Re: HAProxy, Set-Cookie and Cacheable Elements
Hi, Why do you want to persist a cachable request to a backend server? I use "cookie PHPSESSID prefix" to persist users only when needed. (if they got a session from logging in) Karsten Am Mittwoch, 28. April 2010 schrieb John Marrett: > I've noticed some interesting behaviour with persistance cookies and > haproxy. > > Let's say you use the following settings in your haproxy.cfg: > > cookie SERVERID insert indirect > server static1 172.25.0.10:1080 cookie server1 check inter 15s > server static2 172.25.0.11:1080 cookie server2 check inter 15s > > Any time haproxy receives a request that has no SERVERID cookie it will > set one. Unfortunately, this doesn't take into consideration the > cachability of the request. If a user receives a set-cookie in their > response, on cacheable content, and if the proxy server isn't configured > to strip Set-Cookie responses when serving from cache, all users of that > proxy server will persist to a single backend server. > > I noticed this while looking into some other issues we were having with > Set-Cookie and proxy servers (notably the great firewall of Singapore). > > Within our own application we either set Cache-Control: Private or > ensure that we don't send a Set-Cookie on content that is declared as > cacheable. I don't know if this kind of functionality could be > interested for haproxy, but I thought I'd share my findings and see if > anyone else was aware of this pattern of behaviour, if it was causing > issues, and if there is or should be a way to address this issue. > > -JohnF >
Re: ACL / hdr_dom / matching issue
Hi, you could match the complete header value with "acl aclHERODOT hdr(host) -i publisher.et.domain.com" or do somthing like use_backend ET if aclET !aclHERODOT or just swap the use_backend lines use_backend HERODOT if aclHERODOT use_backend ET if aclET Am Freitag, 4. Dezember 2009 schrieben Sie: > Hello, > > we set up an acl like below. > I got some trouble due to routing to wrong backend. > > Requests to "publisher.et.domain.com" are not forwarded to the > "Herodot" Backend. > Instead it was forwarded to "ET" backend. > > The problem was that the Domainname "publisher.et.domain.com" was > matched in the acl "aclET -i et.domain.com" too. > > In the meanwhile we swapped this two Acls. > > Is there are solution to avoid this "wildcard" behavior like > "^et.domain.com" ? > > > . > . > acl aclHERODOT hdr_dom(host) -i publisher.et.domain.com > acl aclET hdr_dom(host) -i et.domain.com > > use_backend ET if aclET > use_backend HERODOT if aclHERODOT > . > . > > regards > Krieger Bernhard > > > > This message was sent using IMP, the Internet Messaging Program. > -- Mit freundlichen Grüßen Karsten Elfenbein Entwicklung und Systemadministration erento - Der Online-Marktplatz für Mietartikel. erento GmbH Friedenstrasse 91 D-10249 Berlin Tel: +49 (30) 2000 42064 Fax: +49 (30) 2000 8449 eMail: karsten.elfenb...@erento.com - - - - - - - - - - - - - - - - - - - - - - - - - - Hotline: 01805 - 373 686 (14 ct/min.) Firmensitz der erento GmbH ist Berlin Geschäftsführer: Chris Möller & Oliver Weyergraf Handelsregister Berlin Charlottenburg, HRB 101206B - - - - - - - - - - - - - - - - - - - - - - - - - - http://www.erento.com - alles online mieten.
Re: haproxy and google SPDY
Hi, I still don't seen any real advantage of spdy over http/1.1 with pipelining. Maybe the issues with pipelining should be addressed first in the browser to webserver chain. The other big issue in relation to haproxy is currently the keepalive support as only the first header of a connection is used for L7 inspection. Breaking that up to support keepalive and pipelining would be a big issue. (one connection could result in different backends to deliver the content) (SSL/TLS would be nice to have while we are talking about that :) ) Also while translating spdy:// to http:// you would run into issues with the backend app needs to output spdy:// links on a http:// request. Am Freitag, 20. November 2009 schrieben Sie: > I am not sure if people are aware of a proposed new protocol for web from > google called SPDY. -- Mit freundlichen Grüßen Karsten Elfenbein Entwicklung und Systemadministration erento - Der Online-Marktplatz für Mietartikel. erento GmbH Friedenstrasse 91 D-10249 Berlin Tel: +49 (30) 2000 42064 Fax: +49 (30) 2000 8499 eMail: karsten.elfenb...@erento.com - - - - - - - - - - - - - - - - - - - - - - - - - - Hotline: 01805 - 373 686 (14 ct/min.) Firmensitz der erento GmbH ist Berlin Geschäftsführer: Chris Möller & Oliver Weyergraf Handelsregister Berlin Charlottenburg, HRB 101206B - - - - - - - - - - - - - - - - - - - - - - - - - - http://www.erento.com - alles online mieten.
Re: Preventing bots from starving other users?
you can just create the backend in haproxy and use the same backend server definition no need to reconfigure apache put like 7 max sessions for normal users on one backend and 2 for maxsessions on the bot backend throw in some queues and you are set Karsten Am Montag, 16. November 2009 schrieben Sie: > On Nov 16, 2009, at 1:47 PM, Karsten Elfenbein wrote: > > Just create an additional backend and assign the bots to it. > > You can set queues and max connections there as needed. > > Yes, you're right - that's probably the best solution. I'll create an extra > apache process on the same server that will handle the bot subnet. No > extra hardware needed. Thanks! > > The wiki in question is TWiki - very flexible but very bad at caching what > it does. Basically, for each page view the complete interpreter and all > plugins get loaded. > > Wout. > -- Mit freundlichen Grüßen Karsten Elfenbein Entwicklung und Systemadministration erento - Der Online-Marktplatz für Mietartikel. erento GmbH Friedenstrasse 91 D-10249 Berlin Tel: +49 (30) 2000 42064 Fax: +49 (30) 2000 8499 eMail: karsten.elfenb...@erento.com - - - - - - - - - - - - - - - - - - - - - - - - - - Hotline: 01805 - 373 686 (14 ct/min.) Firmensitz der erento GmbH ist Berlin Geschäftsführer: Chris Möller & Oliver Weyergraf Handelsregister Berlin Charlottenburg, HRB 101206B - - - - - - - - - - - - - - - - - - - - - - - - - - http://www.erento.com - alles online mieten.
Re: Preventing bots from starving other users?
Just create an additional backend and assign the bots to it. You can set queues and max connections there as needed. Also an additional tip might be to adjust the robots.txt file as some bots can be slowed down. http://www.google.com/support/webmasters/bin/answer.py?answer=48620 Check if the bots that are crawling have some real use for you, otherwise just adjust your robots.txt or block them. Some stuff for basic mysql + mediawiki might be to check if the mysql querycache is working. Karsten Am Sonntag, 15. November 2009 schrieben Sie: > Hi there, > > I was wondering if HAProxy helps in the following situation: > > - We have a wiki site which is quite slow > - Regular users don't have many problems > - We also get crawled by a search bot, which creates many concurrent > connections, more than the hardware can handle - Therefore, service is > degraded and users usually have their browsers time out on them > > Given that we can't make the wiki faster, I was thinking that we could > solve this by having a per-source-IP queue, which made sure that a given > source IP cannot have more than e.g. 3 requests active at the same time. > Requests beyond that would get queued. > > Is this possible? > > Thanks, > > Wout. > -- Mit freundlichen Grüßen Karsten Elfenbein Entwicklung und Systemadministration erento - Der Online-Marktplatz für Mietartikel. erento GmbH Friedenstrasse 91 D-10249 Berlin Tel: +49 (30) 2000 42064 Fax: +49 (30) 2000 8499 eMail: karsten.elfenb...@erento.com - - - - - - - - - - - - - - - - - - - - - - - - - - Hotline: 01805 - 373 686 (14 ct/min.) Firmensitz der erento GmbH ist Berlin Geschäftsführer: Chris Möller & Oliver Weyergraf Handelsregister Berlin Charlottenburg, HRB 101206B - - - - - - - - - - - - - - - - - - - - - - - - - - http://www.erento.com - alles online mieten.
Re: Backend sends 204, haproxy sends 502
Hi, most 502 errors in haproxy responses come from "bad" backend responses. Could you try adding a "Content-Length: 0" header to the backend response? I don't know if RFC requires it in a 204 response. btw. the expires date in your setcookie looks a bit strange. 0059, 1959 or 2059? Karsten Am Mittwoch, 28. Oktober 2009 schrieben Sie: > bash-3.2$ curl --verbose "http://cm01.example.com:8000/c"; > * About to connect() to cm01.example.com port 8000 (#0) > * Trying 22.33.44.55... connected > * Connected to cm01.example.com (22.33.44.55) port 8000 (#0) > > > > GET /c HTTP/1.1 > > > User-Agent: curl/7.19.6 (i386-apple-darwin9.8.0) libcurl/7.19.6 > > OpenSSL/0.9.8k zlib/1.2.3 > > > > Host: cm01.example.com:8000 > > > Accept: */* > > < HTTP/1.1 204 No Content > < Date: Wed, 28 Oct 2009 11:56:44 GMT > < Server: Jetty/5.1.11RC0 (Linux/2.6.21.7-2.fc8xen amd64 java/1.6.0_16 > < Expires: Thu, 01 Jan 1970 00:00:00 GMT > < Set-Cookie: pid=08f0b764185;Path=/;Domain=.example.com;Expires=Thu, > 16-Oct-59 11:56:44 GMT > < Connection: close > < > * Closing connection #0 >