Re: How to run "tests" after building Haproxy 1.5?
Maybe use software like Tsung, httpress etc. regards, ; Yuan On 07/23/2015 01:33 AM, Rishi Misra wrote: Hello, I rebuilt haproxy1.5 from source and it compiled and runs fine. But how do i run unit/regression tests on it? I notice that there is a "tests" folder but unable to fin documentation on how to run them. Thanks for any tips.
Re: haproxy can't bind to mysql port
Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it started right up!!! And port 3306 was listening. Then I consulted with audit2why and saw the following: type=AVC msg=audit(1437786617.963:28856863): avc: denied { name_connect } for pid=29175 comm="haproxy" dest=3306 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket Was caused by: The boolean haproxy_connect_any was set incorrectly. Description: Allow haproxy to connect any Allow access by executing: # *setsebool -P haproxy_connect_any 1* I just ran that command you see above in bold, and then all was right with the world. [root@ha1:/etc/haproxy] #systemctl status haproxy haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled) Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago Main PID: 30618 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─30618 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer... Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer. Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql (SYN_SENT) haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN) Thanks for nudging me in the right direction. All I had to hear was the word 'selinux' and from there it all fell into place! Thanks!! Tim On Fri, Jul 24, 2015 at 8:20 PM, Gmail wrote: I could be completely wrong here and I am curious to know the answer myself. Please don't take this as a solution, just my thoughts. First, you can not use backend ip-address of 10.x.x.x subnet because each account's VPC is seggregated. If you do want to use 10.X.X.X ipadress you have to setup a inter VPC endpoint in AWS. I would just use EIP. For the port 3306, try to use nc to listen on that port or iperf. Do yo uhave iptables turned on. I would check "systemctl -l status haproxy.service" I would check lsof -i why can't bind to 3306 on loopback ipaddress. I would check iptables or selinux preventing the bind. It wil be interesting to know the source ipaddress of MySQL client ec2 instance. Interesting if you can Copy/paste output of "telnet 3306" from mysql client ec2 instance , here. Interesting if you can Copy/paste output of "telnet 10.10.10.10 3306" from haproxy ec2 instances, here. Interesting if you can Copy/paste output of "telnet 10.10.10.11 3306" from haproxy ec2 instances, here. I I was doing this, maybe I would consider testing something like ; .. frontend mysql_lb_fe 0.0.0.0:3306 acl host_myql_lb hdr(host) -i mysql-lb .. .. use_backend mysql_lb_backend if host mysql_lb .. .. backend mysql_lb_be .. .. option mysql-check user haproxy_check balance roundrobin server mysql-1 10.10.10.10:3306 check server mysql-2 10.10.10.11:3306 check Thanks, ; Yuan On 07/25/2015 06:41 AM, Tim Dunphy wrote: Hello Nenad, Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT] 204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind s...:3306]* Nothing listening on the port I'm trying to bind to: 3306 [root@ha1:~] #ss -lpt | fgrep 3306 [root@ha1:~] #lsof -i :3306 [root@ha1:~] #netstat -tulpn | grep -i listen | grep 3306 [root@ha1:~] # While we're on the subject of listening ports, here's a list of all listening ports on the haproxy host: [root@ha1:~] #netstat -tulpn | grep -i listen tcp0 0 0.0.0.0:35145 0.0.0.0:* LISTEN - tcp0 0 0.0.0.0:56814 0.0.0.0:* LISTEN 16346/rpc.statd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 16455/rpcbind tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16396/sshd tcp6 0 0 :::49349:::* LISTEN 16346/rpc.statd tcp6 0 0 :::111 :::* LISTEN 16455/rpcbind tcp6 0 0 :::47314:::* LISTEN - tcp6 0 0 :::22 :::* LISTEN 16396/sshd I thought I wa
Re: haproxy can't bind to mysql port
maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan On 07/25/2015 12:10 PM, Igor Cicimov wrote: You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right now actually what I was discussing was a hobby environment. And actually if I could bother you guys one more time, I do have one more issue to solve. LOL And this time it's guaranteed not to be an SELinux issue. Because I tried running haproxy with SELInux on and off this time. But what's happening now, is that HA/Proxy is not creating the http port for the 'stats' interface. I've setup stats to listen on port 80. But for some reason that's not happening. Here's my config one more time, with the trouble part in bold: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 0.0.0.0:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 52.3.28.48:3306 check server mysql-2 52.2.0.176:3306 check *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable stats uri /stats realm Strictly\ Privatestats auth admin:secret* Currently haproxy is listening on the first port specified* - 3306 - *but not listening on port 80. Observe: [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)* [root@ha1:/etc/haproxy] #lsof -i :80 [root@ha1:/etc/haproxy] # [root@ha1:/etc/haproxy] #telnet localhost 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Port 80 simply isn't listening. And this time, I can't blame it on SELinux being on: [root@ha1:/etc/haproxy] #getenforce Permissive I've grepped thru /var/log/messages but not turned up any clues to this one. And I really would like to get the stats interface up and running. Any thoughts here? I'm wondering what I can do to get stats working. Thanks, Tim On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it started right up!!! And port 3306 was listening. Then I consulted with audit2why and saw the following: type=AVC msg=audit(1437786617.963:28856863): avc: denied { name_connect } for pid=29175 comm="haproxy" dest=3306 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket Was caused by: The boolean haproxy_connect_any was set incorrectly. Description: Allow haproxy to connect any Allow access by executing: # *setsebool -P haproxy_connect_any 1* I just ran that command you see above in bold, and then all was right with the world. [root@ha1:/etc/haproxy] #systemctl status haproxy haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled) Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago Main PID: 30618 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─30618 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer... Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer. Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql (SYN_SENT) haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN) Thanks for nudging me in the right direction. All I had to hear was the word 'selinux' and from there it all fell into place! Thanks!! Tim On Fri, Jul 24, 2015 at 8:20 PM, Gmail wrote: I could be completely wrong here and I am curious to know the answer myself. Please don't take this as a solution, just my thoughts. First, you can not use backend ip-address of 10.x.x.x subnet because each account's V
Re: haproxy can't bind to mysql port
I am uncertain about syntax but the diff is "appname" of sorts for the port 80 listener. Someone may comment with more details ; Earlier = *listen 0.0.0.0:80 [ no app name string ] Now= listen jokefire 0.0.0.0:80 [ app name == jokefire and also no astrisk visible ] Maybe attempt restart without any appname and also with/without that asterisk. Deep dives need more awareness. Glad all settled. Cheers, ; Yuan On 07/25/2015 11:51 PM, Tim Dunphy wrote: Yuan, maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan I modified a config from your blog that you showed me and came up with this: global log 127.0.0.1 local0 notice maxconn 2000 user haproxy group haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch timeout connect 5000 timeout client 1 timeout server 1 listen jokefire 0.0.0.0:80 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth admin:secret balance roundrobin option httpclose option forwardfor server varnish1 10.10.10.5:80 check server varnish2 10.10.10.6:80 check listen mysql-cluster bind 0.0.0.0:3306 mode tcp balance roundrobin maxconn 5200 option mysql-check user haproxy_root server mysql-1 10.10.10.7:3306 check server mysql-2 10.10.10.8:3306 check And that seemed to work. I can see that both ports are listening now: [root@ha1:/etc/haproxy] #lsof -i :80 -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 27136 haproxy4u IPv4 7563913 0t0 TCP *:http (LISTEN) haproxy 27136 haproxy6u IPv4 7563915 0t0 TCP *:mysql (LISTEN) Although I am not aware of the real difference between this and my previous config that allows this to work is. Not a huge issue at this point since it's working. But if anyone wants to take a stab at this, be my guest! Thanks, Tim On Sat, Jul 25, 2015 at 12:15 AM, Gmail wrote: maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan On 07/25/2015 12:10 PM, Igor Cicimov wrote: You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right now actually what I was discussing was a hobby environment. And actually if I could bother you guys one more time, I do have one more issue to solve. LOL And this time it's guaranteed not to be an SELinux issue. Because I tried running haproxy with SELInux on and off this time. But what's happening now, is that HA/Proxy is not creating the http port for the 'stats' interface. I've setup stats to listen on port 80. But for some reason that's not happening. Here's my config one more time, with the trouble part in bold: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 0.0.0.0:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 52.3.28.48:3306 check server mysql-2 52.2.0.176:3306 check *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable stats uri /stats realm Strictly\ Privatestats auth admin:secret* Currently haproxy is listening on the first port specified* - 3306 - *but not listening on port 80. Observe: [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)* [root@ha1:/etc/haproxy] #lsof -i :80 [root@ha1:/etc/haproxy] # [root@ha1:/etc/haproxy] #telnet localhost 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Port 80 simply isn't listening. And this time, I can't blame it on SELinux being on: [root@ha1:/etc/haproxy] #getenforce Permissive I've grepped thru /var/log/messages but not turned up any clues to this one. And I really would like to get the stats interface up and running. Any thoughts here? I'm wondering what I can do to get stats working. Thanks, Tim On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it started right up!!! And port 3306 was listening. Then I consulted with audit2why and saw the following: type=AVC msg=audit(1437786617.963:2885
Re: haproxy can't bind to mysql port
Also, lsof output shows PID = 11653 and the user/owner/launcher of the process = haproxy. cheers, ; Yuan On 07/26/2015 12:13 AM, Gmail wrote: I am uncertain about syntax but the diff is "appname" of sorts for the port 80 listener. Someone may comment with more details ; Earlier = *listen 0.0.0.0:80 [ no app name string ] Now= listen jokefire 0.0.0.0:80 [ app name == jokefire and also no astrisk visible ] Maybe attempt restart without any appname and also with/without that asterisk. Deep dives need more awareness. Glad all settled. Cheers, ; Yuan On 07/25/2015 11:51 PM, Tim Dunphy wrote: Yuan, maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan I modified a config from your blog that you showed me and came up with this: global log 127.0.0.1 local0 notice maxconn 2000 user haproxy group haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch timeout connect 5000 timeout client 1 timeout server 1 listen jokefire 0.0.0.0:80 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth admin:secret balance roundrobin option httpclose option forwardfor server varnish1 10.10.10.5:80 check server varnish2 10.10.10.6:80 check listen mysql-cluster bind 0.0.0.0:3306 mode tcp balance roundrobin maxconn 5200 option mysql-check user haproxy_root server mysql-1 10.10.10.7:3306 check server mysql-2 10.10.10.8:3306 check And that seemed to work. I can see that both ports are listening now: [root@ha1:/etc/haproxy] #lsof -i :80 -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 27136 haproxy4u IPv4 7563913 0t0 TCP *:http (LISTEN) haproxy 27136 haproxy6u IPv4 7563915 0t0 TCP *:mysql (LISTEN) Although I am not aware of the real difference between this and my previous config that allows this to work is. Not a huge issue at this point since it's working. But if anyone wants to take a stab at this, be my guest! Thanks, Tim On Sat, Jul 25, 2015 at 12:15 AM, Gmail wrote: maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan On 07/25/2015 12:10 PM, Igor Cicimov wrote: You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right now actually what I was discussing was a hobby environment. And actually if I could bother you guys one more time, I do have one more issue to solve. LOL And this time it's guaranteed not to be an SELinux issue. Because I tried running haproxy with SELInux on and off this time. But what's happening now, is that HA/Proxy is not creating the http port for the 'stats' interface. I've setup stats to listen on port 80. But for some reason that's not happening. Here's my config one more time, with the trouble part in bold: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 0.0.0.0:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 52.3.28.48:3306 check server mysql-2 52.2.0.176:3306 check *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable stats uri /stats realm Strictly\ Privatestats auth admin:secret* Currently haproxy is listening on the first port specified* - 3306 - *but not listening on port 80. Observe: [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)* [root@ha1:/etc/haproxy] #lsof -i :80 [root@ha1:/etc/haproxy] # [root@ha1:/etc/haproxy] #telnet localhost 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Port 80 simply isn't listening. And this time, I can't blame it on SELinux being on: [root@ha1:/etc/haproxy] #getenforce Permissive I've grepped thru /var/log/messages but not turned up any clues to this one. And I really would like to get the stats interface up and running. Any thoughts here? I'm wondering what I can do to get stats working. Thanks, Tim On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it s
Support For Postfix
Hi I am struggling with haproxy and postfix the load balance works well but it doesnt send the client ip address to the backend servers I think it because of postfix configuration this what I get /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: postscreen_upstream_proxy_protocol=haproxy I dont know what to do for postfix recognize this configuration thank you
Re: Support For Postfix
Hi, thanks for the reply 2.9.6 On Sun, 15 Mar 2015 19:04:51 +0200, Aleksandar Lazic wrote: Hi Am 15-03-2015 15:02, schrieb adcd gmail: Hi I am struggling with haproxy and postfix the load balance works well but it doesnt send the client ip address to the backend servers I think it because of postfix configuration this what I get /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: postscreen_upstream_proxy_protocol=haproxy I dont know what to do for postfix recognize this configuration thank you Which version of postfix do you use? postconf mail_version http://www.postfix.org/postconf.5.html#postscreen_upstream_proxy_protocol # postscreen_upstream_proxy_protocol (default: empty) The name of the proxy protocol used by an optional before-postscreen proxy agent. When a proxy agent is used, this protocol conveys local and remote address and port information. Specify "postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy protocol. This feature is available in Postfix 2.10 and later. # Cheers A -- Using Opera's mail client: http://www.opera.com/mail/
Need help with configuration its not working on a new Archlinux VPS
This is the haproxy.cfg file I have been running for years on an Ubuntu 12 VPS, I just installed this on an Archlinux VPS and its not working. Note: acl has_path path / reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if has_path This is because its a Wt app and needs a url that starts off with a ww in this case: http://wittywizard.org/ww/en/blue/ and I do not want the www redirect prefix http://wittywizard.org code 301 if { hdr(host) -i www.wittywizard.org } wittywizard.org is on the new Archlinux VPS, the other sites are under the Ubuntu VPS I am running monit. If you see anything that needs to be changed or delete let me know, I am not very good at this, I just need it to work and need help. Thanks for any help. # nano -c /etc/haproxy/haproxy.cfg global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn 1000 timeout connect 5000 timeout client 5 timeout server 5 option http-server-close timeout http-keep-alive 3000 option forwardfor frontend wt bind 216.117.149:80 option http-server-close timeout http-keep-alive 3000 reqidel ^Client-IP:.* reqidel ^X-Forwarded-For:.* option forwardfor # Set inside Witty Wizard main.cpp acl has_path path / reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if has_path redirect prefix http://wittywizard.org code 301 if { hdr(host) -i www.wittywizard.org } redirect prefix http://lightwizzard.com code 301 if { hdr(host) -i www.lightwizzard.com } redirect prefix http://thedarkwizzard.com code 301 if { hdr(host) -i www.thedarkwizzard.com } redirect prefix http://greywizzard.com code 301 if { hdr(host) -i www.greywizzard.com } redirect prefix http://rodremelin.com code 301 if { hdr(host) -i www.rodremelin.com } # Note: see wthttpd.sh session-id-prefix acl srv1 url_sub wtd=wt-8060 acl srv1_up nbsrv(bck1) gt 0 use_backend bck1 if srv1_up srv1 # # Second Thread # Note: see wthttpd.sh session-id-prefix # acl srv2 url_sub wtd=wt-8061 # acl srv2_up nbsrv(bck2) gt 0 # use_backend bck2 if srv2_up srv2 has_ww_uri # default_backend bck_lb backend bck_lb balance roundrobin server srv1 216.117.149.91:8060 track bck1/srv1 # server srv2 108.59.251.28:8060 track bck1/srv1 backend bck1 balance roundrobin server srv1 216.117.149.91:8060 check # server srv2 108.59.251.28:8060 check backend bck2 balance roundrobin server srv2 216.117.149.91:8061 check # server srv2 108.59.251.28:8060 check # EOF #
Need help with configuration file
Below is the configuration, what I need is for all urls like http//domain.tdl/ww/... to use back end 1 or 2 or default load balancer, and all other request to go to Apache, but I get an error: [ALERT] 170/013846 (5151) : parsing [/etc/haproxy/haproxy.cfg:43] : error detected while parsing switching rule. at: use_backend bck1 if srv1_up srv1 and if has_ww_uri use_backend bck2 if srv2_up srv2 and if has_ww_uri is there something I did wrong in my use of "and"? I will use my IP address in place of 0.0.0.0 I also want to redirect www to root, and have a status page, thanks for any help. # nano /etc/haproxy/haproxy.cfg global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon stats socket/tmp/haproxy defaults log global modehttp option httplog option dontlognull option http-server-close option http-pretend-keepalive option forwardfor option originalto retries 3 option redispatch maxconn2048 contimeout 5000 clitimeout 5 srvtimeout 5 option httpclose frontend wt bind 0.0.0.0:80 # option http-server-close # HTTP keepalive without killing Apache redirect prefix http://domain.com code 301 if { hdr(host) -i www.domain.com } # acl has_ww_uri path_beg -i /ww # acl srv1 url_sub wtd=wt1 acl srv2 url_sub wtd=wt2 acl srv1_up nbsrv(bck1) gt 0 acl srv2_up nbsrv(bck2) gt 0 use_backend bck1 if srv1_up srv1 and if has_ww_uri use_backend bck2 if srv2_up srv2 and if has_ww_uri use_backend bck_lb if has_ww_uri default_backend apache backend apache # option http-server-close # HTTP keepalive without killing Apache # set the maxconn parameter below to match Apache's MaxClients minus one or two connections so that you can still directly connect to it. server srv 127.0.0.1:8080 maxconn 254 backend bck_lb balance roundrobin server srv1 0.0.0.0:8088 track bck1/srv1 server srv2 0.0.0.0:8089 track bck2/srv2 backend bck1 balance roundrobin server srv1 0.0.0.0:8088 check backend bck2 balance roundrobin server srv2 0.0.0.0:8089 check # haproxy stat http://domain.tld:1936/haproxy?stats listen stats :1936 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth userName:Password # EOF #
How can I rewrite based on path?
I have an acl rule to see if path begins with /ww as in domain.tdl/ww/en... acl has_ww_uri path_beg -i /ww If it is just the domain.tdl, I want to rewrite it to /ww I also have static content I do not want to rename, so I added this rule acl url_static path_end .gif .png .jpg .css .js .pdf .m4v I want to do something like: !has_ww_uri !url_static reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 But this does not work, does anyone have any idea how I can do this? Do I have to create a backend to do the rewrite? use_backend needsrewrite if !has_ww_uri !url_static backend needsrewrite reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 or this server Backend1 10.0.0.1:80 redir http:// www.example.com/backend1 ... Because I have more logic that this would bypass, like all my checks to see what servers are up, so I would have to have more backends defined for this to work, so I thought I would ask first for an easier way. Is there a way to modify this to work: redirect location http://domain.tdl/ww code 301 if !has_ww_uri so I do not have to use a full url, since I might have many on this account, so its not hard coded: redirect location /ww code 301 if !has_ww_uri I do not have Apache Loaded, so I can not use mod_rewrite, this is a Wt Application running httpd. Thanks
Is it possible to rewrite or redirect based on path
I have an acl rule to see if path begins with /ww as in domain.tdl/ww/en... acl has_ww_uri path_beg -i /ww If it is just the domain.tdl, I want to rewrite it to /ww ~ example.com/ww Do I do it like something like this: !has_ww_uri reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 But this does not work, does anyone have any idea how I can do this? Do I have to create a backend to do the rewrite? use_backend needsrewrite if !has_ww_uri backend needsrewrite reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 or this server Backend1 10.0.0.1:80 redir http:// example.com/backend1 ... Because I have more logic that this would bypass, like all my checks to see what servers are up, so I would have to have more backends defined for this to work, so I thought I would ask first for an easier way. Is there a way to modify this to work: redirect location http://domain.tdl/ww code 301 if !has_ww_uri so I do not have to use a full url, since I might have many on this account, so its not hard coded: redirect location /ww code 301 if !has_ww_uri I do not have Apache Loaded, so I can not use mod_rewrite, this is a Wt Application running httpd. Thanks
Need help with haproxy config
Below is my haproxy config, I have 1 server and 1 backend for testing This is a Wt wthttpd app, with no Apache loaded, Problem I have is that the path to the app seems to change when running from port 80 or haproxy, meaning I lost all my style sheets and resources, not sure what the path is at this point. if I pull the site up with the port address mad-news.net:8060/ww/en/, the path is fine, Also it crashes after running a while, I have monit loaded, so eventually (minute or two) it will restart, not sure how to troubleshoot that failure, the app runs for weeks with no problems by itself. Current url is mad-news.net/ww/en. Also, does haproxy stats require Apache or web server to run? Thanks for any help. # global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn1000 #contimeout 5000 # haproxy 1.4 timeout connect 5000 #clitimeout 5 # haproxy 1.4 timeout client 5 #srvtimeout 5 # haproxy 1.4 timeout server 5 #option httpclose #option http-server-close # HTTP keepalive without killing Apache #option http-pretend-keepalive #option forwardfor #option originalto frontend wt bind 216.224.185.71:80 # bind 108.59.251.28:80 # bind 0.0.0.0:80 # option http-server-close # HTTP keepalive without killing Apache # acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri # redirect prefix http://mad-news.net code 301if { hdr(host) -i www.mad-news.net } redirect prefix http://wittywizard.org code 301 if { hdr(host) -i www.wittywizard.org } redirect prefix http://lightwizzard.com code 301if { hdr(host) -i www.lightwizzard.com } redirect prefix http://vetshelpcenter.com code 301 if { hdr(host) -i www.vetshelpcenter.com } # Note: see wthttpd.sh session-id-prefix acl srv1 url_sub wtd=wt-8060 acl srv1_up nbsrv(bck1) gt 0 use_backend bck1 if srv1_up srv1 default_backend bck_lb backend bck_lb balance roundrobin server srv1 216.224.185.71:8060 track bck1/srv1 # server srv2 108.59.251.28:8061 track bck2/srv2 backend bck1 balance roundrobin server srv1 216.224.185.71:8060 check #server srv2 108.59.251.28:8060 check
Need help with url rewrite
I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I want to rewrite the url to include the ww, I tried the below, it works, but changes the path or something, because it cause the resources like css and images to not appear (404), does anyone know how to fix this or do this the right way? acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
Re: Need help with url rewrite
I have a URL lets say: http://example.com I want it to be rewritten by haproxy to: http://example.com/ww All I want is for haproxy to rewrite the URL only if it does not have any path, ie http://example.com, then add the ww to it, so it becomes http://example.com/ww I do not have Apache on the server, so not mod_rewrite. I hope this is clear enough, not sure how else to say it. Thanks On Thu, 2014-07-03 at 22:40 +0200, Baptiste wrote: > On Thu, Jul 3, 2014 at 9:38 PM, Jeffrey Scott Flesher Gmail > wrote: > > I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I > > want to rewrite the url to include the ww, > > I tried the below, it works, but changes the path or something, > > because it cause the resources like css and images to not appear (404), > > does anyone know how to fix this or do this the right way? > > > > acl has_ww_uri path_beg -i /ww > > reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri > > > > Hi Jeffrey, > > Can you clarify a bit your question, cause you're confusing me. > please send us an example of what you get in HAProxy and how you want > it out after HAProxy has rewritten it. > > Baptiste
Re: Need help with url rewrite
If a Picture is worth a 1000 Words: If the url does not have any path like this: http://mad-news.net/ acl has_ww_uri path_beg -i /ww returns false reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri http://mad-news.net/ww/en/ it adds the ww, the program with is wthttpd (Wt) defaults to en for language control Just to show you how the site looks at port 8060: http://mad-news.net:8060/ww/en/ If I comment the code, the site looks fine. Note: I want only the first path to work: http://mad-news.net/this/ww fails to work for the rule, it does this: http://mad-news.net/ww/this/this/ww which is not what I want, so how do I write a rule to cover this? Note: If the ww is not there, the Wt app will ignore the request, results in 404 http://wittywizard.org/ vs http://wittywizard.org/ww. There is no way around this behavior is I want to have a pretty URL. My whole config, Note that it works the same in 1.4 and 1.5, but this is: HA-Proxy version 1.5.1 2014/06/24: global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon # pidfile /var/run/haproxy.pid # stats socket /var/run/haproxy.stat mode 600 # stats socket /tmp/haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn1000 #contimeout 5000 # haproxy 1.4 timeout connect 5000 #clitimeout 5 # haproxy 1.4 timeout client 5 #srvtimeout 5 # haproxy 1.4 timeout server 5 frontend wt bind 216.224.185.71:80 # Set inside Witty Wizard main.cpp acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri redirect prefix http://wittywizard.org code 301 if { hdr(host) -i www.wittywizard.org } # Note: see wthttpd.sh session-id-prefix acl srv1 url_sub wtd=wt-8060 acl srv1_up nbsrv(bck1) gt 0 use_backend bck1 if srv1_up srv1 # Second Thread # Note: see wthttpd.sh session-id-prefix # acl srv2 url_sub wtd=wt-8061 # acl srv2_up nbsrv(bck2) gt 0 # use_backend bck2 if srv2_up srv2 has_ww_uri # default_backend bck_lb # backend bck_lb balance roundrobin #server srv1 108.59.251.28:8060 track bck1/srv1 server srv1 216.224.185.71:8060 track bck1/srv1 backend bck1 balance roundrobin #server srv1 108.59.251.28:8060 check server srv1 216.224.185.71:8060 check backend bck2 balance roundrobin #server srv2 108.59.251.28:8061 check server srv2 216.224.185.71:8060 check As you can see, the path seems to have changed, not sure what is going on, any ideas? Thanks On Thu, 2014-07-03 at 22:40 +0200, Baptiste wrote: > On Thu, Jul 3, 2014 at 9:38 PM, Jeffrey Scott Flesher Gmail > wrote: > > I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I > > want to rewrite the url to include the ww, > > I tried the below, it works, but changes the path or something, > > because it cause the resources like css and images to not appear (404), > > does anyone know how to fix this or do this the right way? > > > > acl has_ww_uri path_beg -i /ww > > reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri > > > > Hi Jeffrey, > > Can you clarify a bit your question, cause you're confusing me. > please send us an example of what you get in HAProxy and how you want > it out after HAProxy has rewritten it. > > Baptiste
How do you tell if a url has a path
I want to check the URL to see if any path is passed, http://domain.tdl or http://domain.tdl/ as such, both of these are considered not to have a path, my problem is that I only want to rewrite the path, if either of the two are true, meaning it has no path, this fails: acl has_path_uri path_beg -i / If the url has no path I want to add a ww to it as such: http://domain.tdl/ww so that my wthttp app will work, but if I use acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri it rewrites every url that does not have ww in it, which is not what I want, because it rewrites resources like css and images, so how do I determine if the url has no path? Thanks for any help.