? Or is 1 running production and the other is under a test.domain.name? Maybe the backend sends a different reply if the request Host header is different..? I replaced the config in production till the error was reported by the customer. After that I set up a test KVM to reproduce the error. Greetings, Florian Greets PiBa-NL Florian Engelmann schreef op 17-1-2014 13:43: Hi PiBa-NL, Found a a minor difference, not sure if it is the issue.? - The 9000 backend checks up.php versus check.php. - Also I don't think http-send-name-header does anything in 'tcp mode'.. If thats not it, maybe someone else has a clue. :) p.s. You might want to configure a stats page to see if servers are properly checked as 'up' by haproxy. Greets PiBa-NL thank you for your feedback! Sorry that was my fault - both do use check.php - the up.php is an old one. Just a copypaste error. I still have no idea what makes the difference. I was not able to find a chapter in the HAProxy documentation describing the difference of listen vs. frontend/backend. Does any article about that topic exist? I am really interested in understanding this issue. I do not know what the application exactly does but all I know is - it does only work if I use the listen configuration. Regards, Florian Florian Engelmann schreef op 16-1-2014 12:29: Hi, I got two configurations the should do the same. One is based on a frontend/backend layout the second does it with just listen. The listen configuratiuon is working fine but the fontend/backend causes a problem on the backend. It looks like some request string is missing because the customer application is not able to resolve some lookup which seems to be header related. Is anybody able to tell me whats the difference in these two configurations? global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 option http-server-close http-check disable-on-404 http-send-name-header X-Target-Server default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 listen application9000 0.0.0.0:9000 balance leastconn mode tcp option tcplog option httpchk GET /check.php HTTP/1.0 http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server
Re: Difference frontend/backend to listen?
Hi PiBa-NL, Found a a minor difference, not sure if it is the issue.? - The 9000 backend checks up.php versus check.php. - Also I don't think http-send-name-header does anything in 'tcp mode'.. If thats not it, maybe someone else has a clue. :) p.s. You might want to configure a stats page to see if servers are properly checked as 'up' by haproxy. Greets PiBa-NL thank you for your feedback! Sorry that was my fault - both do use check.php - the up.php is an old one. Just a copypaste error. I still have no idea what makes the difference. I was not able to find a chapter in the HAProxy documentation describing the difference of listen vs. frontend/backend. Does any article about that topic exist? I am really interested in understanding this issue. I do not know what the application exactly does but all I know is - it does only work if I use the listen configuration. Regards, Florian Florian Engelmann schreef op 16-1-2014 12:29: Hi, I got two configurations the should do the same. One is based on a frontend/backend layout the second does it with just listen. The listen configuratiuon is working fine but the fontend/backend causes a problem on the backend. It looks like some request string is missing because the customer application is not able to resolve some lookup which seems to be header related. Is anybody able to tell me whats the difference in these two configurations? global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 option http-server-close http-check disable-on-404 http-send-name-header X-Target-Server default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 listen application9000 0.0.0.0:9000 balance leastconn mode tcp option tcplog option httpchk GET /check.php HTTP/1.0 http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server xcmsphp02.xxx 10.0.4.7:9000 check port 80 server xcmsphp03.xxx 10.0.4.3:9000 check port 80 listen application80 0.0.0.0:80 balance roundrobin option forwardfor option httplog monitor-uri /haproxymon option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome home acl site_dead nbsrv lt 2 monitor fail if site_dead server xcmsfrontend01.xxx 10.2.2.1:80 check server xcmsfrontend02.xxx 10.2.2.2:80 check global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 frontend http-in bind *:80 option http-server-close option forwardfor option httplog monitor-uri /haproxymon acl site_dead nbsrv(http-out) lt 2 monitor fail if site_dead default_backend http-out backend http-out balance roundrobin http-send-name-header X-Target-Server option forwardfor option http-server-close #option accept-invalid-http-response http-check disable-on-404 option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome home server xcmsfrontend01.xxx 10.2.2.1:80 check server xcmsfrontend02.xxx 10.2.2.2:80 check frontend php-in bind *:9000 mode tcp option tcplog http-send-name-header X-Target-Server Wont work in tcpmode default_backend php-out backend php-out balance leastconn mode tcp option tcplog http-send-name-header X-Target-Server Wont work for tcp mode. option httpchk GET /up.php HTTP/1.0 Should this be check.php v.s. up.php? http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server xcmsphp02.xxx 10.0.4.7:9000 check port 80 server xcmsphp03.xxx 10.0.4.3:9000 check port 80 Regards, Florian -- EveryWare AG Florian Engelmann Systems Engineer Zurlindenstrasse 52a CH-8003 Zürich tel: +41 44 466 60 00 fax: +41 44 466 60 10 mail:
Re: Difference frontend/backend to listen?
Hi Florian, Only advice i have left is to configure a 'stats' listen section and syslogs. Besides that you should try and perform some tcpdump/wireshark traffic capturing to see what kind of traffic / headers / content is passing along. As i'm not aware of any differences between frontend/backend and listen sections besides the obvious. And to me it seems like the changes in default section and frontends backends should result in the same behavior.. Using the traffic dump you could then try to compare those and spot any differences.. b.t.w. are you replacing the config on the same machine and then testing? Or is 1 running production and the other is under a test.domain.name? Maybe the backend sends a different reply if the request Host header is different..? Greets PiBa-NL Florian Engelmann schreef op 17-1-2014 13:43: Hi PiBa-NL, Found a a minor difference, not sure if it is the issue.? - The 9000 backend checks up.php versus check.php. - Also I don't think http-send-name-header does anything in 'tcp mode'.. If thats not it, maybe someone else has a clue. :) p.s. You might want to configure a stats page to see if servers are properly checked as 'up' by haproxy. Greets PiBa-NL thank you for your feedback! Sorry that was my fault - both do use check.php - the up.php is an old one. Just a copypaste error. I still have no idea what makes the difference. I was not able to find a chapter in the HAProxy documentation describing the difference of listen vs. frontend/backend. Does any article about that topic exist? I am really interested in understanding this issue. I do not know what the application exactly does but all I know is - it does only work if I use the listen configuration. Regards, Florian Florian Engelmann schreef op 16-1-2014 12:29: Hi, I got two configurations the should do the same. One is based on a frontend/backend layout the second does it with just listen. The listen configuratiuon is working fine but the fontend/backend causes a problem on the backend. It looks like some request string is missing because the customer application is not able to resolve some lookup which seems to be header related. Is anybody able to tell me whats the difference in these two configurations? global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 option http-server-close http-check disable-on-404 http-send-name-header X-Target-Server default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 listen application9000 0.0.0.0:9000 balance leastconn mode tcp option tcplog option httpchk GET /check.php HTTP/1.0 http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server xcmsphp02.xxx 10.0.4.7:9000 check port 80 server xcmsphp03.xxx 10.0.4.3:9000 check port 80 listen application80 0.0.0.0:80 balance roundrobin option forwardfor option httplog monitor-uri /haproxymon option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome home acl site_dead nbsrv lt 2 monitor fail if site_dead server xcmsfrontend01.xxx 10.2.2.1:80 check server xcmsfrontend02.xxx 10.2.2.2:80 check global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 frontend http-in bind *:80 option http-server-close option forwardfor option httplog monitor-uri /haproxymon acl site_dead nbsrv(http-out) lt 2 monitor fail if site_dead default_backend http-out backend http-out balance roundrobin http-send-name-header X-Target-Server option forwardfor option http-server-close #option accept-invalid-http-response http-check disable-on-404 option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect
Re: Difference frontend/backend to listen?
Hi Florian, Found a a minor difference, not sure if it is the issue.? - The 9000 backend checks up.php versus check.php. - Also I don't think http-send-name-header does anything in 'tcp mode'.. If thats not it, maybe someone else has a clue. :) p.s. You might want to configure a stats page to see if servers are properly checked as 'up' by haproxy. Greets PiBa-NL Florian Engelmann schreef op 16-1-2014 12:29: Hi, I got two configurations the should do the same. One is based on a frontend/backend layout the second does it with just listen. The listen configuratiuon is working fine but the fontend/backend causes a problem on the backend. It looks like some request string is missing because the customer application is not able to resolve some lookup which seems to be header related. Is anybody able to tell me whats the difference in these two configurations? global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 option http-server-close http-check disable-on-404 http-send-name-header X-Target-Server default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 listen application9000 0.0.0.0:9000 balance leastconn mode tcp option tcplog option httpchk GET /check.php HTTP/1.0 http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server xcmsphp02.xxx 10.0.4.7:9000 check port 80 server xcmsphp03.xxx 10.0.4.3:9000 check port 80 listen application80 0.0.0.0:80 balance roundrobin option forwardfor option httplog monitor-uri /haproxymon option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome home acl site_dead nbsrv lt 2 monitor fail if site_dead server xcmsfrontend01.xxx 10.2.2.1:80 check server xcmsfrontend02.xxx 10.2.2.2:80 check global log /dev/loglocal6 #log /dev/loglocal6 notice chroot /var/lib/haproxy user haproxy group haproxy daemon maxconn 5 stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults log global modehttp option dontlognull option dontlog-normal retries 2 option redispatch timeout connect 5000 timeout client 5 timeout server 12 timeout http-request 5000 timeout http-keep-alive 5000 default-server minconn 1024 maxconn 4096 monitor-net 192.168.xxx.xxx/32 frontend http-in bind *:80 option http-server-close option forwardfor option httplog monitor-uri /haproxymon acl site_dead nbsrv(http-out) lt 2 monitor fail if site_dead default_backend http-out backend http-out balance roundrobin http-send-name-header X-Target-Server option forwardfor option http-server-close #option accept-invalid-http-response http-check disable-on-404 option httpchk GET /index.html HTTP/1.1\r\nHost:\ monitoring\r\nConnection:\ close http-check expect string Welcome home server xcmsfrontend01.xxx 10.2.2.1:80 check server xcmsfrontend02.xxx 10.2.2.2:80 check frontend php-in bind *:9000 mode tcp option tcplog http-send-name-header X-Target-Server Wont work in tcpmode default_backend php-out backend php-out balance leastconn mode tcp option tcplog http-send-name-header X-Target-Server Wont work for tcp mode. option httpchk GET /up.php HTTP/1.0 Should this be check.php v.s. up.php? http-check expect string Hello World server xcmsphp01.xxx 10.0.4.4:9000 check port 80 server xcmsphp02.xxx 10.0.4.7:9000 check port 80 server xcmsphp03.xxx 10.0.4.3:9000 check port 80 Regards, Florian