Re: HAProxy and pop and smtp?

From: Rob Morin <rob#dido.ca>
Date: Tue, 13 Nov 2007 10:43:35 -0500


Solved... a weirdness, the binary was ruining , as i installed via apt-get, but the binary was not on the system as another SA removed the package by error.... so running /etc/init.d/haproxy restart was doing nothing.... as we run etch, and the package was from Lenny so the sa removed it to be safe...

i installed by source and imap proxy is working well!

Thanks to all for your help... i will nor try pop and smtp.... any special configs for those services?

Rob Morin
Dido Internet Inc.
Montreal,Canada
http://www.dido.ca
514-990-4444

Rob Morin wrote:
> Yes as i also use it for http, and that is working just fine... i got
> the logs to work right , i forgot to add the lines in /etc/syslogd.conf
>
> That box has 4 IPs one for web one for mail one for the box itself and
> one spare in case....
> they are aliases of the eth0
>
> I currently connect to the ip know as xxx.xxx.xxx.147 with pop, imap
> and smtp, i redirect with rinetd at the moment, but thats just a
> redirect no load balancing or fail over.... so i disabled that then
> restart haproxy with my below mentioned seeting and i cannot telnet
> to port 143 on that server..
>
> Rob Morin
> Dido Internet Inc.
> Montreal,Canada
> http://www.dido.ca
> 514-990-4444
>
>
>
> Kevin Maziere - Amen wrote:
>> Hi,
>>
>> Thanks for all these informations, I will try that as soon as
>> possible :)
>>
>> Kevin
>>
>> Willy Tarreau a écrit :
>>> Hi guys,
>>>
>>> On Mon, Nov 12, 2007 at 06:50:31PM +0100, Kevin Maziere - Amen wrote:
>>>
>>>> Hi Rob,
>>>>
>>>> I'm new in Haproxy too, I mean I used it since several weeks for
>>>> http and imap proxy. For imap I used tcp mode on port 143, this
>>>> work fine
>>>>
>>>> listen imap 10.1.1.143:143
>>>> maxconn 500
>>>> mode tcp
>>>> balance roundrobin
>>>> server _1_ 10.1.1.144:143 c1 check inter 5000 fall 4 rise 1
>>>> server _2_ 10.1.1.145:143 c2 check inter 5000 fall 4 rise 1
>>>> stats enable
>>>>
>>>> But I also need to be able to forward the source adress, but due to
>>>> the way it works, I don't imagine that haproxy can send it on an
>>>> non layer7 protocol, but as I said, I'm new in haproxy
>>>>
>>>
>>> It is possible if you patch your linux kernel with the CTTPROXY patch
>>> (from www.balabit.com). Then you build haproxy to use it and you add
>>> "source x.x.x.x usesrc clientip" to your configuration. It will then
>>> automatically create outgoing NAT entries making it look like haproxy
>>> connects to the server using the client's IP address. For this, the
>>> server mustt route through haproxy so that the packets are translated
>>> again in the other direction.
>>>
>>> We do this on our appliances, and if we put aside the performance drop
>>> of about 30%, it works fine.
>>>
>>>
>>>> I need the source IP on SSL two, but is there a way to do that
>>>> without an ssl reverse-proxy, after reading docs on haproxy
>>>> website, and on ssl protocol itself, not sur it is possible
>>>>
>>>
>>> If you need it for HTTPS, then simply install stunnel and apply the
>>> x-forwarded-for patch from my site. Stunnel will then append a header
>>> after the last request header, inserting the client's IP address there.
>>> The server will then be able to use it as it would with haproxy's
>>> x-forwarded-for. This is by far the easiest method today, and it
>>> offloads the server and brings you to the world of L7 mangling and
>>> persistence on HTTPS, which is quite appreciable ;-)
>>>
>>> Regards,
>>> Willy
>>>
>>>
>>>
>>
>
Received on 2007/11/13 16:43

This archive was generated by hypermail 2.2.0 : 2007/11/13 17:30 CET