Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril, I seem to be having luck with simply replacing the Virtual IP to 127.0.0.1, I will test it further. thanks again!! On Sun, Aug 14, 2011 at 6:16 PM, Cyril Bonté cyril.bo...@free.fr wrote: Le Sunday 14 August 2011 13:31:57, Ran S a écrit : Hi Cyril, I see, thanks for that. So, will the correct way be to configure two different backends and include the reqrep for each one of them. But how will I get the listen or frontend node to load balance between two different backend nodes? I can't find the configuration to do that... is it possible? Well, haproxy is not designed to load balance between backends, but there are several workarounds (some of them are less elegant than the others). For your issue, I don't know all about your configuration so maybe it won't work, but first, can you check if you can unconditionally replace the Host header with 127.0.0.1 ? Maybe that could do the trick. reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1 One other workaround is to decide to not load balance but switch to a second backend under certain conditions (for example when the first backend exceeds a # of connections). frontend http-in bind :80 mode http option httpclose use_backend backend2 if { be_conn(backend1) gt 100 } default_backend backend1 backend backend1 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 backend backend2 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 Another solution is to add a second level of proxies in haproxy : listen http-in bind :80 mode http option httpclose server pnode1 127.0.0.1:8104 server pnode2 127.0.0.1:8118 listen proxy104 bind 127.0.0.1:8104 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 listen proxy118 bind 127.0.0.1:8118 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 This is just some ideas (not tested), or you can try to add some conditions directly in your apache configuration. Hope this helps. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
I don't know what's going on, this doesn't seem to work. With this configuration the header gets changed: backend test_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 But once I add the IF, it breaks and the header does not get changed! backend imp_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 } What am I doing wrong? Thanks 2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr reqrep yoursearch yourstring if { srv_id idofyourserver } server's id can be forced with id keyword if needed Regards, Hervé. On Thu, 11 Aug 2011 13:22:36 +0300 Ran S r...@sheinberg.net wrote: Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran -- Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Hi all, Le Sunday 14 August 2011 10:19:04, Ran S a écrit : I don't know what's going on, this doesn't seem to work. With this configuration the header gets changed: backend test_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 But once I add the IF, it breaks and the header does not get changed! backend imp_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 } What am I doing wrong? reqrep can't be used with the srv_id acl : the server is only known late in the request processus, after the headers manipulation, which makes your condition never match. Sorry to say that you can't do it like this. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril, I see, thanks for that. So, will the correct way be to configure two different backends and include the reqrep for each one of them. But how will I get the listen or frontend node to load balance between two different backend nodes? I can't find the configuration to do that... is it possible? Thanks 2011/8/14 Cyril Bonté cyril.bo...@free.fr Hi all, Le Sunday 14 August 2011 10:19:04, Ran S a écrit : I don't know what's going on, this doesn't seem to work. With this configuration the header gets changed: backend test_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 But once I add the IF, it breaks and the header does not get changed! backend imp_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 } What am I doing wrong? reqrep can't be used with the srv_id acl : the server is only known late in the request processus, after the headers manipulation, which makes your condition never match. Sorry to say that you can't do it like this. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Le Sunday 14 August 2011 13:31:57, Ran S a écrit : Hi Cyril, I see, thanks for that. So, will the correct way be to configure two different backends and include the reqrep for each one of them. But how will I get the listen or frontend node to load balance between two different backend nodes? I can't find the configuration to do that... is it possible? Well, haproxy is not designed to load balance between backends, but there are several workarounds (some of them are less elegant than the others). For your issue, I don't know all about your configuration so maybe it won't work, but first, can you check if you can unconditionally replace the Host header with 127.0.0.1 ? Maybe that could do the trick. reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1 One other workaround is to decide to not load balance but switch to a second backend under certain conditions (for example when the first backend exceeds a # of connections). frontend http-in bind :80 mode http option httpclose use_backend backend2 if { be_conn(backend1) gt 100 } default_backend backend1 backend backend1 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 backend backend2 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 Another solution is to add a second level of proxies in haproxy : listen http-in bind :80 mode http option httpclose server pnode1 127.0.0.1:8104 server pnode2 127.0.0.1:8118 listen proxy104 bind 127.0.0.1:8104 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 listen proxy118 bind 127.0.0.1:8118 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 This is just some ideas (not tested), or you can try to add some conditions directly in your apache configuration. Hope this helps. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran
Re: Problem: host header keeps the IP of the HAProxy server
reqrep yoursearch yourstring if { srv_id idofyourserver } server's id can be forced with id keyword if needed Regards, Hervé. On Thu, 11 Aug 2011 13:22:36 +0300 Ran S r...@sheinberg.net wrote: Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran -- Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Many thanks for your help! it seems that this is the correct way, but I get a parsing error when checking the file in every possible syntax I could come up with frontend http-in bind 172.31.0.104:80 default_backend test_servers backend test_servers server 118 172.31.0.118:85 reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id imp118} server 104 172.31.0.104:85 Can you tell me the correct syntax? 2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr reqrep yoursearch yourstring if { srv_id idofyourserver } server's id can be forced with id keyword if needed Regards, Hervé. On Thu, 11 Aug 2011 13:22:36 +0300 Ran S r...@sheinberg.net wrote: Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran -- Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Ok got it! many thanks! just had to give the id as an integer instead of a name (118), and use srv_id 118 On Thu, Aug 11, 2011 at 1:45 PM, Ran S r...@sheinberg.net wrote: Many thanks for your help! it seems that this is the correct way, but I get a parsing error when checking the file in every possible syntax I could come up with frontend http-in bind 172.31.0.104:80 default_backend test_servers backend test_servers server 118 172.31.0.118:85 reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id imp118} server 104 172.31.0.104:85 Can you tell me the correct syntax? 2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr reqrep yoursearch yourstring if { srv_id idofyourserver } server's id can be forced with id keyword if needed Regards, Hervé. On Thu, 11 Aug 2011 13:22:36 +0300 Ran S r...@sheinberg.net wrote: Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran -- Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 mailto:hcommow...@exosec.fr
Problem: host header keeps the IP of the HAProxy server
Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran