On Thu, Aug 28, 2014 at 10:51 PM, Rainer Duffner <rai...@ultra-secure.de> wrote: > > Am 28.08.2014 um 22:41 schrieb Baptiste <bed...@gmail.com>: >> >> >> Hi, >> >> maybe you could share your HAProxy configuration :) >> By default, HAProxy tests a service every 3s, which is fine. It just >> does a tcp connect, so nothing complicated for your server to handle. >> > > > Since we switched to haproxy-1.5, I changed the checks to do a more or less > full layer7-check (except for the SSL-services). > Couldn't get a match for the IMAP string it sends, so skipped that, too. > > > >> Can you confirm that if POP fails on a server, it means that IMAP and >> SMTP will fail too? >> (this is what I'm understanding from your mail above). >> > > It's very likely. > All use the same backend-service in the end. > There's an additional pair of SMTP-servers here (ep01+ep02) - they are > independent of the other two servers (pm01+pm02). > But I'd also like to limit checking there, as of course all the checks for > smtp, smtps+submit all go to the same postfix in the end.... > > > Here's the config. > > > global > log 127.0.0.1 local0 > log 127.0.0.1 local1 notice > #log loghost local0 info > maxconn 4096 > #debug > #quiet > user www > group www > daemon > > defaults > log global > mode http > retries 2 > timeout client 50s > timeout connect 5s > timeout server 50s > option dontlognull > option forwardfor > option httplog > option redispatch > balance roundrobin > default-server minconn 50 maxconn 100 > > # Set up application listeners here. > > frontend pop3-pm > mode tcp > bind 192.168.185.254:110 > maxconn 2000 > default_backend pop3-pm-backend > > frontend imap4-pm > mode tcp > bind 192.168.185.254:143 > maxconn 2000 > default_backend imap4-pm-backend > > frontend pop3s-pm > mode tcp > bind 192.168.185.254:995 > maxconn 2000 > default_backend pop3s-pm-backend > > frontend imap4s-pm > mode tcp > bind 192.168.185.254:993 > maxconn 2000 > default_backend imap4s-pm-backend > > frontend smtp-ep > mode tcp > bind 192.168.185.254:25 > maxconn 2000 > default_backend smtp-ep-backend > > frontend smtps-ep > mode tcp > bind 192.168.185.254:465 > maxconn 2000 > default_backend smtps-ep-backend > > frontend submit-ep > mode tcp > bind 192.168.185.254:587 > maxconn 2000 > default_backend submit-ep-backend > > frontend smtp-zimbra > mode tcp > bind 192.168.185.253:25 > maxconn 2000 > default_backend smtp-zimbra-backend > > frontend http-webmail > bind 192.168.185.254:5000 > maxconn 6000 > default_backend http-webmail-backend > # > # > # > > backend pop3-pm-backend > balance roundrobin > mode tcp > option tcp-check > tcp-check expect string +OK\ POP3\ ready > tcp-check send quit\r\n > tcp-check expect string +OK > server pm01 192.168.185.233:110 check inter 30s fastinter 2s downinter 2s > server pm02 192.168.185.234:110 check inter 30s fastinter 2s downinter 2s > > backend pop3s-pm-backend > balance roundrobin > mode tcp > # this is ssl, so it does not work here > # option tcp-check > # tcp-check expect string +OK\ POP3\ ready > server pm01 192.168.185.233:995 check inter 30s fastinter 2s downinter 2s > server pm02 192.168.185.234:995 check inter 30s fastinter 2s downinter 2s > > backend imap4-pm-backend > balance roundrobin > mode tcp > option tcp-check > tcp-check expect rstring OK\ IMAP4\ ready > tcp-check send 001 logout\r\n > #tcp-check expect string *\ BYE\ Zimbra\ IMAP\ server\ terminating\ > connection\r\n001\ OK\ completed > server pm01 192.168.185.233:143 check inter 30s fastinter 2s downinter 2s > server pm02 192.168.185.234:143 check inter 30s fastinter 2s downinter 2s > > backend imap4s-pm-backend > balance roundrobin > mode tcp > server pm01 192.168.185.233:993 check inter 30s fastinter 2s downinter 2s > server pm02 192.168.185.234:993 check inter 30s fastinter 2s downinter 2s > > backend smtp-ep-backend > balance roundrobin > mode tcp > option smtpchk HELO mail.this.here > server ep01 192.168.185.198:25 check inter 45s fastinter 2s downinter 2s > server ep02 192.168.185.199:25 check inter 45s fastinter 2s downinter 2s > > backend smtps-ep-backend > balance roundrobin > mode tcp > #option smtpchk HELO mail.this.here > server ep01 192.168.185.198:465 check inter 45s fastinter 2s downinter 2s > server ep02 192.168.185.199:465 check inter 45s fastinter 2s downinter 2s > > backend submit-ep-backend > balance roundrobin > mode tcp > option smtpchk HELO mail.scalera.ch > server ep01 192.168.185.198:587 check inter 45s fastinter 2s downinter 2s > server ep02 192.168.185.199:587 check inter 45s fastinter 2s downinter 2s > > backend smtp-zimbra-backend > balance roundrobin > mode tcp > option smtpchk HELO mail.this.here > server pm01 192.168.185.233:25 check inter 45s fastinter 2s downinter 2s > server pm02 192.168.185.234:25 check inter 45s fastinter 2s downinter 2s > > backend http-webmail-backend > balance leastconn > mode http > option httpchk GET / > #http-check expect string Webmail Login Page > http-check expect string Web Client Login Page > http-check disable-on-404 > cookie SERVERID insert indirect nocache > server pm1 192.168.185.233:80 check maxconn 3000 cookie s1 inter 10s > fastinter 2s downinter 2s > server pm2 192.168.185.234:80 check maxconn 3000 cookie s2 inter 10s > fastinter 2s downinter 2s > > > > listen admin 0.0.0.0:22002 > mode http > stats uri / > > > > Thanks for your time! > > > > >
Ok, I would create a monitoring backend, such as below: backend zabbix_monitoring option tcp-check # POP tcp-check connect port 110 tcp-check expect string +OK\ POP3\ ready tcp-check send quit\r\n tcp-check expect string +OK # POPs tcp-check connect port 995 ssl tcp-check expect string +OK\ POP3\ ready tcp-check send quit\r\n tcp-check expect string +OK # IMAP tcp-check connect port 143 tcp-check expect rstring OK\ IMAP4\ ready tcp-check send 001 logout\r\n # IMAPs tcp-check connect port 993 tcp-check expect rstring OK\ IMAP4\ ready tcp-check send 001 logout\r\n # webmail tcp-check connect port 80 tcp-check send GET\ /\ HTTP/1.0\r\n tcp-check send \r\n tcp-check expect string Web Client Login Page server pm01 192.168.185.233 check inter 30s fastinter 2s downinter 2s server pm02 192.168.185.234 check inter 30s fastinter 2s downinter 2s then use the 'track' directive to track status from a server in a third party backend. IE: server pm01 192.168.185.233 track zabbix_monitoring/pm01 (to be done on every pop, imap, webmail backends) Baptiste
