Re: FW: https status codes

2017-07-26 Thread Aleksandar Lazic 
Hi Andy.

Franks Andy (IT Technical Architecture Manager) wrote on 26.07.2017:


> -Original Message-
> From: Franks Andy (IT Technical Architecture Manager) 
> Sent: 26 July 2017 13:52
> To: 'Aleksandar Lazic'
> Subject: RE: https status codes

> Thanks Alexander.
> I'd imagine that
>
> option httpchk GET /Login/Heartbeat HTTP/1.1\r\nHost:\ rsh-cp-iis1
>
> presents the same rsh-cp-iis1 to both the iis1 and iis2 server? It
> seems to work like this with the way I got it working, i.e. option
> httpchk GET https://rsh-cp-iis1/Login/Heartbeat, but I would need
> rsh-cp-iis1 "name" to be presented to that server, and iis2 to the
> iis2 server and so on, could be an eventual list of quite a few backends.

as I understand you right you want to do something like this.

pseudo code:

for host in iis1 iis2 ... iisN do
  check GET /Login/Heartbeat HTTP/1.1\r\nHost:\ $host

I don't know if this is possible with lua, with 'normal' haproxy I don't 
think so that this is possible.

But should the vhost not be the same on all servers?

> I'll have a look at the resolver you suggested though..
> Thanks again
> Andy

> -Original Message-
> From: Aleksandar Lazic [mailto:al-hapr...@none.at] 
> Sent: 26 July 2017 12:00
> To: Franks Andy (IT Technical Architecture Manager)
> Cc: haproxy@formilux.org
> Subject: Re: https status codes

> Hi Andy,

> Franks Andy (IT Technical Architecture Manager) wrote on 26.07.2017:

>> Hi all,
>>
>> HAProxy 1.7.6
>>  
>>   I have a hopefully easy question to answer - I'm trying to do server 
>> checks against 2x IIS nodes which require sending of the destination 
>> host name (virtual hosts) before delivering content. I'm trying to 
>> work out how to send the backend  server name with the check request. 
>> At the moment the IIS server
>>
>> isn't seeing the name, rather an IP address as far as I can tell, and 
>> responding with a 404.
>>  
>> This is the config
>>  
>>backend bk_web_ssl
>>   mode http
>>   option httplog
>>   option httpchk GET https://rsh-cp-iis1/Login/Heartbeat

> As described in the doc you just need to add the host header.

> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-option%20httpchk

> option httpchk GET /Login/Heartbeat HTTP/1.1\r\nHost:\ rsh-cp-iis1


>>   http-check expect rstatus 200
>>   balance roundrobin
>>   stick on src table connections
>>   cookie SERVERID insert nocache indirect
>>   server RSH-CP-IIS1 192.168.176.175:443 cookie 1 check ssl
>>   server RSH-CP-IIS2 192.168.176.176:443 cookie 2 check ssl
>>  
>>  
>> I can sort of get it to work on one of the two by including that 
>> servers name in the option httpchk line as seen:
>>  
>>   option httpchk GET https://rsh-cp-iis1/Login/Heartbeat
>>  
>> .. but would rather just do option httpchk GET /Login/Heartbeat
>>  
>> ..And something like 
>>   server RSH-CP-IIS1 RSH-CP-IIS1:443 cookie 1 check ssl
>>   server RSH-CP-IIS2 RSH-CP-IIS2:443 cookie 2 check ssl

> When you want to use names you will need to add a resolver in 1.7.

> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3
>   
>> Is there some keyword I'm missing somewhere or a better way of doing this?
>>  
>> Thanks
>> Andy

-- 
Best Regards
Aleks

FW: https status codes

2017-07-26 Thread Franks Andy (IT Technical Architecture Manager) 


-Original Message-
From: Franks Andy (IT Technical Architecture Manager) 
Sent: 26 July 2017 13:52
To: 'Aleksandar Lazic'
Subject: RE: https status codes

Thanks Alexander.
I'd imagine that 
option httpchk GET /Login/Heartbeat HTTP/1.1\r\nHost:\ rsh-cp-iis1
presents the same rsh-cp-iis1 to both the iis1 and iis2 server? It seems to 
work like this with the way I got it working, i.e. option httpchk GET 
https://rsh-cp-iis1/Login/Heartbeat, but I would need rsh-cp-iis1 "name" to be 
presented to that server, and iis2 to the iis2 server and so on, could be an 
eventual list of quite a few backends.

I'll have a look at the resolver you suggested though..
Thanks again
Andy

-Original Message-
From: Aleksandar Lazic [mailto:al-hapr...@none.at] 
Sent: 26 July 2017 12:00
To: Franks Andy (IT Technical Architecture Manager)
Cc: haproxy@formilux.org
Subject: Re: https status codes

Hi Andy,

Franks Andy (IT Technical Architecture Manager) wrote on 26.07.2017:

> Hi all,
>
> HAProxy 1.7.6
>  
>   I have a hopefully easy question to answer - I'm trying to do server 
> checks against 2x IIS nodes which require sending of the destination 
> host name (virtual hosts) before delivering content. I'm trying to 
> work out how to send the backend  server name with the check request. 
> At the moment the IIS server
>
> isn't seeing the name, rather an IP address as far as I can tell, and 
> responding with a 404.
>  
> This is the config
>  
>backend bk_web_ssl
>   mode http
>   option httplog
>   option httpchk GET https://rsh-cp-iis1/Login/Heartbeat

As described in the doc you just need to add the host header.

http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-option%20httpchk

option httpchk GET /Login/Heartbeat HTTP/1.1\r\nHost:\ rsh-cp-iis1


>   http-check expect rstatus 200
>   balance roundrobin
>   stick on src table connections
>   cookie SERVERID insert nocache indirect
>   server RSH-CP-IIS1 192.168.176.175:443 cookie 1 check ssl
>   server RSH-CP-IIS2 192.168.176.176:443 cookie 2 check ssl
>  
>  
> I can sort of get it to work on one of the two by including that 
> servers name in the option httpchk line as seen:
>  
>   option httpchk GET https://rsh-cp-iis1/Login/Heartbeat
>  
> .. but would rather just do option httpchk GET /Login/Heartbeat
>  
> ..And something like 
>   server RSH-CP-IIS1 RSH-CP-IIS1:443 cookie 1 check ssl
>   server RSH-CP-IIS2 RSH-CP-IIS2:443 cookie 2 check ssl

When you want to use names you will need to add a resolver in 1.7.

http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3
  
> Is there some keyword I'm missing somewhere or a better way of doing this?
>  
> Thanks
> Andy

--
Best Regards
Aleks