Re: Working with Multiple HTTPS Applications with haproxy
Hi Deepak, I think you cannot use HTTP samples (e.g. path) on SSL connection not terminated on haproxy. Regards, Mirek Svoboda | +1 (845) 584-1854 | Skype: xsvobo10 On 23 November 2016 at 11:37, Deepak Shakya <just...@gmail.com> wrote: > > > I want to setup haproxy to be able to proxy multiple https applications on > the same https port > > Something like this: > > Client/Browser ---(https)---> haproxy:8443/app1 ---(https)---> > app1-server:8101 (Default) > Client/Browser ---(https)---> haproxy:8443/app2 ---(https)---> > app2-server:8102 > > I was thinking to have SSL Pass-through for the above case and here is my > configuration for the same. > > frontend pmc-fe 0.0.0.0:8443 > mode tcp > option tcplog > default_backend app1-be > > acl app2_aclpath_beg /app2/ > use_backend app2-be if app2_acl > > backend app1-be > mode tcp > stick-table type ip size 200k expire 30m > stick on src > server app1-server app1-server:8101 > > backend app2-be > reqrep ^([^\ ]*\ /)app2[/]?(.*) \1\2 > server app2-server app2-server:8102 > > > But, this is not working? Can somebody guide me? > > Thanks, > Deepak Shakya >
Re: Getting JSON encoded data from the stats socket.
Hi > > OK. So does this mean that a schema will have to be maintained by hand in > > parallel or will it be deduced from the dump ? I'm starting to be worried > > about something not being kept up to date if we have to maintain it, or > > causing a slow down in adoption of new stats entries. > > I envisage the schema being maintained in the same way that documentation > is. In the draft schema I posted it should not be necessary to update each > time a new item is added to the output of show flow or show info. Rather, > the schema would need to be updated if the format of the data changes some > how: f.e. a new field is added which would be analagous to adding a new > column to the output of typed output, or a new type of value, such as u16, > was added. > What if we have the descriptions in the source code, serving as a single source of truth, and generate the JSON schema file from the source code upon build? There might be also another use case for the descriptions in the source code in the future, though cannot come with an example now. Regards, Mirek Svoboda >
Re: Rate limiting using HAProxy
AFAIK also those requests responded by HTTP status code 429 are counted against requests count. Is there any delay between test #2 and #3? Mirek Svoboda | +1 (845) 584-1854 | Skype: xsvobo10 On 27 September 2016 at 17:48, Samrat Roy <samratroy@gmail.com> wrote: > Hello Sir, > > I am trying to implement rate limiting feature using HAroxy. My > requirement is to do rate limiting using a custom header . I have created > the below config file. > > I have configured 40 request are allowed in 10 sec and anything above 40 > should give 429 error. > > But I am facing one problem while implementing this. My test scenario is > as follows : > > Sl No. Number of Request/ 10 sec Result > 1 30 All request passed > 2 45 40 request pass and 5 gave 429 error code > 3 60 All request gave 429 > 4 25 All request passed > > In the scenario number 3 my expectation is 40 request should pass and 20 > request should fail. But its failing all the requests. Remaining all > scenarios are working as expected.Am I missing something ? Please help . > > > Configuration : > > frontend localnodes > bind *:80 > mode http > default_backend nodes > acl document_request path_beg -i / > acl is_upload hdr_beg(CustomHeader) -i customKey > acl too_many_uploads_by_user sc0_gpc0_rate() gt 40 > acl mark_seen sc0_inc_gpc0 gt 0 > stick-table type string size 100k expire 1s store gpc0_rate(10s) > tcp-request content track-sc0 hdr(CustomHeader) if METH_GET or > METH_POST document_request is_upload > use_backend ease-up-y00 if mark_seen too_many_uploads_by_user > > backend nodes > mode http > balance roundrobin > option forwardfor > server srv1 127.0.0.1:8081 check > > backend ease-up-y00 > mode http > errorfile 503 /etc/haproxy/errors/429rate.http > > > > Thank you in Advance. > Samrat >
subscribe
subscribe Mirek Svoboda | +420 608 224 486 | Skype: xsvobo10
