Re: How to run "tests" after building Haproxy 1.5?
Maybe use software like Tsung, httpress etc. regards, ; Yuan On 07/23/2015 01:33 AM, Rishi Misra wrote: Hello, I rebuilt haproxy1.5 from source and it compiled and runs fine. But how do i run unit/regression tests on it? I notice that there is a "tests" folder but unable to fin documentation on how to run them. Thanks for any tips.
Re: haproxy can't bind to mysql port
Nice.
Do you use selinux in prod.
regards,
; Yuan
On 07/25/2015 09:17 AM, Tim Dunphy wrote:
Bingo!!!
The problem was with SELinux. Not sure what took me so long to think of
it...!!!
So set the mysql listener back to port 3306. Turned off SELinux with
setenforce 0. Then it started right up!!! And port 3306 was listening.
Then I consulted with audit2why and saw the following:
type=AVC msg=audit(1437786617.963:28856863): avc: denied { name_connect }
for pid=29175 comm="haproxy" dest=3306
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
Was caused by:
The boolean haproxy_connect_any was set incorrectly.
Description:
Allow haproxy to connect any
Allow access by executing:
# *setsebool -P haproxy_connect_any 1*
I just ran that command you see above in bold, and then all was right with
the world.
[root@ha1:/etc/haproxy] #systemctl status haproxy
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled)
Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago
Main PID: 30618 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─30618 /usr/sbin/haproxy-systemd-wrapper -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid
├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
└─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer...
Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer.
Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]:
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
[root@ha1:/etc/haproxy] #lsof -i :3306
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP
ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql
(SYN_SENT)
haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN)
Thanks for nudging me in the right direction. All I had to hear was the
word 'selinux' and from there it all fell into place!
Thanks!!
Tim
On Fri, Jul 24, 2015 at 8:20 PM, Gmail wrote:
I could be completely wrong here and I am curious to know the answer
myself. Please don't take this as a solution, just my thoughts.
First, you can not use backend ip-address of 10.x.x.x subnet because each
account's VPC is seggregated. If you do want to use 10.X.X.X ipadress you
have to setup a inter VPC endpoint in AWS. I would just use EIP.
For the port 3306, try to use nc to listen on that port or iperf. Do yo
uhave iptables turned on.
I would check "systemctl -l status haproxy.service"
I would check lsof -i why can't bind to 3306 on loopback ipaddress.
I would check iptables or selinux preventing the bind.
It wil be interesting to know the source ipaddress of MySQL client ec2
instance.
Interesting if you can Copy/paste output of "telnet
3306" from mysql client ec2 instance , here.
Interesting if you can Copy/paste output of "telnet 10.10.10.10 3306"
from haproxy ec2 instances, here.
Interesting if you can Copy/paste output of "telnet 10.10.10.11 3306"
from haproxy ec2 instances, here.
I I was doing this, maybe I would consider testing something like ;
..
frontend mysql_lb_fe 0.0.0.0:3306
acl host_myql_lb hdr(host) -i mysql-lb
..
..
use_backend mysql_lb_backend if host mysql_lb
..
..
backend mysql_lb_be
..
..
option mysql-check user haproxy_check
balance roundrobin
server mysql-1 10.10.10.10:3306 check
server mysql-2 10.10.10.11:3306 check
Thanks,
; Yuan
On 07/25/2015 06:41 AM, Tim Dunphy wrote:
Hello Nenad,
Jul 24 03:44:18 ha1 haproxy-systemd-wrapper[25034]: [ALERT]
204/034418 (25035) : *Starting proxy mysql-cluster: cannot bind
s...:3306]*
Nothing listening on the port I'm trying to bind to: 3306
[root@ha1:~] #ss -lpt | fgrep 3306
[root@ha1:~] #lsof -i :3306
[root@ha1:~] #netstat -tulpn | grep -i listen | grep 3306
[root@ha1:~] #
While we're on the subject of listening ports, here's a list of all
listening ports on the haproxy host:
[root@ha1:~] #netstat -tulpn | grep -i listen
tcp0 0 0.0.0.0:35145 0.0.0.0:*
LISTEN -
tcp0 0 0.0.0.0:56814 0.0.0.0:*
LISTEN 16346/rpc.statd
tcp0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 16455/rpcbind
tcp0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 16396/sshd
tcp6 0 0 :::49349:::*
LISTEN 16346/rpc.statd
tcp6 0 0 :::111 :::*
LISTEN 16455/rpcbind
tcp6 0 0 :::47314:::*
LISTEN -
tcp6 0 0 :::22 :::*
LISTEN 16396/sshd
I thought I wa
Re: haproxy can't bind to mysql port
maybe something here http://lnxmon.com/haproxy/
Thanks,
; Yuan
On 07/25/2015 12:10 PM, Igor Cicimov wrote:
You need to run haproxy as root to bind to ports lower than 1024
On 25/07/2015 1:36 PM, "Tim Dunphy" wrote:
Hi Yuan,
Nice.
Do you use selinux in prod.
regards,
; Yuan
Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby
environments. And right now actually what I was discussing was a hobby
environment.
And actually if I could bother you guys one more time, I do have one more
issue to solve. LOL
And this time it's guaranteed not to be an SELinux issue. Because I tried
running haproxy with SELInux on and off this time.
But what's happening now, is that HA/Proxy is not creating the http port
for the 'stats' interface. I've setup stats to listen on port 80. But for
some reason that's not happening.
Here's my config one more time, with the trouble part in bold:
global
log 127.0.0.1 local0 notice
user haproxy
group haproxy
defaults
log global
retries 2
timeout connect 3000
timeout server 5000
timeout client 5000
listen mysql-cluster
bind 0.0.0.0:3306
mode tcp
option mysql-check user haproxy_check
balance roundrobin
server mysql-1 52.3.28.48:3306 check
server mysql-2 52.2.0.176:3306 check
*listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable
stats uri /stats realm Strictly\ Privatestats auth admin:secret*
Currently haproxy is listening on the first port specified* - 3306 - *but
not listening on port 80.
Observe:
[root@ha1:/etc/haproxy] #lsof -i :3306
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
*haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)*
[root@ha1:/etc/haproxy] #lsof -i :80
[root@ha1:/etc/haproxy] #
[root@ha1:/etc/haproxy] #telnet localhost 80
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Port 80 simply isn't listening.
And this time, I can't blame it on SELinux being on:
[root@ha1:/etc/haproxy] #getenforce
Permissive
I've grepped thru /var/log/messages but not turned up any clues to this
one.
And I really would like to get the stats interface up and running.
Any thoughts here? I'm wondering what I can do to get stats working.
Thanks,
Tim
On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote:
Nice.
Do you use selinux in prod.
regards,
; Yuan
On 07/25/2015 09:17 AM, Tim Dunphy wrote:
Bingo!!!
The problem was with SELinux. Not sure what took me so long to think of
it...!!!
So set the mysql listener back to port 3306. Turned off SELinux with
setenforce 0. Then it started right up!!! And port 3306 was listening.
Then I consulted with audit2why and saw the following:
type=AVC msg=audit(1437786617.963:28856863): avc: denied {
name_connect }
for pid=29175 comm="haproxy" dest=3306
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
Was caused by:
The boolean haproxy_connect_any was set incorrectly.
Description:
Allow haproxy to connect any
Allow access by executing:
# *setsebool -P haproxy_connect_any 1*
I just ran that command you see above in bold, and then all was right
with
the world.
[root@ha1:/etc/haproxy] #systemctl status haproxy
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled)
Active: active (running) since Sat 2015-07-25 01:14:53 UTC; 33s ago
Main PID: 30618 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─30618 /usr/sbin/haproxy-systemd-wrapper -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid
├─30619 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
└─30620 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid -Ds
Jul 25 01:14:53 ha1 systemd[1]: Starting HAProxy Load Balancer...
Jul 25 01:14:53 ha1 systemd[1]: Started HAProxy Load Balancer.
Jul 25 01:14:53 ha1 haproxy-systemd-wrapper[30618]:
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
[root@ha1:/etc/haproxy] #lsof -i :3306
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 30620 haproxy1u IPv4 7075172 0t0 TCP
ha1.example.com:55499->ec2-52-2-0-xxx.compute-1.amazonaws.com:mysql
(SYN_SENT)
haproxy 30620 haproxy4u IPv4 7074731 0t0 TCP *:mysql (LISTEN)
Thanks for nudging me in the right direction. All I had to hear was the
word 'selinux' and from there it all fell into place!
Thanks!!
Tim
On Fri, Jul 24, 2015 at 8:20 PM, Gmail wrote:
I could be completely wrong here and I am curious to know the answer
myself. Please don't take this as a solution, just my thoughts.
First, you can not use backend ip-address of 10.x.x.x subnet because
each
account's V
Re: haproxy can't bind to mysql port
I am uncertain about syntax but the diff is "appname" of sorts for the port 80 listener. Someone may comment with more details ; Earlier = *listen 0.0.0.0:80 [ no app name string ] Now= listen jokefire 0.0.0.0:80 [ app name == jokefire and also no astrisk visible ] Maybe attempt restart without any appname and also with/without that asterisk. Deep dives need more awareness. Glad all settled. Cheers, ; Yuan On 07/25/2015 11:51 PM, Tim Dunphy wrote: Yuan, maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan I modified a config from your blog that you showed me and came up with this: global log 127.0.0.1 local0 notice maxconn 2000 user haproxy group haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch timeout connect 5000 timeout client 1 timeout server 1 listen jokefire 0.0.0.0:80 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth admin:secret balance roundrobin option httpclose option forwardfor server varnish1 10.10.10.5:80 check server varnish2 10.10.10.6:80 check listen mysql-cluster bind 0.0.0.0:3306 mode tcp balance roundrobin maxconn 5200 option mysql-check user haproxy_root server mysql-1 10.10.10.7:3306 check server mysql-2 10.10.10.8:3306 check And that seemed to work. I can see that both ports are listening now: [root@ha1:/etc/haproxy] #lsof -i :80 -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 27136 haproxy4u IPv4 7563913 0t0 TCP *:http (LISTEN) haproxy 27136 haproxy6u IPv4 7563915 0t0 TCP *:mysql (LISTEN) Although I am not aware of the real difference between this and my previous config that allows this to work is. Not a huge issue at this point since it's working. But if anyone wants to take a stab at this, be my guest! Thanks, Tim On Sat, Jul 25, 2015 at 12:15 AM, Gmail wrote: maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan On 07/25/2015 12:10 PM, Igor Cicimov wrote: You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right now actually what I was discussing was a hobby environment. And actually if I could bother you guys one more time, I do have one more issue to solve. LOL And this time it's guaranteed not to be an SELinux issue. Because I tried running haproxy with SELInux on and off this time. But what's happening now, is that HA/Proxy is not creating the http port for the 'stats' interface. I've setup stats to listen on port 80. But for some reason that's not happening. Here's my config one more time, with the trouble part in bold: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 0.0.0.0:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 52.3.28.48:3306 check server mysql-2 52.2.0.176:3306 check *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable stats uri /stats realm Strictly\ Privatestats auth admin:secret* Currently haproxy is listening on the first port specified* - 3306 - *but not listening on port 80. Observe: [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)* [root@ha1:/etc/haproxy] #lsof -i :80 [root@ha1:/etc/haproxy] # [root@ha1:/etc/haproxy] #telnet localhost 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Port 80 simply isn't listening. And this time, I can't blame it on SELinux being on: [root@ha1:/etc/haproxy] #getenforce Permissive I've grepped thru /var/log/messages but not turned up any clues to this one. And I really would like to get the stats interface up and running. Any thoughts here? I'm wondering what I can do to get stats working. Thanks, Tim On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it started right up!!! And port 3306 was listening. Then I consulted with audit2why and saw the following: type=AVC msg=audit(1437786617.963:2885
Re: haproxy can't bind to mysql port
Also, lsof output shows PID = 11653 and the user/owner/launcher of the process = haproxy. cheers, ; Yuan On 07/26/2015 12:13 AM, Gmail wrote: I am uncertain about syntax but the diff is "appname" of sorts for the port 80 listener. Someone may comment with more details ; Earlier = *listen 0.0.0.0:80 [ no app name string ] Now= listen jokefire 0.0.0.0:80 [ app name == jokefire and also no astrisk visible ] Maybe attempt restart without any appname and also with/without that asterisk. Deep dives need more awareness. Glad all settled. Cheers, ; Yuan On 07/25/2015 11:51 PM, Tim Dunphy wrote: Yuan, maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan I modified a config from your blog that you showed me and came up with this: global log 127.0.0.1 local0 notice maxconn 2000 user haproxy group haproxy defaults log global modehttp option httplog option dontlognull retries 3 option redispatch timeout connect 5000 timeout client 1 timeout server 1 listen jokefire 0.0.0.0:80 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth admin:secret balance roundrobin option httpclose option forwardfor server varnish1 10.10.10.5:80 check server varnish2 10.10.10.6:80 check listen mysql-cluster bind 0.0.0.0:3306 mode tcp balance roundrobin maxconn 5200 option mysql-check user haproxy_root server mysql-1 10.10.10.7:3306 check server mysql-2 10.10.10.8:3306 check And that seemed to work. I can see that both ports are listening now: [root@ha1:/etc/haproxy] #lsof -i :80 -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 27136 haproxy4u IPv4 7563913 0t0 TCP *:http (LISTEN) haproxy 27136 haproxy6u IPv4 7563915 0t0 TCP *:mysql (LISTEN) Although I am not aware of the real difference between this and my previous config that allows this to work is. Not a huge issue at this point since it's working. But if anyone wants to take a stab at this, be my guest! Thanks, Tim On Sat, Jul 25, 2015 at 12:15 AM, Gmail wrote: maybe something here http://lnxmon.com/haproxy/ Thanks, ; Yuan On 07/25/2015 12:10 PM, Igor Cicimov wrote: You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, "Tim Dunphy" wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right now actually what I was discussing was a hobby environment. And actually if I could bother you guys one more time, I do have one more issue to solve. LOL And this time it's guaranteed not to be an SELinux issue. Because I tried running haproxy with SELInux on and off this time. But what's happening now, is that HA/Proxy is not creating the http port for the 'stats' interface. I've setup stats to listen on port 80. But for some reason that's not happening. Here's my config one more time, with the trouble part in bold: global log 127.0.0.1 local0 notice user haproxy group haproxy defaults log global retries 2 timeout connect 3000 timeout server 5000 timeout client 5000 listen mysql-cluster bind 0.0.0.0:3306 mode tcp option mysql-check user haproxy_check balance roundrobin server mysql-1 52.3.28.48:3306 check server mysql-2 52.2.0.176:3306 check *listen 0.0.0.0:80 <http://0.0.0.0:80>mode httpstats enable stats uri /stats realm Strictly\ Privatestats auth admin:secret* Currently haproxy is listening on the first port specified* - 3306 - *but not listening on port 80. Observe: [root@ha1:/etc/haproxy] #lsof -i :3306 COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME *haproxy 11653 haproxy4u IPv4 7145270 0t0 TCP *:mysql (LISTEN)* [root@ha1:/etc/haproxy] #lsof -i :80 [root@ha1:/etc/haproxy] # [root@ha1:/etc/haproxy] #telnet localhost 80 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Port 80 simply isn't listening. And this time, I can't blame it on SELinux being on: [root@ha1:/etc/haproxy] #getenforce Permissive I've grepped thru /var/log/messages but not turned up any clues to this one. And I really would like to get the stats interface up and running. Any thoughts here? I'm wondering what I can do to get stats working. Thanks, Tim On Fri, Jul 24, 2015 at 10:52 PM, Gmail wrote: Nice. Do you use selinux in prod. regards, ; Yuan On 07/25/2015 09:17 AM, Tim Dunphy wrote: Bingo!!! The problem was with SELinux. Not sure what took me so long to think of it...!!! So set the mysql listener back to port 3306. Turned off SELinux with setenforce 0. Then it s
Support For Postfix
Hi I am struggling with haproxy and postfix the load balance works well but it doesnt send the client ip address to the backend servers I think it because of postfix configuration this what I get /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: postscreen_upstream_proxy_protocol=haproxy I dont know what to do for postfix recognize this configuration thank you
Re: Support For Postfix
Hi, thanks for the reply 2.9.6 On Sun, 15 Mar 2015 19:04:51 +0200, Aleksandar Lazic wrote: Hi Am 15-03-2015 15:02, schrieb adcd gmail: Hi I am struggling with haproxy and postfix the load balance works well but it doesnt send the client ip address to the backend servers I think it because of postfix configuration this what I get /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: postscreen_upstream_proxy_protocol=haproxy I dont know what to do for postfix recognize this configuration thank you Which version of postfix do you use? postconf mail_version http://www.postfix.org/postconf.5.html#postscreen_upstream_proxy_protocol # postscreen_upstream_proxy_protocol (default: empty) The name of the proxy protocol used by an optional before-postscreen proxy agent. When a proxy agent is used, this protocol conveys local and remote address and port information. Specify "postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy protocol. This feature is available in Postfix 2.10 and later. # Cheers A -- Using Opera's mail client: http://www.opera.com/mail/
Need help with configuration its not working on a new Archlinux VPS
This is the haproxy.cfg file I have been running for years on an Ubuntu
12 VPS, I just installed this on an Archlinux VPS and its not working.
Note:
acl has_path path /
reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if has_path
This is because its a Wt app and needs a url that starts off with a ww
in this case:
http://wittywizard.org/ww/en/blue/
and I do not want the www
redirect prefix http://wittywizard.org code 301 if { hdr(host)
-i www.wittywizard.org }
wittywizard.org is on the new Archlinux VPS, the other sites are under the
Ubuntu VPS
I am running monit.
If you see anything that needs to be changed or delete let me know, I am not
very good at this, I just need it to work and need help.
Thanks for any help.
# nano -c /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
modehttp
option httplog
option dontlognull
retries 3
option redispatch
maxconn 1000
timeout connect 5000
timeout client 5
timeout server 5
option http-server-close
timeout http-keep-alive 3000
option forwardfor
frontend wt
bind 216.117.149:80
option http-server-close
timeout http-keep-alive 3000
reqidel ^Client-IP:.*
reqidel ^X-Forwarded-For:.*
option forwardfor
# Set inside Witty Wizard main.cpp
acl has_path path /
reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if has_path
redirect prefix http://wittywizard.org code 301 if {
hdr(host) -i www.wittywizard.org }
redirect prefix http://lightwizzard.com code 301 if {
hdr(host) -i www.lightwizzard.com }
redirect prefix http://thedarkwizzard.com code 301 if { hdr(host)
-i www.thedarkwizzard.com }
redirect prefix http://greywizzard.com code 301 if {
hdr(host) -i www.greywizzard.com }
redirect prefix http://rodremelin.com code 301 if {
hdr(host) -i www.rodremelin.com }
# Note: see wthttpd.sh session-id-prefix
acl srv1 url_sub wtd=wt-8060
acl srv1_up nbsrv(bck1) gt 0
use_backend bck1 if srv1_up srv1
#
# Second Thread
# Note: see wthttpd.sh session-id-prefix
# acl srv2 url_sub wtd=wt-8061
# acl srv2_up nbsrv(bck2) gt 0
# use_backend bck2 if srv2_up srv2 has_ww_uri
#
default_backend bck_lb
backend bck_lb
balance roundrobin
server srv1 216.117.149.91:8060 track bck1/srv1
# server srv2 108.59.251.28:8060 track bck1/srv1
backend bck1
balance roundrobin
server srv1 216.117.149.91:8060 check
# server srv2 108.59.251.28:8060 check
backend bck2
balance roundrobin
server srv2 216.117.149.91:8061 check
# server srv2 108.59.251.28:8060 check
# EOF #
Need help with configuration file
Below is the configuration, what I need is for all urls like
http//domain.tdl/ww/...
to use back end 1 or 2 or default load balancer,
and all other request to go to Apache, but I get an error:
[ALERT] 170/013846 (5151) : parsing [/etc/haproxy/haproxy.cfg:43] :
error detected while parsing switching rule.
at:
use_backend bck1 if srv1_up srv1 and if has_ww_uri
use_backend bck2 if srv2_up srv2 and if has_ww_uri
is there something I did wrong in my use of "and"?
I will use my IP address in place of 0.0.0.0
I also want to redirect www to root,
and have a status page,
thanks for any help.
# nano /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
stats socket/tmp/haproxy
defaults
log global
modehttp
option httplog
option dontlognull
option http-server-close
option http-pretend-keepalive
option forwardfor
option originalto
retries 3
option redispatch
maxconn2048
contimeout 5000
clitimeout 5
srvtimeout 5
option httpclose
frontend wt
bind 0.0.0.0:80
# option http-server-close # HTTP keepalive without killing Apache
redirect prefix http://domain.com code 301 if { hdr(host) -i
www.domain.com }
#
acl has_ww_uri path_beg -i /ww
#
acl srv1 url_sub wtd=wt1
acl srv2 url_sub wtd=wt2
acl srv1_up nbsrv(bck1) gt 0
acl srv2_up nbsrv(bck2) gt 0
use_backend bck1 if srv1_up srv1 and if has_ww_uri
use_backend bck2 if srv2_up srv2 and if has_ww_uri
use_backend bck_lb if has_ww_uri
default_backend apache
backend apache
# option http-server-close # HTTP keepalive without killing Apache
# set the maxconn parameter below to match Apache's MaxClients minus
one or two connections so that you can still directly connect to it.
server srv 127.0.0.1:8080 maxconn 254
backend bck_lb
balance roundrobin
server srv1 0.0.0.0:8088 track bck1/srv1
server srv2 0.0.0.0:8089 track bck2/srv2
backend bck1
balance roundrobin
server srv1 0.0.0.0:8088 check
backend bck2
balance roundrobin
server srv2 0.0.0.0:8089 check
# haproxy stat http://domain.tld:1936/haproxy?stats
listen stats :1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth userName:Password
# EOF #
How can I rewrite based on path?
I have an acl rule to see if path begins with /ww as in domain.tdl/ww/en... acl has_ww_uri path_beg -i /ww If it is just the domain.tdl, I want to rewrite it to /ww I also have static content I do not want to rename, so I added this rule acl url_static path_end .gif .png .jpg .css .js .pdf .m4v I want to do something like: !has_ww_uri !url_static reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 But this does not work, does anyone have any idea how I can do this? Do I have to create a backend to do the rewrite? use_backend needsrewrite if !has_ww_uri !url_static backend needsrewrite reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 or this server Backend1 10.0.0.1:80 redir http:// www.example.com/backend1 ... Because I have more logic that this would bypass, like all my checks to see what servers are up, so I would have to have more backends defined for this to work, so I thought I would ask first for an easier way. Is there a way to modify this to work: redirect location http://domain.tdl/ww code 301 if !has_ww_uri so I do not have to use a full url, since I might have many on this account, so its not hard coded: redirect location /ww code 301 if !has_ww_uri I do not have Apache Loaded, so I can not use mod_rewrite, this is a Wt Application running httpd. Thanks
Is it possible to rewrite or redirect based on path
I have an acl rule to see if path begins with /ww as in domain.tdl/ww/en... acl has_ww_uri path_beg -i /ww If it is just the domain.tdl, I want to rewrite it to /ww ~ example.com/ww Do I do it like something like this: !has_ww_uri reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 But this does not work, does anyone have any idea how I can do this? Do I have to create a backend to do the rewrite? use_backend needsrewrite if !has_ww_uri backend needsrewrite reqirep ^([^\ :]*)\ /(.*) \1\ /ww\2 or this server Backend1 10.0.0.1:80 redir http:// example.com/backend1 ... Because I have more logic that this would bypass, like all my checks to see what servers are up, so I would have to have more backends defined for this to work, so I thought I would ask first for an easier way. Is there a way to modify this to work: redirect location http://domain.tdl/ww code 301 if !has_ww_uri so I do not have to use a full url, since I might have many on this account, so its not hard coded: redirect location /ww code 301 if !has_ww_uri I do not have Apache Loaded, so I can not use mod_rewrite, this is a Wt Application running httpd. Thanks
Need help with haproxy config
Below is my haproxy config, I have 1 server and 1 backend for testing
This is a Wt wthttpd app, with no Apache loaded,
Problem I have is that the path to the app seems to change when running from
port 80 or haproxy,
meaning I lost all my style sheets and resources, not sure what the path is at
this point.
if I pull the site up with the port address mad-news.net:8060/ww/en/, the path
is fine,
Also it crashes after running a while,
I have monit loaded, so eventually (minute or two) it will restart,
not sure how to troubleshoot that failure, the app runs for weeks with no
problems by itself.
Current url is mad-news.net/ww/en.
Also, does haproxy stats require Apache or web server to run?
Thanks for any help.
#
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
modehttp
option httplog
option dontlognull
retries 3
option redispatch
maxconn1000
#contimeout 5000 # haproxy 1.4
timeout connect 5000
#clitimeout 5 # haproxy 1.4
timeout client 5
#srvtimeout 5 # haproxy 1.4
timeout server 5
#option httpclose
#option http-server-close # HTTP keepalive without killing Apache
#option http-pretend-keepalive
#option forwardfor
#option originalto
frontend wt
bind 216.224.185.71:80
# bind 108.59.251.28:80
# bind 0.0.0.0:80
# option http-server-close # HTTP keepalive without killing Apache
#
acl has_ww_uri path_beg -i /ww
reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
#
redirect prefix http://mad-news.net code 301if { hdr(host) -i
www.mad-news.net }
redirect prefix http://wittywizard.org code 301 if { hdr(host) -i
www.wittywizard.org }
redirect prefix http://lightwizzard.com code 301if { hdr(host) -i
www.lightwizzard.com }
redirect prefix http://vetshelpcenter.com code 301 if { hdr(host) -i
www.vetshelpcenter.com }
# Note: see wthttpd.sh session-id-prefix
acl srv1 url_sub wtd=wt-8060
acl srv1_up nbsrv(bck1) gt 0
use_backend bck1 if srv1_up srv1
default_backend bck_lb
backend bck_lb
balance roundrobin
server srv1 216.224.185.71:8060 track bck1/srv1
# server srv2 108.59.251.28:8061 track bck2/srv2
backend bck1
balance roundrobin
server srv1 216.224.185.71:8060 check
#server srv2 108.59.251.28:8060 check
Need help with url rewrite
I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I want to rewrite the url to include the ww, I tried the below, it works, but changes the path or something, because it cause the resources like css and images to not appear (404), does anyone know how to fix this or do this the right way? acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
Re: Need help with url rewrite
I have a URL lets say: http://example.com I want it to be rewritten by haproxy to: http://example.com/ww All I want is for haproxy to rewrite the URL only if it does not have any path, ie http://example.com, then add the ww to it, so it becomes http://example.com/ww I do not have Apache on the server, so not mod_rewrite. I hope this is clear enough, not sure how else to say it. Thanks On Thu, 2014-07-03 at 22:40 +0200, Baptiste wrote: > On Thu, Jul 3, 2014 at 9:38 PM, Jeffrey Scott Flesher Gmail > wrote: > > I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I > > want to rewrite the url to include the ww, > > I tried the below, it works, but changes the path or something, > > because it cause the resources like css and images to not appear (404), > > does anyone know how to fix this or do this the right way? > > > > acl has_ww_uri path_beg -i /ww > > reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri > > > > Hi Jeffrey, > > Can you clarify a bit your question, cause you're confusing me. > please send us an example of what you get in HAProxy and how you want > it out after HAProxy has rewritten it. > > Baptiste
Re: Need help with url rewrite
If a Picture is worth a 1000 Words:
If the url does not have any path like this:
http://mad-news.net/
acl has_ww_uri path_beg -i /ww
returns false
reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
http://mad-news.net/ww/en/
it adds the ww, the program with is wthttpd (Wt) defaults to en for
language control
Just to show you how the site looks at port 8060:
http://mad-news.net:8060/ww/en/
If I comment the code, the site looks fine.
Note: I want only the first path to work:
http://mad-news.net/this/ww fails to work for the rule, it does this:
http://mad-news.net/ww/this/this/ww
which is not what I want, so how do I write a rule to cover this?
Note: If the ww is not there, the Wt app will ignore the request,
results in 404 http://wittywizard.org/ vs http://wittywizard.org/ww.
There is no way around this behavior is I want to have a pretty URL.
My whole config, Note that it works the same in 1.4 and 1.5, but this
is: HA-Proxy version 1.5.1 2014/06/24:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
# pidfile /var/run/haproxy.pid
# stats socket /var/run/haproxy.stat mode 600
# stats socket /tmp/haproxy
defaults
log global
modehttp
option httplog
option dontlognull
retries 3
option redispatch
maxconn1000
#contimeout 5000 # haproxy 1.4
timeout connect 5000
#clitimeout 5 # haproxy 1.4
timeout client 5
#srvtimeout 5 # haproxy 1.4
timeout server 5
frontend wt
bind 216.224.185.71:80
# Set inside Witty Wizard main.cpp
acl has_ww_uri path_beg -i /ww
reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
redirect prefix http://wittywizard.org code 301 if { hdr(host) -i
www.wittywizard.org }
# Note: see wthttpd.sh session-id-prefix
acl srv1 url_sub wtd=wt-8060
acl srv1_up nbsrv(bck1) gt 0
use_backend bck1 if srv1_up srv1
# Second Thread
# Note: see wthttpd.sh session-id-prefix
# acl srv2 url_sub wtd=wt-8061
# acl srv2_up nbsrv(bck2) gt 0
# use_backend bck2 if srv2_up srv2 has_ww_uri
#
default_backend bck_lb
#
backend bck_lb
balance roundrobin
#server srv1 108.59.251.28:8060 track bck1/srv1
server srv1 216.224.185.71:8060 track bck1/srv1
backend bck1
balance roundrobin
#server srv1 108.59.251.28:8060 check
server srv1 216.224.185.71:8060 check
backend bck2
balance roundrobin
#server srv2 108.59.251.28:8061 check
server srv2 216.224.185.71:8060 check
As you can see, the path seems to have changed, not sure what is going on, any
ideas?
Thanks
On Thu, 2014-07-03 at 22:40 +0200, Baptiste wrote:
> On Thu, Jul 3, 2014 at 9:38 PM, Jeffrey Scott Flesher Gmail
> wrote:
> > I have a url that always begins with ww, ie http://domain.tdl/ww/en/..., I
> > want to rewrite the url to include the ww,
> > I tried the below, it works, but changes the path or something,
> > because it cause the resources like css and images to not appear (404),
> > does anyone know how to fix this or do this the right way?
> >
> > acl has_ww_uri path_beg -i /ww
> > reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri
> >
>
> Hi Jeffrey,
>
> Can you clarify a bit your question, cause you're confusing me.
> please send us an example of what you get in HAProxy and how you want
> it out after HAProxy has rewritten it.
>
> Baptiste
How do you tell if a url has a path
I want to check the URL to see if any path is passed, http://domain.tdl or http://domain.tdl/ as such, both of these are considered not to have a path, my problem is that I only want to rewrite the path, if either of the two are true, meaning it has no path, this fails: acl has_path_uri path_beg -i / If the url has no path I want to add a ww to it as such: http://domain.tdl/ww so that my wthttp app will work, but if I use acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri it rewrites every url that does not have ww in it, which is not what I want, because it rewrites resources like css and images, so how do I determine if the url has no path? Thanks for any help.
