Hello,
On 05/21/2010 03:15 PM, eni-urgence wrote:
Hello all.
I discover haproxy few weeks ago and I want to thanks willy for his
very good product.
I'm planing to integrate haproxy to our dmz.
I want to use haproxy for loadbalancing heavy secure php/ajax
applications with cookie persitence: a collaborate scheduler and a
image consult extranet.
stunnel service will handle https connections and forward decrypted
requests to haproxy on port 88. Then haproxy will forward connections
to web server on port 10088, 100089 (and so...) on a mass virtual host
configuration of apache (see below).
In /var/www/vhost-SSL/ on web server, there is some symbolic links to
the php sources. Some domains are not linked to same path because
they don't provide the same application. So i don't want to have to
delete/rename the "running.ok" file on every path when I want to
shutdown the webserver.
I want to use the httpcheck on port 10081 and the file "running.ok" .
But I want a soft stop of service. I want haproxy to stop forwarding
new connection if he don't find the "running.ok" file but continue to
forward connection if cookie is initialised. so i will configure a
backup server with same cookies (like said in Haproxy documentation).
Use "http-check disable-on-404" for this
So now my questions :
- is it possible to check only the header like this /HEAD /
HTTP/1.0 /for backup server ?
option httpchk HEAD / HTTP/1.0
- Like said in the article of willy
(http://1wt.eu/articles/2006_lb/),it is good to load balance the
encryption/decryption flow too. So a haproxy instance in tcp mode
(layer 4), seems to be a good solution. But our applications have to
know the client IP for security reasons. I read that a recompiled
kernel with tproxy support will forward connections keeping the real
client IP. Is that true ?
Yes it is, tproxy has been included in mainstream >=2.6.28 kernel.
Usage of X-Forwarded-For header is preferred if you use stunnel.
- I want to manage a multi site configuration keeping the session
persistence. How can I manage to do so?
I don't understand this question :)
Regards,
Hervé.
