Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril, I seem to be having luck with simply replacing the Virtual IP to 127.0.0.1, I will test it further. thanks again!! On Sun, Aug 14, 2011 at 6:16 PM, Cyril Bonté wrote: > Le Sunday 14 August 2011 13:31:57, Ran S a écrit : > > Hi Cyril, > > > > I see, thanks for that. > > So, will the correct way be to configure two different backends and > include > > the reqrep for each one of them. > > But how will I get the listen or frontend node to load balance between > two > > different backend nodes? I can't find the configuration to do that... is > it > > possible? > > Well, haproxy is not designed to load balance between backends, but there > are > several workarounds (some of them are less elegant than the others). > > For your issue, I don't know all about your configuration so maybe it won't > work, but first, can you check if you can unconditionally replace the Host > header with 127.0.0.1 ? Maybe that could do the trick. > reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1 > > One other workaround is to decide to not load balance but switch to a > second > backend under certain conditions (for example when the first backend > exceeds a > # of connections). > > frontend http-in > bind :80 >mode http > option httpclose > > use_backend backend2 if { be_conn(backend1) gt 100 } > default_backend backend1 > > backend backend1 > mode http > > reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 > server node1 172.31.0.104:85 > > backend backend2 > mode http > > reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 > server node2 172.31.0.118:85 > > Another solution is to add a second level of proxies in haproxy : > > listen http-in > bind :80 > mode http > option httpclose > > server pnode1 127.0.0.1:8104 > server pnode2 127.0.0.1:8118 > > listen proxy104 > bind 127.0.0.1:8104 > mode http > option httpclose > > reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 > server node1 172.31.0.104:85 > > listen proxy118 > bind 127.0.0.1:8118 > mode http > option httpclose > > reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 > server node2 172.31.0.118:85 > > This is just some ideas (not tested), or you can try to add some conditions > directly in your apache configuration. > > Hope this helps. > > -- > Cyril Bonté >
Re: Problem: host header keeps the IP of the HAProxy server
Le Sunday 14 August 2011 13:31:57, Ran S a écrit : > Hi Cyril, > > I see, thanks for that. > So, will the correct way be to configure two different backends and include > the reqrep for each one of them. > But how will I get the listen or frontend node to load balance between two > different backend nodes? I can't find the configuration to do that... is it > possible? Well, haproxy is not designed to load balance between backends, but there are several workarounds (some of them are less elegant than the others). For your issue, I don't know all about your configuration so maybe it won't work, but first, can you check if you can unconditionally replace the Host header with 127.0.0.1 ? Maybe that could do the trick. reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1 One other workaround is to decide to not load balance but switch to a second backend under certain conditions (for example when the first backend exceeds a # of connections). frontend http-in bind :80 mode http option httpclose use_backend backend2 if { be_conn(backend1) gt 100 } default_backend backend1 backend backend1 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 backend backend2 mode http reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 Another solution is to add a second level of proxies in haproxy : listen http-in bind :80 mode http option httpclose server pnode1 127.0.0.1:8104 server pnode2 127.0.0.1:8118 listen proxy104 bind 127.0.0.1:8104 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 server node1 172.31.0.104:85 listen proxy118 bind 127.0.0.1:8118 mode http option httpclose reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 server node2 172.31.0.118:85 This is just some ideas (not tested), or you can try to add some conditions directly in your apache configuration. Hope this helps. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril, I see, thanks for that. So, will the correct way be to configure two different backends and include the reqrep for each one of them. But how will I get the listen or frontend node to load balance between two different backend nodes? I can't find the configuration to do that... is it possible? Thanks 2011/8/14 Cyril Bonté > Hi all, > > Le Sunday 14 August 2011 10:19:04, Ran S a écrit : > > I don't know what's going on, this doesn't seem to work. > > > > With this configuration the header gets changed: > > backend test_servers > > server 118 172.31.0.118:85 id 118 > > reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 > > > > But once I add the IF, it breaks and the header does not get changed! > > backend imp_servers > > server 118 172.31.0.118:85 id 118 > > reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 > } > > > > > > What am I doing wrong? > > reqrep can't be used with the "srv_id" acl : the server is only known late > in > the request processus, after the headers manipulation, which makes your > condition never match. > Sorry to say that you can't do it like this. > > -- > Cyril Bonté >
Re: Problem: host header keeps the IP of the HAProxy server
Hi all, Le Sunday 14 August 2011 10:19:04, Ran S a écrit : > I don't know what's going on, this doesn't seem to work. > > With this configuration the header gets changed: > backend test_servers > server 118 172.31.0.118:85 id 118 > reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 > > But once I add the IF, it breaks and the header does not get changed! > backend imp_servers > server 118 172.31.0.118:85 id 118 > reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 } > > > What am I doing wrong? reqrep can't be used with the "srv_id" acl : the server is only known late in the request processus, after the headers manipulation, which makes your condition never match. Sorry to say that you can't do it like this. -- Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
I don't know what's going on, this doesn't seem to work. With this configuration the header gets changed: backend test_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 But once I add the IF, it breaks and the header does not get changed! backend imp_servers server 118 172.31.0.118:85 id 118 reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 } What am I doing wrong? Thanks 2011/8/11 Hervé COMMOWICK > reqrep if { srv_id } > > server's id can be forced with "id" keyword if needed > > Regards, > > Hervé. > > On Thu, 11 Aug 2011 13:22:36 +0300 > Ran S wrote: > > > Well, I have no idea if this mailing list is active, as I have gotten > > no response, but I'll give it another try. > > > > I managed to change the Host header using ReqRep successfully. > > > > However, now I am in a state where one of the backends need this > > change, and the other one doesn't. > > How would I go about configuring this? > > > > If I put the two backends under one backend node, they both get the > > ReqRep parameter, and then one of the servers can't work with the > > replaced host header. > > If I put them in two backend nodes, how can I get the frontend node to > > balance between the two? this appears to be the correct way but I > > can't find the right command. > > > > Thanks > > > > On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: > > > > > Hello all, > > > > > > I am trying to use HAProxy for the following configuration: > > > Two Linux servers (node1, node2) running apache (on port 85) and > > > squid and acting as Proxy servers to the Internet > > > I installed HAProxy on node1, and configured it to listen to port > > > 80, and have the backends in their respective apache port 85. > > > > > > While node1 is the only active server in the backend servers list, > > > I can make a request to node1:80 and it will be successfully > > > redirected to the apache port and returned to me. > > > > > > However while node2 is the only active backend server, this flow > > > will fail and I will simply get a blank page with HTTP 200. > > > I think I know why that is. when sniffing on node1, I can see the > > > following request flow: > > > > > > 1. My browser making web the request to node1:80 > > > 2. Node1 making the request to node2. > > > But, this is where the problem comes in. > > > The source IP is node1 > > > The Destination IP is node2 > > > However the Host in this request is the node1 IP address > > > > > > So, since node2 backend server is actually a proxy server, it will > > > take the IP address from the Host header it received and make a > > > request to node1 (since it has it in the request's Host header) and > > > the failure will come in. > > > > > > So I guess what I'm asking is what would be the correct option to > > > use in HAproxy in order to have this set up the right way. > > > > > > I copied the configuration file from one of the examples and > > > trimmed it down to the very basic so I can eliminate anything > > > that's causing the problems, so here it is: > > > > > > *global* > > > *daemon* > > > *maxconn 256* > > > * > > > * > > > *defaults* > > > *mode http* > > > *timeout connect 5000ms* > > > *timeout client 5ms* > > > *timeout server 5ms* > > > *balance roundrobin* > > > *option forwardfor* > > > * > > > * > > > *frontend http-in* > > > *bind *:80* > > > *default_backend servers* > > > * > > > * > > > *backend servers* > > > *server :85* > > > > > > > > > Many thanks in advance for any help! please let me know if you need > > > any more information. > > > > > > Thanks, > > > Ran > > > > > > > > > > > > > -- > Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) > ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS > Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 > mailto:hcommow...@exosec.fr >
Re: Problem: host header keeps the IP of the HAProxy server
I need some more help on this issue, I lost the working configuration since I added a Virtual IP to my setup: As you can see below my machines are 104 (currently running HAProxy) and 118. I changed the bind in the configuration, in order for HAProxy to bind to a virtual IP (I'm in the middle of trying to setup dual HAProxy for redundancy via a Virtual IP). frontend http-in bind 172.31.0.103:80 But now, the reqirep rule that changed Host: 172.31.0.104 to 172.31.0.118 does not work. I am making the request to the Virtual IP (172.31.0.103) and it stays in the Host header when its sent to the backend. backend test_servers server 118 172.31.0.118:85 id 118 reqirep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118 if { srv_id 118 } server 104 172.31.0.104:85 id 104 reqirep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104 if { srv_id 104 } Any ideas? On Thu, Aug 11, 2011 at 1:53 PM, Ran S wrote: > Ok got it! many thanks! just had to give the id as an integer instead of a > name (118), and use srv_id 118 > > > On Thu, Aug 11, 2011 at 1:45 PM, Ran S wrote: > >> Many thanks for your help! it seems that this is the correct way, but I >> get a parsing error when checking the file in every possible syntax I could >> come up with >> >> frontend http-in >> bind 172.31.0.104:80 >> default_backend test_servers >> >> backend test_servers >> server 118 172.31.0.118:85 >> reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id >> imp118} >> server 104 172.31.0.104:85 >> >> Can you tell me the correct syntax? >> >> 2011/8/11 Hervé COMMOWICK >> >>> reqrep if { srv_id } >>> >>> server's id can be forced with "id" keyword if needed >>> >>> Regards, >>> >>> Hervé. >>> >>> On Thu, 11 Aug 2011 13:22:36 +0300 >>> Ran S wrote: >>> >>> > Well, I have no idea if this mailing list is active, as I have gotten >>> > no response, but I'll give it another try. >>> > >>> > I managed to change the Host header using ReqRep successfully. >>> > >>> > However, now I am in a state where one of the backends need this >>> > change, and the other one doesn't. >>> > How would I go about configuring this? >>> > >>> > If I put the two backends under one backend node, they both get the >>> > ReqRep parameter, and then one of the servers can't work with the >>> > replaced host header. >>> > If I put them in two backend nodes, how can I get the frontend node to >>> > balance between the two? this appears to be the correct way but I >>> > can't find the right command. >>> > >>> > Thanks >>> > >>> > On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: >>> > >>> > > Hello all, >>> > > >>> > > I am trying to use HAProxy for the following configuration: >>> > > Two Linux servers (node1, node2) running apache (on port 85) and >>> > > squid and acting as Proxy servers to the Internet >>> > > I installed HAProxy on node1, and configured it to listen to port >>> > > 80, and have the backends in their respective apache port 85. >>> > > >>> > > While node1 is the only active server in the backend servers list, >>> > > I can make a request to node1:80 and it will be successfully >>> > > redirected to the apache port and returned to me. >>> > > >>> > > However while node2 is the only active backend server, this flow >>> > > will fail and I will simply get a blank page with HTTP 200. >>> > > I think I know why that is. when sniffing on node1, I can see the >>> > > following request flow: >>> > > >>> > > 1. My browser making web the request to node1:80 >>> > > 2. Node1 making the request to node2. >>> > > But, this is where the problem comes in. >>> > > The source IP is node1 >>> > > The Destination IP is node2 >>> > > However the Host in this request is the node1 IP address >>> > > >>> > > So, since node2 backend server is actually a proxy server, it will >>> > > take the IP address from the Host header it received and make a >>> > > request to node1 (since it has it in the request's Host header) and >>> > > the failure will come in. >>> > > >>> > > So I guess what I'm asking is what would be the correct option to >>> > > use in HAproxy in order to have this set up the right way. >>> > > >>> > > I copied the configuration file from one of the examples and >>> > > trimmed it down to the very basic so I can eliminate anything >>> > > that's causing the problems, so here it is: >>> > > >>> > > *global* >>> > > *daemon* >>> > > *maxconn 256* >>> > > * >>> > > * >>> > > *defaults* >>> > > *mode http* >>> > > *timeout connect 5000ms* >>> > > *timeout client 5ms* >>> > > *timeout server 5ms* >>> > > *balance roundrobin* >>> > > *option forwardfor* >>> > > * >>> > > * >>> > > *frontend http-in* >>> > > *bind *:80* >>> > > *default_backend servers* >>> > > * >>> > > * >>> > > *backend servers* >>> > > *server :85* >>> > > >>> > > >>> > > Many thanks in advance for any help! please let me know
Re: Problem: host header keeps the IP of the HAProxy server
Ok got it! many thanks! just had to give the id as an integer instead of a name (118), and use srv_id 118 On Thu, Aug 11, 2011 at 1:45 PM, Ran S wrote: > Many thanks for your help! it seems that this is the correct way, but I get > a parsing error when checking the file in every possible syntax I could come > up with > > frontend http-in > bind 172.31.0.104:80 > default_backend test_servers > > backend test_servers > server 118 172.31.0.118:85 > reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id > imp118} > server 104 172.31.0.104:85 > > Can you tell me the correct syntax? > > 2011/8/11 Hervé COMMOWICK > >> reqrep if { srv_id } >> >> server's id can be forced with "id" keyword if needed >> >> Regards, >> >> Hervé. >> >> On Thu, 11 Aug 2011 13:22:36 +0300 >> Ran S wrote: >> >> > Well, I have no idea if this mailing list is active, as I have gotten >> > no response, but I'll give it another try. >> > >> > I managed to change the Host header using ReqRep successfully. >> > >> > However, now I am in a state where one of the backends need this >> > change, and the other one doesn't. >> > How would I go about configuring this? >> > >> > If I put the two backends under one backend node, they both get the >> > ReqRep parameter, and then one of the servers can't work with the >> > replaced host header. >> > If I put them in two backend nodes, how can I get the frontend node to >> > balance between the two? this appears to be the correct way but I >> > can't find the right command. >> > >> > Thanks >> > >> > On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: >> > >> > > Hello all, >> > > >> > > I am trying to use HAProxy for the following configuration: >> > > Two Linux servers (node1, node2) running apache (on port 85) and >> > > squid and acting as Proxy servers to the Internet >> > > I installed HAProxy on node1, and configured it to listen to port >> > > 80, and have the backends in their respective apache port 85. >> > > >> > > While node1 is the only active server in the backend servers list, >> > > I can make a request to node1:80 and it will be successfully >> > > redirected to the apache port and returned to me. >> > > >> > > However while node2 is the only active backend server, this flow >> > > will fail and I will simply get a blank page with HTTP 200. >> > > I think I know why that is. when sniffing on node1, I can see the >> > > following request flow: >> > > >> > > 1. My browser making web the request to node1:80 >> > > 2. Node1 making the request to node2. >> > > But, this is where the problem comes in. >> > > The source IP is node1 >> > > The Destination IP is node2 >> > > However the Host in this request is the node1 IP address >> > > >> > > So, since node2 backend server is actually a proxy server, it will >> > > take the IP address from the Host header it received and make a >> > > request to node1 (since it has it in the request's Host header) and >> > > the failure will come in. >> > > >> > > So I guess what I'm asking is what would be the correct option to >> > > use in HAproxy in order to have this set up the right way. >> > > >> > > I copied the configuration file from one of the examples and >> > > trimmed it down to the very basic so I can eliminate anything >> > > that's causing the problems, so here it is: >> > > >> > > *global* >> > > *daemon* >> > > *maxconn 256* >> > > * >> > > * >> > > *defaults* >> > > *mode http* >> > > *timeout connect 5000ms* >> > > *timeout client 5ms* >> > > *timeout server 5ms* >> > > *balance roundrobin* >> > > *option forwardfor* >> > > * >> > > * >> > > *frontend http-in* >> > > *bind *:80* >> > > *default_backend servers* >> > > * >> > > * >> > > *backend servers* >> > > *server :85* >> > > >> > > >> > > Many thanks in advance for any help! please let me know if you need >> > > any more information. >> > > >> > > Thanks, >> > > Ran >> > > >> > > >> > > >> >> >> >> -- >> Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) >> ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS >> Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 >> mailto:hcommow...@exosec.fr >> > >
Re: Problem: host header keeps the IP of the HAProxy server
Many thanks for your help! it seems that this is the correct way, but I get a parsing error when checking the file in every possible syntax I could come up with frontend http-in bind 172.31.0.104:80 default_backend test_servers backend test_servers server 118 172.31.0.118:85 reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id imp118} server 104 172.31.0.104:85 Can you tell me the correct syntax? 2011/8/11 Hervé COMMOWICK > reqrep if { srv_id } > > server's id can be forced with "id" keyword if needed > > Regards, > > Hervé. > > On Thu, 11 Aug 2011 13:22:36 +0300 > Ran S wrote: > > > Well, I have no idea if this mailing list is active, as I have gotten > > no response, but I'll give it another try. > > > > I managed to change the Host header using ReqRep successfully. > > > > However, now I am in a state where one of the backends need this > > change, and the other one doesn't. > > How would I go about configuring this? > > > > If I put the two backends under one backend node, they both get the > > ReqRep parameter, and then one of the servers can't work with the > > replaced host header. > > If I put them in two backend nodes, how can I get the frontend node to > > balance between the two? this appears to be the correct way but I > > can't find the right command. > > > > Thanks > > > > On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: > > > > > Hello all, > > > > > > I am trying to use HAProxy for the following configuration: > > > Two Linux servers (node1, node2) running apache (on port 85) and > > > squid and acting as Proxy servers to the Internet > > > I installed HAProxy on node1, and configured it to listen to port > > > 80, and have the backends in their respective apache port 85. > > > > > > While node1 is the only active server in the backend servers list, > > > I can make a request to node1:80 and it will be successfully > > > redirected to the apache port and returned to me. > > > > > > However while node2 is the only active backend server, this flow > > > will fail and I will simply get a blank page with HTTP 200. > > > I think I know why that is. when sniffing on node1, I can see the > > > following request flow: > > > > > > 1. My browser making web the request to node1:80 > > > 2. Node1 making the request to node2. > > > But, this is where the problem comes in. > > > The source IP is node1 > > > The Destination IP is node2 > > > However the Host in this request is the node1 IP address > > > > > > So, since node2 backend server is actually a proxy server, it will > > > take the IP address from the Host header it received and make a > > > request to node1 (since it has it in the request's Host header) and > > > the failure will come in. > > > > > > So I guess what I'm asking is what would be the correct option to > > > use in HAproxy in order to have this set up the right way. > > > > > > I copied the configuration file from one of the examples and > > > trimmed it down to the very basic so I can eliminate anything > > > that's causing the problems, so here it is: > > > > > > *global* > > > *daemon* > > > *maxconn 256* > > > * > > > * > > > *defaults* > > > *mode http* > > > *timeout connect 5000ms* > > > *timeout client 5ms* > > > *timeout server 5ms* > > > *balance roundrobin* > > > *option forwardfor* > > > * > > > * > > > *frontend http-in* > > > *bind *:80* > > > *default_backend servers* > > > * > > > * > > > *backend servers* > > > *server :85* > > > > > > > > > Many thanks in advance for any help! please let me know if you need > > > any more information. > > > > > > Thanks, > > > Ran > > > > > > > > > > > > > -- > Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) > ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS > Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 > mailto:hcommow...@exosec.fr >
Re: Problem: host header keeps the IP of the HAProxy server
reqrep if { srv_id } server's id can be forced with "id" keyword if needed Regards, Hervé. On Thu, 11 Aug 2011 13:22:36 +0300 Ran S wrote: > Well, I have no idea if this mailing list is active, as I have gotten > no response, but I'll give it another try. > > I managed to change the Host header using ReqRep successfully. > > However, now I am in a state where one of the backends need this > change, and the other one doesn't. > How would I go about configuring this? > > If I put the two backends under one backend node, they both get the > ReqRep parameter, and then one of the servers can't work with the > replaced host header. > If I put them in two backend nodes, how can I get the frontend node to > balance between the two? this appears to be the correct way but I > can't find the right command. > > Thanks > > On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: > > > Hello all, > > > > I am trying to use HAProxy for the following configuration: > > Two Linux servers (node1, node2) running apache (on port 85) and > > squid and acting as Proxy servers to the Internet > > I installed HAProxy on node1, and configured it to listen to port > > 80, and have the backends in their respective apache port 85. > > > > While node1 is the only active server in the backend servers list, > > I can make a request to node1:80 and it will be successfully > > redirected to the apache port and returned to me. > > > > However while node2 is the only active backend server, this flow > > will fail and I will simply get a blank page with HTTP 200. > > I think I know why that is. when sniffing on node1, I can see the > > following request flow: > > > > 1. My browser making web the request to node1:80 > > 2. Node1 making the request to node2. > > But, this is where the problem comes in. > > The source IP is node1 > > The Destination IP is node2 > > However the Host in this request is the node1 IP address > > > > So, since node2 backend server is actually a proxy server, it will > > take the IP address from the Host header it received and make a > > request to node1 (since it has it in the request's Host header) and > > the failure will come in. > > > > So I guess what I'm asking is what would be the correct option to > > use in HAproxy in order to have this set up the right way. > > > > I copied the configuration file from one of the examples and > > trimmed it down to the very basic so I can eliminate anything > > that's causing the problems, so here it is: > > > > *global* > > *daemon* > > *maxconn 256* > > * > > * > > *defaults* > > *mode http* > > *timeout connect 5000ms* > > *timeout client 5ms* > > *timeout server 5ms* > > *balance roundrobin* > > *option forwardfor* > > * > > * > > *frontend http-in* > > *bind *:80* > > *default_backend servers* > > * > > * > > *backend servers* > > *server :85* > > > > > > Many thanks in advance for any help! please let me know if you need > > any more information. > > > > Thanks, > > Ran > > > > > > -- Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/) ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70 mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S wrote: > Hello all, > > I am trying to use HAProxy for the following configuration: > Two Linux servers (node1, node2) running apache (on port 85) and squid and > acting as Proxy servers to the Internet > I installed HAProxy on node1, and configured it to listen to port 80, and > have the backends in their respective apache port 85. > > While node1 is the only active server in the backend servers list, I can > make a request to node1:80 and it will be successfully redirected to the > apache port and returned to me. > > However while node2 is the only active backend server, this flow will fail > and I will simply get a blank page with HTTP 200. > I think I know why that is. when sniffing on node1, I can see the following > request flow: > > 1. My browser making web the request to node1:80 > 2. Node1 making the request to node2. > But, this is where the problem comes in. > The source IP is node1 > The Destination IP is node2 > However the Host in this request is the node1 IP address > > So, since node2 backend server is actually a proxy server, it will take the > IP address from the Host header it received and make a request to node1 > (since it has it in the request's Host header) and the failure will come in. > > So I guess what I'm asking is what would be the correct option to use in > HAproxy in order to have this set up the right way. > > I copied the configuration file from one of the examples and trimmed it > down to the very basic so I can eliminate anything that's causing the > problems, so here it is: > > *global* > *daemon* > *maxconn 256* > * > * > *defaults* > *mode http* > *timeout connect 5000ms* > *timeout client 5ms* > *timeout server 5ms* > *balance roundrobin* > *option forwardfor* > * > * > *frontend http-in* > *bind *:80* > *default_backend servers* > * > * > *backend servers* > *server :85* > > > Many thanks in advance for any help! please let me know if you need any > more information. > > Thanks, > Ran > > >