On 12/12/2011 09:52 AM, Baptiste wrote: > Hi Lukasz, > > You must use stunnel in front of haproxy in order to be able to > inspect pure clear HTTP traffic. > > Concerning your HAProxy configuration, it's not fully accurate. > Please give a try to the configuration below: > > frontend > mode tcp > tcp-request inspect-delay 1s > use_backend nodejs_flashpolicy_http if HTTP > default_backend nodejs_flashpolicy > > backend nodejs_flashpolicy > mode tcp > server node1 localhost:10843 maxconn 2000 check > > backend nodejs_flashpolicy_http > mode http > option httplog > server node1 localhost:10843 maxconn 2000 check > > cheers >
Thanks for quick reply. I tried mode tcp on frontend but then I cannot route HTTP requests to my backends. This my current config: # Flash plugin will not send send <policy-file-request/> # on client connection if policy file can be requested # from the same host on port 843. # We cannot use different port here. frontend flash_policy bind 0.0.0.0:843 mode tcp default_backend nodejs_flashpolicy # Main frontend frontend proxy bind 0.0.0.0:80 bind 0.0.0.0:8443 mode http option httplog maxconn 200000 timeout client 86400000 default_backend webapp tcp-request content accept if !HTTP tcp-request inspect-delay 1s use_backend nodejs_flashpolicy_http if !HTTP #use_backend nodejs_flashpolicy if !HTTP #websockets acl is_websocket path_beg /socket.io acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr_beg(Host) -i ws use_backend websocket if is_websocket backend webapp mode http option httplog option httpclose server cherrypy1 localhost:7000 check backend websocket mode http option httplog timeout server 86400000 timeout queue 5000 timeout connect 86400000 option forwardfor no option httpclose option http-server-close option forceclose server node1 localhost:12000 maxconn 2000 check backend nodejs_flashpolicy mode tcp server node1 localhost:10843 maxconn 2000 check backend nodejs_flashpolicy_http mode http option httplog server node1 localhost:10843 maxconn 2000 check I have to route http traffic to this two backends based on request path, host and HTTP headers. Additionally if !HTTP traffic is detected on proxy frontend I would like to route it to nodejs_flashpolicy. I tried tcp mode on frontend but it caused a random backend to be selected when valid HTTP request came in. Is it true that my acl's are ignored in tcp mode? Anyway, my websocket traffic is over SSL and I have to make this decision before SSL connection is terminated by stunnel, because flash plugin sends unencrypted xml data to port 443 if port 843 is not available. Thanks for your help, Łukasz