haproxy logfile
Hi Guys, one question about statistic reports in haproxy for general information I ´m testing haproxy in version 1.5-dev19 on a RHEL6 64 Bit based clone Scientific Linux. Is it possible to configure 2 haproxy logfiles with different log-format options? e.g. /var/log/haproxy.log1 with log-format: frontend:%f\ %b/%s\ client_ip:%ci\ client_port:%cp\ SSL_version:%sslv\ SSL_cypher:%sslc\ %ts and additional /var/log/haproxy.log with common httplog. Greetings Wolfgang
AW: disable haproxy logging to console
Hi, thanks for your help - it´s work Wolfgang Von: Bryan Talbot [mailto:btal...@aeriagames.com] Gesendet: Freitag, 24. Mai 2013 19:32 An: Wolfgang Routschka Cc: haproxy@formilux.org Betreff: Re: disable haproxy logging to console Something like this should do it: *.emerg;local2.none * -Bryan On Fri, May 24, 2013 at 1:16 AM, Wolfgang Routschka wolfgang.routsc...@drumedar.de wrote: Hi Guys, one question about disable haproxy logging to console. System is RHEL6.x Clone Scientifc Linux 6.4 64 Bit with Haproxy 1.5-dev18 I have configured logging for hayproxy in rsyslog.conf # HAProxy Logging local0.* /var/log/haproxy/haproxy.log It´s always OK for logging but for example a backend has no available server (testing, maintenance etc.) haproxy log to console. Message from syslogd@localhost at May 24 10:09:24 ... haproxy[32537]: backend testhas no server available! Message from syslogd@localhost at May 24 10:09:24 ... haproxy[32537]: backend test has no server available! in rsyslog.conf *.emerg is writing log-messages to * - for console too - if I change it to /var/log/message haproxy is not logging to console but I doesn´t want to change *.ermerg How can I disable haproxy message to console? Greetings Wolfgang
disable haproxy logging to console
Hi Guys, one question about disable haproxy logging to console. System is RHEL6.x Clone Scientifc Linux 6.4 64 Bit with Haproxy 1.5-dev18 I have configured logging for hayproxy in rsyslog.conf # HAProxy Logging local0.* /var/log/haproxy/haproxy.log It´s always OK for logging but for example a backend has no available server (testing, maintenance etc.) haproxy log to console. Message from syslogd@localhost at May 24 10:09:24 ... haproxy[32537]: backend testhas no server available! Message from syslogd@localhost at May 24 10:09:24 ... haproxy[32537]: backend test has no server available! in rsyslog.conf *.emerg is writing log-messages to * - for console too - if I change it to /var/log/message haproxy is not logging to console but I doesn´t want to change *.ermerg How can I disable haproxy message to console? Greetings Wolfgang
resources in group not start parallel
Hi Guys, one question about group resource for starting parallel configuring with crmshell (Scientifix Linux 64 with pacemaker 1.18-7, cman-3.0.12.1-49 and crmsh-1.2.5-55). in my 2 node cluster I´ll configured a group with 40 ip-address resources for easy managing. Now I want that start the resources parallel. in my crmshell I cannot use the option meta ordered=false - these option is no longer disponse for my information Afte searching i found resource sets so I hope it´s correct for my way to parallel my resources but I can´t configure resource sets in crmshell. Next way for me is testing with xml-code directly in crmshell but here failures too for example crm configure xml rsc_colocation id=coloc-1 score=INFINITY \ resource_set id=collocated-set-1 sequential=false \ resource_ref id=A/ \ resource_ref id=B/ \ resource_ref id=C/ \ /resource_set \ resource_set id=collocated-set-2 sequential=true \ resource_ref id=D/ \ /resource_set \ /rsc_colocation ERROR: cannot parse xml chunk: rsc_colocation id=coloc-1 score=INFINITYresource_set id=collocated-set-1 sequential=falseresource_ref id=A/resource_ref id=B/resource_ref id=C//resource_setresource_set id=collocated-set-2 sequential=trueresource_ref id=D//resource_set/rsc_colocation ERROR: not well-formed (invalid token): line 1, column 19 How can I configure my resources to start parallel? Greetings Wolfgang
AW: documentation for stats webinterface
Hi, thanks your answer Greetings Wolfgang Hi! Whats the explicit difference between Disable/Enable/SoftStop/SoftStart/KillSessions functions? Disable/Enable matches the disable/enable server x on the unix socket, see documentation at [1] and [2]. SoftStop set the servers weight to zero [3]. Is the way over the webinterface the proceed right way to disable a web-server in background example for maintenance? *Usually* something like this: - *soft stop* (sets weigth to zero, so no *new* sessions come up) - wait for existing session to finish - *disable* the backend server for maintenance - do the actual maintenance - *enable* the server again - and *soft start* the server again (-- do not forget this one) Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#9-disable%20server [2] http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#9-enable%20server [3] http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#9-set%20weight
pre-define ACLs for header rule
Hi, today a question about pre defined acl for additional header that not works for me. frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor reqadd X-Forwarded-Proto:\ https unless HTTP reqadd X-Forwarded-Proto:\ http if HTTP default_backend default HTTP is a pre-defined acl (http://haproxy.org/download/1.5/doc/configuration.txt Part7.6 pre-defined ACLs) http://ip = HTTP_X_FORWARDED_PROTO' = 'http' https://IP = HTTP_X_FORWARDED_PROTO' = 'http' too but thats not correct for my acl configuration. a new acl works correct frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor acl ssl dst_port 443 reqadd X-Forwarded-Proto:\ https if ssl reqadd X-Forwarded-Proto:\ http unless ssl default_backend default I want to use a standard-variable for checking SSL or not. If SSL not over port 443 my check fails so I wanted to use ACL HTTP for checking. A other check is ssl_fc but I doesn´t know how can I configure ssl_fc with acl or another option to checking if SSL or not. regards Wolfgang
AW: pre-define ACLs for header rule
Hi, for me works now following acl frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor acl ssl ssl_fc reqadd X-Forwarded-Proto:\ https if ssl reqadd X-Forwarded-Proto:\ http unless ssl default_backend default Wolfgang -Ursprüngliche Nachricht- Von: Wolfgang Routschka [mailto:wolfgang.routsc...@drumedar.de] Gesendet: Freitag, 10. Mai 2013 11:21 An: haproxy@formilux.org Betreff: pre-define ACLs for header rule Hi, today a question about pre defined acl for additional header that not works for me. frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor reqadd X-Forwarded-Proto:\ https unless HTTP reqadd X-Forwarded-Proto:\ http if HTTP default_backend default HTTP is a pre-defined acl (http://haproxy.org/download/1.5/doc/configuration.txt Part7.6 pre-defined ACLs) http://ip = HTTP_X_FORWARDED_PROTO' = 'http' https://IP = HTTP_X_FORWARDED_PROTO' = 'http' too but thats not correct for my acl configuration. a new acl works correct frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor acl ssl dst_port 443 reqadd X-Forwarded-Proto:\ https if ssl reqadd X-Forwarded-Proto:\ http unless ssl default_backend default I want to use a standard-variable for checking SSL or not. If SSL not over port 443 my check fails so I wanted to use ACL HTTP for checking. A other check is ssl_fc but I doesn´t know how can I configure ssl_fc with acl or another option to checking if SSL or not. regards Wolfgang
htaccess in haproxy config
Hello everybody, today a question about htaccess in haproxy config directly Is it possible to configure a htaccess protect in haproxy config similar apache htpasswd file Greetings
haproxy in cluster with pacemaker and corosync
Hi everybody, today I would like to ask you about haproxy best practice in pacemaker/corosync setups. We want to use pacemaker/corosync for failover haproxy. I found 2 ways for configuration - over lsb-ocf-script and a ocf-script https://raw.github.com/russki/cluster-agents/master/haproxy What´s your best practice to configure haproxy in pacemaker/corosync cluster? regards, Wolfgang
AW: haproxy in cluster with pacemaker and corosync
Hi Hauke, thanks for your answer. One question about the script. What means config in line 20 HAPROXY_CONFIG=/usr/local/sbin/haproxy-config.py / Configurationfile is setting on line 17 Another question is configuration haproxy for logging and logrotate - in logrotate I reload haproxy for creating new logfile - interaction with corosync? Von: Hauke [mailto:mail...@haukebruno.de] Gesendet: Montag, 25. März 2013 11:41 An: haproxy@formilux.org Betreff: Re: haproxy in cluster with pacemaker and corosync Hi Wolfgang, maybe it helps: I use the simple lsb RA for haproxy in pacemaker. A modified version of https://github.com/finnlabs/haproxy/blob/master/haproxy-init works for me. Environment: Active/Passive, Debian Squeeze, pacemaker and stuff out of stable repos, self build haproxy (stable). -- Best regards, Hauke On Monday, March 25, 2013 10:22:08 AM Wolfgang Routschka wrote: Hi everybody, today I would like to ask you about haproxy best practice in pacemaker/corosync setups. We want to use pacemaker/corosync for failover haproxy. I found 2 ways for configuration - over lsb-ocf-script and a ocf-script https://raw.github.com/russki/cluster-agents/master/haproxy What´s your best practice to configure haproxy in pacemaker/corosync cluster? regards, Wolfgang
AW: AW: haproxy in cluster with pacemaker and corosync
Hello, https://github.com/finnlabs/haproxy/blob/master/haproxy-init on line 20https://github.com/finnlabs/haproxy/blob/master/haproxy-init%20on%20line%2020 thankes for information about logrotate Von: David Coulson [mailto:da...@davidcoulson.net] Gesendet: Montag, 25. März 2013 12:11 An: Wolfgang Routschka Betreff: Re: AW: haproxy in cluster with pacemaker and corosync On 3/25/13 7:07 AM, Wolfgang Routschka wrote: Hi Hauke, thanks for your answer. One question about the script. What means config in line 20 HAPROXY_CONFIG=/usr/local/sbin/haproxy-config.py / Configurationfile is setting on line 17 Where are you seeing that? Another question is configuration haproxy for logging and logrotate - in logrotate I reload haproxy for creating new logfile - interaction with corosync? Either make HAProxy log directly into syslog, or use the 'copytruncate' option in logrotate and remove the reload.
option httpchk
Hello, I have a question to configure health checks in haproxy default I´m not configure option httpchk in my haproxy configuration. webserver1 and webserver2 ist answering. (roundrobin balance) webserver1 is down (service httpd stop) and webserver2 is answering without any problems. GREAT! is it right that haproxy checking without any option only tcp connection? Now I want that haproxy says webserver1 is only healthy if I can read url /index.php and not /index.html for example frontend http bind 192.168.36.59:80 mode http option httpclose default_backend default backend default option httpchk /index.php server web01 192.168.36.57:80 check server web02 192.168.36.58:80 check Now in my opinion http://192.168.36.59/index.html is wrong and no server is showing the page. But I can see the page. How can I configure a health check for really testing the site like only http 200 ok is showing the page or only /index.php is correct /index.html it´s not ok Greetings
AW: option httpchk
thanks for your answers It works -Ursprüngliche Nachricht- Von: Baptiste [mailto:bed...@gmail.com] Gesendet: Donnerstag, 21. März 2013 15:19 An: Wolfgang Routschka Betreff: Re: option httpchk Hi, You must provide a method in your HTTP request: GET or HEAD, usually. Baptiste On Thu, Mar 21, 2013 at 2:53 PM, Wolfgang Routschka wolfgang.routsc...@drumedar.de wrote: Hello, I have a question to configure health checks in haproxy default I´m not configure option httpchk in my haproxy configuration. webserver1 and webserver2 ist answering. (roundrobin balance) webserver1 is down (service httpd stop) and webserver2 is answering without any problems. GREAT! is it right that haproxy checking without any option only tcp connection? Now I want that haproxy says webserver1 is only healthy if I can read url /index.php and not /index.html for example frontend http bind 192.168.36.59:80 mode http option httpclose default_backend default backend default option httpchk /index.php server web01 192.168.36.57:80 check server web02 192.168.36.58:80 check Now in my opinion http://192.168.36.59/index.html is wrong and no server is showing the page. But I can see the page. How can I configure a health check for really testing the site like only http 200 ok is showing the page or only /index.php is correct /index.html it´s not ok Greetings
AW: Client-IP in Header
thanks for your answer,
yep that´s right - only option forwardfor and I see the right ip-adressess
thanks for help
Wolfgang
Von: German Gutierrez [mailto:germ...@olx.com]
Gesendet: Mittwoch, 20. März 2013 11:07
An: Wolfgang Routschka
Betreff: Re: Client-IP in Header
At first look, without going to haproxy docs, I'd say you should use X-Client
on your apache configuration or X-Forwarded-For in your haproxy configuration
.
--
Germán Gutiérrez
OLX Operation Center OLX Inc.
Buenos Aires - Argentina
Phone: 54.11.4775.6696
Mobile: 54.911.5669.6175
Skype: errare_est
Email/GTalk: germ...@olx.commailto:germ...@olx.com
El 20/03/2013 06:59, Wolfgang Routschka
wolfgang.routsc...@drumedar.demailto:wolfgang.routsc...@drumedar.de
escribió:
Hello everybody,
I´m from Germany so sorry for my english that´s not very good. I installed
haproxy on a test system for http/https load-balancing.
Today my problem is the forwardfor option that is not right configured because
in my apache logs/header I can´t see the client IP.
In my scenario I want to see the remote client ip address.
Configuration of haproxy is ( I only tested forwardfor option in web01)
frontend http-to-ssl
bind 192.168.1.59:443http://192.168.1.59:443 ssl crt
/etc/haproxy/server.pem
mode http
option http-server-close
acl url_static path_beg /static
acl url_img path_beg /img
use_backend static if url_static
use_backend img if url_img
backend img
option forwardfor header X-Client
server web01 192.168.1.57:80http://192.168.1.57:80
backend static
server web02 192.168.1.58:80http://192.168.1.58:80
Apache-Config File is configured for logging in a seperate logfile
LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
combined
LogFormat %{X-Forwarded-For}i %l %u %t \%r\ %s %b \%{Referer}i\
\%{User-Agent}i\ proxy
SetEnvIf X-Forwarded-For ^.*\..*\..*\..* forwarded
CustomLog /var/log/httpd/img-access.log combined env=!forwarded
CustomLog /var/log/httpd/img-access.log proxy env=forwarded
How can I configure haproxy for header with the remote-ip?
thanks
Wolfgang
