Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril,
I seem to be having luck with simply replacing the Virtual IP to 127.0.0.1,
I will test it further. thanks again!!
On Sun, Aug 14, 2011 at 6:16 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Le Sunday 14 August 2011 13:31:57, Ran S a écrit :
Hi Cyril,
I see, thanks for that.
So, will the correct way be to configure two different backends and
include
the reqrep for each one of them.
But how will I get the listen or frontend node to load balance between
two
different backend nodes? I can't find the configuration to do that... is
it
possible?
Well, haproxy is not designed to load balance between backends, but there
are
several workarounds (some of them are less elegant than the others).
For your issue, I don't know all about your configuration so maybe it won't
work, but first, can you check if you can unconditionally replace the Host
header with 127.0.0.1 ? Maybe that could do the trick.
reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1
One other workaround is to decide to not load balance but switch to a
second
backend under certain conditions (for example when the first backend
exceeds a
# of connections).
frontend http-in
bind :80
mode http
option httpclose
use_backend backend2 if { be_conn(backend1) gt 100 }
default_backend backend1
backend backend1
mode http
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104
server node1 172.31.0.104:85
backend backend2
mode http
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118
server node2 172.31.0.118:85
Another solution is to add a second level of proxies in haproxy :
listen http-in
bind :80
mode http
option httpclose
server pnode1 127.0.0.1:8104
server pnode2 127.0.0.1:8118
listen proxy104
bind 127.0.0.1:8104
mode http
option httpclose
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104
server node1 172.31.0.104:85
listen proxy118
bind 127.0.0.1:8118
mode http
option httpclose
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118
server node2 172.31.0.118:85
This is just some ideas (not tested), or you can try to add some conditions
directly in your apache configuration.
Hope this helps.
--
Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
I don't know what's going on, this doesn't seem to work.
With this configuration the header gets changed:
backend test_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118
But once I add the IF, it breaks and the header does not get changed!
backend imp_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 }
What am I doing wrong?
Thanks
2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr
reqrep yoursearch yourstring if { srv_id idofyourserver }
server's id can be forced with id keyword if needed
Regards,
Hervé.
On Thu, 11 Aug 2011 13:22:36 +0300
Ran S r...@sheinberg.net wrote:
Well, I have no idea if this mailing list is active, as I have gotten
no response, but I'll give it another try.
I managed to change the Host header using ReqRep successfully.
However, now I am in a state where one of the backends need this
change, and the other one doesn't.
How would I go about configuring this?
If I put the two backends under one backend node, they both get the
ReqRep parameter, and then one of the servers can't work with the
replaced host header.
If I put them in two backend nodes, how can I get the frontend node to
balance between the two? this appears to be the correct way but I
can't find the right command.
Thanks
On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote:
Hello all,
I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and
squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port
80, and have the backends in their respective apache port 85.
While node1 is the only active server in the backend servers list,
I can make a request to node1:80 and it will be successfully
redirected to the apache port and returned to me.
However while node2 is the only active backend server, this flow
will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the
following request flow:
1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address
So, since node2 backend server is actually a proxy server, it will
take the IP address from the Host header it received and make a
request to node1 (since it has it in the request's Host header) and
the failure will come in.
So I guess what I'm asking is what would be the correct option to
use in HAproxy in order to have this set up the right way.
I copied the configuration file from one of the examples and
trimmed it down to the very basic so I can eliminate anything
that's causing the problems, so here it is:
*global*
*daemon*
*maxconn 256*
*
*
*defaults*
*mode http*
*timeout connect 5000ms*
*timeout client 5ms*
*timeout server 5ms*
*balance roundrobin*
*option forwardfor*
*
*
*frontend http-in*
*bind *:80*
*default_backend servers*
*
*
*backend servers*
*server node1name node1ip:85*
Many thanks in advance for any help! please let me know if you need
any more information.
Thanks,
Ran
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Hi all,
Le Sunday 14 August 2011 10:19:04, Ran S a écrit :
I don't know what's going on, this doesn't seem to work.
With this configuration the header gets changed:
backend test_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118
But once I add the IF, it breaks and the header does not get changed!
backend imp_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118 }
What am I doing wrong?
reqrep can't be used with the srv_id acl : the server is only known late in
the request processus, after the headers manipulation, which makes your
condition never match.
Sorry to say that you can't do it like this.
--
Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Hi Cyril,
I see, thanks for that.
So, will the correct way be to configure two different backends and include
the reqrep for each one of them.
But how will I get the listen or frontend node to load balance between two
different backend nodes? I can't find the configuration to do that... is it
possible?
Thanks
2011/8/14 Cyril Bonté cyril.bo...@free.fr
Hi all,
Le Sunday 14 August 2011 10:19:04, Ran S a écrit :
I don't know what's going on, this doesn't seem to work.
With this configuration the header gets changed:
backend test_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118
But once I add the IF, it breaks and the header does not get changed!
backend imp_servers
server 118 172.31.0.118:85 id 118
reqrep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if { srv_id 118
}
What am I doing wrong?
reqrep can't be used with the srv_id acl : the server is only known late
in
the request processus, after the headers manipulation, which makes your
condition never match.
Sorry to say that you can't do it like this.
--
Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Le Sunday 14 August 2011 13:31:57, Ran S a écrit :
Hi Cyril,
I see, thanks for that.
So, will the correct way be to configure two different backends and include
the reqrep for each one of them.
But how will I get the listen or frontend node to load balance between two
different backend nodes? I can't find the configuration to do that... is it
possible?
Well, haproxy is not designed to load balance between backends, but there are
several workarounds (some of them are less elegant than the others).
For your issue, I don't know all about your configuration so maybe it won't
work, but first, can you check if you can unconditionally replace the Host
header with 127.0.0.1 ? Maybe that could do the trick.
reqrep ^Host:\ 172.31.0.103 Host:\ 127.0.0.1
One other workaround is to decide to not load balance but switch to a second
backend under certain conditions (for example when the first backend exceeds a
# of connections).
frontend http-in
bind :80
mode http
option httpclose
use_backend backend2 if { be_conn(backend1) gt 100 }
default_backend backend1
backend backend1
mode http
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104
server node1 172.31.0.104:85
backend backend2
mode http
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118
server node2 172.31.0.118:85
Another solution is to add a second level of proxies in haproxy :
listen http-in
bind :80
mode http
option httpclose
server pnode1 127.0.0.1:8104
server pnode2 127.0.0.1:8118
listen proxy104
bind 127.0.0.1:8104
mode http
option httpclose
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.104
server node1 172.31.0.104:85
listen proxy118
bind 127.0.0.1:8118
mode http
option httpclose
reqrep ^Host:\ 172.31.0.103 Host:\ 172.31.0.118
server node2 172.31.0.118:85
This is just some ideas (not tested), or you can try to add some conditions
directly in your apache configuration.
Hope this helps.
--
Cyril Bonté
Re: Problem: host header keeps the IP of the HAProxy server
Well, I have no idea if this mailing list is active, as I have gotten no response, but I'll give it another try. I managed to change the Host header using ReqRep successfully. However, now I am in a state where one of the backends need this change, and the other one doesn't. How would I go about configuring this? If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header. If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command. Thanks On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote: Hello all, I am trying to use HAProxy for the following configuration: Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85. While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me. However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200. I think I know why that is. when sniffing on node1, I can see the following request flow: 1. My browser making web the request to node1:80 2. Node1 making the request to node2. But, this is where the problem comes in. The source IP is node1 The Destination IP is node2 However the Host in this request is the node1 IP address So, since node2 backend server is actually a proxy server, it will take the IP address from the Host header it received and make a request to node1 (since it has it in the request's Host header) and the failure will come in. So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way. I copied the configuration file from one of the examples and trimmed it down to the very basic so I can eliminate anything that's causing the problems, so here it is: *global* *daemon* *maxconn 256* * * *defaults* *mode http* *timeout connect 5000ms* *timeout client 5ms* *timeout server 5ms* *balance roundrobin* *option forwardfor* * * *frontend http-in* *bind *:80* *default_backend servers* * * *backend servers* *server node1name node1ip:85* Many thanks in advance for any help! please let me know if you need any more information. Thanks, Ran
Re: Problem: host header keeps the IP of the HAProxy server
reqrep yoursearch yourstring if { srv_id idofyourserver }
server's id can be forced with id keyword if needed
Regards,
Hervé.
On Thu, 11 Aug 2011 13:22:36 +0300
Ran S r...@sheinberg.net wrote:
Well, I have no idea if this mailing list is active, as I have gotten
no response, but I'll give it another try.
I managed to change the Host header using ReqRep successfully.
However, now I am in a state where one of the backends need this
change, and the other one doesn't.
How would I go about configuring this?
If I put the two backends under one backend node, they both get the
ReqRep parameter, and then one of the servers can't work with the
replaced host header.
If I put them in two backend nodes, how can I get the frontend node to
balance between the two? this appears to be the correct way but I
can't find the right command.
Thanks
On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote:
Hello all,
I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and
squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port
80, and have the backends in their respective apache port 85.
While node1 is the only active server in the backend servers list,
I can make a request to node1:80 and it will be successfully
redirected to the apache port and returned to me.
However while node2 is the only active backend server, this flow
will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the
following request flow:
1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address
So, since node2 backend server is actually a proxy server, it will
take the IP address from the Host header it received and make a
request to node1 (since it has it in the request's Host header) and
the failure will come in.
So I guess what I'm asking is what would be the correct option to
use in HAproxy in order to have this set up the right way.
I copied the configuration file from one of the examples and
trimmed it down to the very basic so I can eliminate anything
that's causing the problems, so here it is:
*global*
*daemon*
*maxconn 256*
*
*
*defaults*
*mode http*
*timeout connect 5000ms*
*timeout client 5ms*
*timeout server 5ms*
*balance roundrobin*
*option forwardfor*
*
*
*frontend http-in*
*bind *:80*
*default_backend servers*
*
*
*backend servers*
*server node1name node1ip:85*
Many thanks in advance for any help! please let me know if you need
any more information.
Thanks,
Ran
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Many thanks for your help! it seems that this is the correct way, but I get
a parsing error when checking the file in every possible syntax I could come
up with
frontend http-in
bind 172.31.0.104:80
default_backend test_servers
backend test_servers
server 118 172.31.0.118:85
reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id
imp118}
server 104 172.31.0.104:85
Can you tell me the correct syntax?
2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr
reqrep yoursearch yourstring if { srv_id idofyourserver }
server's id can be forced with id keyword if needed
Regards,
Hervé.
On Thu, 11 Aug 2011 13:22:36 +0300
Ran S r...@sheinberg.net wrote:
Well, I have no idea if this mailing list is active, as I have gotten
no response, but I'll give it another try.
I managed to change the Host header using ReqRep successfully.
However, now I am in a state where one of the backends need this
change, and the other one doesn't.
How would I go about configuring this?
If I put the two backends under one backend node, they both get the
ReqRep parameter, and then one of the servers can't work with the
replaced host header.
If I put them in two backend nodes, how can I get the frontend node to
balance between the two? this appears to be the correct way but I
can't find the right command.
Thanks
On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote:
Hello all,
I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and
squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port
80, and have the backends in their respective apache port 85.
While node1 is the only active server in the backend servers list,
I can make a request to node1:80 and it will be successfully
redirected to the apache port and returned to me.
However while node2 is the only active backend server, this flow
will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the
following request flow:
1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address
So, since node2 backend server is actually a proxy server, it will
take the IP address from the Host header it received and make a
request to node1 (since it has it in the request's Host header) and
the failure will come in.
So I guess what I'm asking is what would be the correct option to
use in HAproxy in order to have this set up the right way.
I copied the configuration file from one of the examples and
trimmed it down to the very basic so I can eliminate anything
that's causing the problems, so here it is:
*global*
*daemon*
*maxconn 256*
*
*
*defaults*
*mode http*
*timeout connect 5000ms*
*timeout client 5ms*
*timeout server 5ms*
*balance roundrobin*
*option forwardfor*
*
*
*frontend http-in*
*bind *:80*
*default_backend servers*
*
*
*backend servers*
*server node1name node1ip:85*
Many thanks in advance for any help! please let me know if you need
any more information.
Thanks,
Ran
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
Re: Problem: host header keeps the IP of the HAProxy server
Ok got it! many thanks! just had to give the id as an integer instead of a
name (118), and use srv_id 118
On Thu, Aug 11, 2011 at 1:45 PM, Ran S r...@sheinberg.net wrote:
Many thanks for your help! it seems that this is the correct way, but I get
a parsing error when checking the file in every possible syntax I could come
up with
frontend http-in
bind 172.31.0.104:80
default_backend test_servers
backend test_servers
server 118 172.31.0.118:85
reqirep ^Host:\ 172.31.0.104 Host:\ 172.31.0.118 if {srv_id
imp118}
server 104 172.31.0.104:85
Can you tell me the correct syntax?
2011/8/11 Hervé COMMOWICK hcommow...@exosec.fr
reqrep yoursearch yourstring if { srv_id idofyourserver }
server's id can be forced with id keyword if needed
Regards,
Hervé.
On Thu, 11 Aug 2011 13:22:36 +0300
Ran S r...@sheinberg.net wrote:
Well, I have no idea if this mailing list is active, as I have gotten
no response, but I'll give it another try.
I managed to change the Host header using ReqRep successfully.
However, now I am in a state where one of the backends need this
change, and the other one doesn't.
How would I go about configuring this?
If I put the two backends under one backend node, they both get the
ReqRep parameter, and then one of the servers can't work with the
replaced host header.
If I put them in two backend nodes, how can I get the frontend node to
balance between the two? this appears to be the correct way but I
can't find the right command.
Thanks
On Wed, Aug 10, 2011 at 5:00 PM, Ran S r...@sheinberg.net wrote:
Hello all,
I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and
squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port
80, and have the backends in their respective apache port 85.
While node1 is the only active server in the backend servers list,
I can make a request to node1:80 and it will be successfully
redirected to the apache port and returned to me.
However while node2 is the only active backend server, this flow
will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the
following request flow:
1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address
So, since node2 backend server is actually a proxy server, it will
take the IP address from the Host header it received and make a
request to node1 (since it has it in the request's Host header) and
the failure will come in.
So I guess what I'm asking is what would be the correct option to
use in HAproxy in order to have this set up the right way.
I copied the configuration file from one of the examples and
trimmed it down to the very basic so I can eliminate anything
that's causing the problems, so here it is:
*global*
*daemon*
*maxconn 256*
*
*
*defaults*
*mode http*
*timeout connect 5000ms*
*timeout client 5ms*
*timeout server 5ms*
*balance roundrobin*
*option forwardfor*
*
*
*frontend http-in*
*bind *:80*
*default_backend servers*
*
*
*backend servers*
*server node1name node1ip:85*
Many thanks in advance for any help! please let me know if you need
any more information.
Thanks,
Ran
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
