Re: Communicating with HA Proxy using Python
AFAIK HATop si writtren in python (http://code.google.com/p/hatop/) it should be a good starting point and/or reference. 2011/10/5, Deepak Jha dkjhan...@gmail.com: Hi, I am new to HaProxy, so I need some information regarding HAProxy. Basically I want to communicate with HAProxy in a virtual environment. This may include requesting it for some data or giving it some data. I want to know is it possible to do such operation ? If yes, can I get some pointer for this containing APIs? -- Thanks Regards, Deepak -- Enviado desde mi dispositivo móvil Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Phone: 54.11.4775.6696 Mobile: 54.911.5669.6175 Skype: errare_est Email: germ...@olx.com Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. No afecta el sitio, no necesita QA.
Re: using haproxy for https
BTW, will this patch ever go upstream? Why stunnel does not have this already? On Sat, Apr 9, 2011 at 11:43 PM, Vivek Malik vivek.ma...@gmail.com wrote: Joe, You need to run as many stunnel instances as number of SSL certificates. If the sites share SSL certificate, then one stunnel instance will do. I run stunnel 4.32 with patch from http://haproxy.1wt.eu/download/patches/ on port 443 and forward it to port 81 on the same machine which is bound to haproxy. My stunnel config looks like cert = /etc/stunnel.pem sslVersion = all chroot = /var/lib/stunnel/ setuid = stunnel setgid = stunnel pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [https] accept = 443 connect = 127.0.0.1:81 TIMEOUTclose = 0 xforwardedfor = yes Note that xforwardedfor option only works after the patch is installed. My haproxy config looks like frontend http bind 0.0.0.0:80 reqidel ^X-Forwarded-Proto:.* reqadd X-Forwarded-Proto:\ HTTP option forwardfor frontend https bind 127.0.0.1:81 reqidel ^X-Forwarded-Proto:.* reqadd X-Forwarded-Proto:\ HTTPS Note that I am passing a X-Forwarded-Proto to underlying application so that it can logic specific to https calls. Vivek On Sat, Apr 9, 2011 at 4:00 PM, Ben Timby bti...@gmail.com wrote: On Sat, Apr 9, 2011 at 2:07 PM, Joseph Hardeman jwharde...@gmail.com wrote: Hi Guys, I was wondering if someone has a good example I could use for proxying https traffic. We are trying to proxy multiple sites that use https and I was hoping for a way to see how to proxy that traffic between multiple IIS servers without having to setup many different backend sections. The way the sites are setup they use a couple of cookies but mostly session variables to track the user as they do their thing. Either I need to be able to pin the user to a single server using the mode tcp function when they come in or be able to use some form of mode http that doesn't break the SSL function. This morning around 5am, I got one site running with only 1 backend using tcp but I really need to be able to load balance it between multiple servers. Joe, haproxy itself does not do SSL. That said, you can set up an SSL server in front of it. Myself, I use stunnel. Stunnel strips the SSL and forwards the traffic to haproxy. I have many instances of stunnel (one per cert/ip) which all feed a single haproxy http listener. http://www.stunnel.org/ You could also use another server like nginx, apache etc. to strip the SSL. However, I find stunnel well suited as all it does is SSL and it is fast and efficient at it (similar to how haproxy does proxyinig very well). -- Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Phone: 54.11.4775.6696 Mobile: 54.911.5669.6175 Skype: errare_est Email: germ...@olx.com Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. No afecta el sitio, no necesita QA.
Re: haproxy gives 502 on links with utf-8 chars?!
Looks like the field X-GSS-Metadata: Has utf-8 encoded characters, I don't know if that's valid or not, I think not. -- Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Phone: 54.11.4775.6696 Mobile: 54.911.5669.6175 Skype: errare_est Email: germ...@olx.com Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. (a)bort (r)etry (e)pic fail?
Re: HAProxy Logging in AIX5.3
The only think I could think of would be to check in man syslogd or man syslog, in order to find the correct option to make syslogd listen on UDP. You will then probably find references to the config file to change if any. If the daemon is started from a specific script, it is possible that you have to modify the script to pass an option to syslogd. Alternatively if using the default AIX's syslogd is too complicated to set up, you could install your own syslogd. After all, you managed to build haproxy, now that your build environment is ready, simply build syslog-ng and it will be a *lot* better. It won't even require running as root. Regards, Willy Perhaps http://www.softpanorama.org/Commercial_unixes/AIX/managing_aix_logs.shtml can be helpful -- Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. (a)bort (r)etry (e)pic fail?
Re: how to enable syslogging
On Wed, Feb 17, 2010 at 11:02 PM, Nelson Serafica ntseraf...@gmail.com wrote: I need to enable syslog of haproxy. I search in Google but can't find the right one. I'm using Fedora 8 so syslog was rsyslog. I edit /etc/rsyslog.conf and put the ff: local0.* /var/log/haproxy.log local1.* /var/log/haproxy-1.log Then I edit /etc/sysconfig/rsyslog and put SYSLOGD_OPTIONS=-m 0 -r. After that I restart rsyslog service. I see the file haproxy.log and haproxy-1.log but when I restart the haproxy, nothing comes up in the log file. I even browse the site but still no input on the log file. Am I missing something? Most of the suggestion was on the above but its not working on mine. Does anyone also experience the same problem and found a solution? I had trouble identifying this on debian lenny, we need rsyslog to listen on the 514 UDP port in my case I needed to uncomment the following lines on the rsyslog.conf file: #$ModLoad imudp #$UDPServerRun 514 That's because the parameter that enables the UDP listening is now deprecated. Hope this helps. Regards, -- Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. No afecta al sitio, no necesita QA.
Re: Enabling logging on solaris
On Thu, Feb 18, 2010 at 2:09 PM, Mallin, Eoin emal...@revenue.ie wrote: Hi all, I'm trying to get HAProxy logging enabled on solaris 9. My HAProxy configuration file looks as follows: log 127.0.0.1 local0 info /etc/syslog.conf now has the following entry local0.* /haproxy/log/haproxy.log Is there another step to allow syslog accept socket connections? Many thanks, Eoin Eoin Mallin __ ITS Architecture Castle View Georges Street Dublin 2 VPN: 35379 Just a hint, try to see if syslog is listening on udp port 514, netstat or, if its installed, lsof -i :514 can help you on that. -- Germán Gutiérrez OLX Operation Center OLX Inc. Buenos Aires - Argentina Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially. No afecta al sitio, no necesita QA.
Re: Preventing bots from starving other users?
Perhaps this plugin could be useful, never used, tho: http://twiki.org/cgi-bin/view/Plugins.TWikiCacheAddOn On Mon, Nov 16, 2009 at 11:46 AM, Wout Mertens wout.mert...@gmail.comwrote: On Nov 16, 2009, at 1:47 PM, Karsten Elfenbein wrote: Just create an additional backend and assign the bots to it. You can set queues and max connections there as needed. Yes, you're right - that's probably the best solution. I'll create an extra apache process on the same server that will handle the bot subnet. No extra hardware needed. Thanks! The wiki in question is TWiki - very flexible but very bad at caching what it does. Basically, for each page view the complete interpreter and all plugins get loaded. Wout. -- Germán Gutiérrez Infrastructure Team OLX Inc. Buenos Aires - Argentina Phone: 54.11.4775.6696 Mobile: 54.911.5669.6175 Skype: errare_est Email: germ...@olx.com Delivering common sense since 1969 Epoch Fail!. The Nature is not amiable; It treats impartially to all the things. The wise person is not amiable; He treats all people impartially.