Re: relayd l7 loadbalancing
> On 16 Aug 2017, at 10:41, Claudio Jeker wrote: > On Wed, Aug 16, 2017 at 10:27:58AM +0200, Maxim Bourmistrov wrote: >> >> Once connection is established, state is created in PF. Subsequent requests >> will be ???pipelined???. >> It is possible to influence this behavior by manipulating tcp.established in >> pf.conf, >> but I don???t think this is what you want. >> > > This is not correct. The problem is keep-alive and the fact the once a > backend is selected by relayd it sticks to it until the session is closed. > This is a bug and something benno@ and I have on our radar to fix. Great to hear! This will make relayd even more flexible. I guess your todo list must to long so I will wait patiently. My C skills are non existent otherwise I would have tried to help. > The workaround for now is to disable keep-alive this can be done by > adding: > match header set "Connection" value "close" > to your config. The solution is not ideal and will make page load times > slower. Will check the load times with and without, maybe it's workable for now. Much appreciated! Mischa
Re: relayd l7 loadbalancing
On Wed, Aug 16, 2017 at 10:27:58AM +0200, Maxim Bourmistrov wrote: > > Once connection is established, state is created in PF. Subsequent requests > will be ???pipelined???. > It is possible to influence this behavior by manipulating tcp.established in > pf.conf, > but I don???t think this is what you want. > This is not correct. The problem is keep-alive and the fact the once a backend is selected by relayd it sticks to it until the session is closed. This is a bug and something benno@ and I have on our radar to fix. The workaround for now is to disable keep-alive this can be done by adding: match header set "Connection" value "close" to your config. The solution is not ideal and will make page load times slower. > > 16 aug. 2017 kl. 10:05 skrev Mischa Peters : > > > > Hi All, > > > > I have somewhat the following config for relayd running on 6.1. > > And I am trying to forward certain request paths to different hosts. > > > > table { xx.xx.xx.131 } > > table { xx.xx.xx.31 } > > http protocol httpsfilter { > > match request header remove "Proxy" > > match request header append "X-Forwarded-For" value "$REMOTE_ADDR" > > match request header append "X-Forwarded-By" value > > "$SERVER_ADDR:$SERVER_PORT" > > > > match response header set "Server" value "Sever" > > match response header set "X-Powered-By" value "Power" > > match response header set "X-Frame-Options" value "SAMEORIGIN" > > match response header set "X-Xss-Protection" value "1; mode=block" > > match response header set "X-Content-Type-Options" value "nosniff" > > > > match request quick path "/crm/" forward to > > > > tcp { no splice } > > } > > relay host_tls { > > listen on $ext_addr_v4 port 443 tls > > listen on $ext_addr_v6 port 443 tls > > protocol httpsfilter > > forward to port 80 check http "/" host example.com code 200 > > forward to port 80 > > } > > > > I have tried both "match request quick path" and "match request quick url" > > but what I noticed is that as soon as you have visited one of the URLs that > > needs forwarding to a different host you end up at the for all > > subsequent requests. > > With "match request quick url" this is to be expected as it checks > > everything up to /. > > > > For example: > > > > http://example.com/ -> wwwhost > > http://example.com/crm/ -> otherhost > > http://exmaple.com/folder/ -> otherhost > > > > Is this expected behaviour for "match request quick path" as well? > > Is there any way to do this type of load balancing? > > > > Thanx!! > > > > Mischa > > > -- :wq Claudio
Re: relayd l7 loadbalancing
Once connection is established, state is created in PF. Subsequent requests will be ’pipelined’. It is possible to influence this behavior by manipulating tcp.established in pf.conf, but I don’t think this is what you want. > 16 aug. 2017 kl. 10:05 skrev Mischa Peters : > > Hi All, > > I have somewhat the following config for relayd running on 6.1. > And I am trying to forward certain request paths to different hosts. > > table { xx.xx.xx.131 } > table { xx.xx.xx.31 } > http protocol httpsfilter { > match request header remove "Proxy" > match request header append "X-Forwarded-For" value "$REMOTE_ADDR" > match request header append "X-Forwarded-By" value > "$SERVER_ADDR:$SERVER_PORT" > > match response header set "Server" value "Sever" > match response header set "X-Powered-By" value "Power" > match response header set "X-Frame-Options" value "SAMEORIGIN" > match response header set "X-Xss-Protection" value "1; mode=block" > match response header set "X-Content-Type-Options" value "nosniff" > > match request quick path "/crm/" forward to > > tcp { no splice } > } > relay host_tls { > listen on $ext_addr_v4 port 443 tls > listen on $ext_addr_v6 port 443 tls > protocol httpsfilter > forward to port 80 check http "/" host example.com code 200 > forward to port 80 > } > > I have tried both "match request quick path" and "match request quick url" > but what I noticed is that as soon as you have visited one of the URLs that > needs forwarding to a different host you end up at the for all > subsequent requests. > With "match request quick url" this is to be expected as it checks everything > up to /. > > For example: > > http://example.com/ -> wwwhost > http://example.com/crm/ -> otherhost > http://exmaple.com/folder/ -> otherhost > > Is this expected behaviour for "match request quick path" as well? > Is there any way to do this type of load balancing? > > Thanx!! > > Mischa >
relayd l7 loadbalancing
Hi All, I have somewhat the following config for relayd running on 6.1. And I am trying to forward certain request paths to different hosts. table { xx.xx.xx.131 } table { xx.xx.xx.31 } http protocol httpsfilter { match request header remove "Proxy" match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match response header set "Server" value "Sever" match response header set "X-Powered-By" value "Power" match response header set "X-Frame-Options" value "SAMEORIGIN" match response header set "X-Xss-Protection" value "1; mode=block" match response header set "X-Content-Type-Options" value "nosniff" match request quick path "/crm/" forward to tcp { no splice } } relay host_tls { listen on $ext_addr_v4 port 443 tls listen on $ext_addr_v6 port 443 tls protocol httpsfilter forward to port 80 check http "/" host example.com code 200 forward to port 80 } I have tried both "match request quick path" and "match request quick url" but what I noticed is that as soon as you have visited one of the URLs that needs forwarding to a different host you end up at the for all subsequent requests. With "match request quick url" this is to be expected as it checks everything up to /. For example: http://example.com/ -> wwwhost http://example.com/crm/ -> otherhost http://exmaple.com/folder/ -> otherhost Is this expected behaviour for "match request quick path" as well? Is there any way to do this type of load balancing? Thanx!! Mischa