Re: FW: HAProxy and pop and smtp?

From: Rob Morin <rob#dido.ca>
Date: Tue, 13 Nov 2007 12:41:23 -0500


Interesting, so i tried the below config, then stopped apache on peter, and i got this in the logs.... but i could not get any websites...

i get a

  503 Service Unavailable

No server is available to handle this request.

And in the logs i get...

localhost haproxy[30683]: proxy http_proxy has no server available !

did i do something wrong?

listen http_proxy xxx.xxx.xxx.148:80 

       mode http
       log global
       stats enable
       stats auth someuser:somepassword
       balance roundrobin
       cookie JSESSIONID prefix
       option httpclose
       option forwardfor
       option httpchk HEAD /check.txt HTTP/1.0
       server webA xxx.xxx.xxx.158:80 cookie A check
       server webB xxx.xxx.xxx.149:80 cookie B check backup

Rob Morin
Dido Internet Inc.
Montreal,Canada
http://www.dido.ca
514-990-4444

Peter Lønberg wrote:
> And for the list as well.
>
> Sorry about that.
>
> -----Original Message-----
> From: Peter Lønberg
> Sent: 13. november 2007 17:47
> To: 'Rob Morin'
> Subject: RE: HAProxy and pop and smtp?
>
> Hi
>
> Question 1, yes.. That's one of the purposes of the loadbalancing software.
>
> Question 2,
>
> For Peter to be the primary webserver you've added it correctly. Now, to create a backupserver on Joe, simply put "backup" after the configuration of the server. Like so:
> server joe xxx.xxx.xxx.149:80 cookie B check backup
>
> If Peter dies ( god forbid :( ), all requests are sent to Joe.
>
> Best regards
> Peter Lønberg
>
>
> -----Original Message-----
> From: Rob Morin [mailto:rob#dido.ca]
> Sent: 13. november 2007 17:34
> To: Kevin Maziere - Amen
> Cc: haproxy#formilux.org
> Subject: Re: HAProxy and pop and smtp?
>
> OK, so here is my config and all seems just fine!
>
> I am so happy...
>
> I do have a couple questions,
> 1) My main use of haproxy is to provide availability over load balacning
> at this point... so with the below config shall i assume if one server
> dies, or the service in question becomes unavailable the other magically
> takes over ? meaning haproxy will simply send incoming connections to
> the other server?
>
> 2) Also for http i would like all requests to go to Peter ONLY, but if
> Peter fails go to Joe... how would i modify the config for that?
>
> Thanks to all once again....
>
> ----------------------------------------
>
> global
> log 127.0.0.1 local0 info
> maxconn 4096
> #debug
> #quiet
> user haproxy
> group haproxy
>
> defaults
> log global
> mode http
> option httplog
> option dontlognull
> retries 3
> redispatch
> maxconn 2000
> contimeout 5000
> clitimeout 50000
> srvtimeout 50000
>
> listen http_proxy xxx.xxx.xxx.148:80
> mode http
> log global
> stats enable
> stats auth someuser:somepassword
> balance roundrobin
> cookie JSESSIONID prefix
> option httpclose
> option forwardfor
> option httpchk HEAD /check.txt HTTP/1.0
> server peter xxx.xxx.xxx.158:80 cookie A check
> # server joe xxx.xxx.xxx.149:80 cookie B check
>
>
> ### Setup for Mail
>
> listen imap_proxy xxx.xxx.xxx.147:143
> maxconn 100
> mode tcp
> log global
> balance roundrobin
> server peter xxx.xxx.xxx.158:143 check inter 5000 fall 4 rise 1
> server joe xxx.xxx.xxx.149:143 check inter 5000 fall 4 rise 1
> stats enable
>
> listen smtp_proxy xxx.xxx.xxx.147:25
> maxconn 500
> mode tcp
> log global
> balance roundrobin
> server peter xxx.xxx.xxx.158:25
> stats enable
>
> listen pop_proxy xxx.xxx.xxx.147:110
> maxconn 500
> mode tcp
> log global
> balance roundrobin
> server peter xxx.xxx.xxx.158:110 check inter 5000 fall 4 rise 1
> server joe xxx.xxx.xxx.149:110 check inter 5000 fall 4 rise 1
> stats enable
>
>
>
> Rob Morin
> Dido Internet Inc.
> Montreal,Canada
> http://www.dido.ca
> 514-990-4444
>
>
>
> Rob Morin wrote:
>
>> Solved... a weirdness, the binary was ruining , as i installed via
>> apt-get, but the binary was not on the system as another SA removed
>> the package by error.... so running /etc/init.d/haproxy restart was
>> doing nothing.... as we run etch, and the package was from Lenny so
>> the sa removed it to be safe...
>>
>>
>> i installed by source and imap proxy is working well!
>>
>> Thanks to all for your help... i will nor try pop and smtp.... any
>> special configs for those services?
>>
>> Rob Morin
>> Dido Internet Inc.
>> Montreal,Canada
>> http://www.dido.ca
>> 514-990-4444
>>
>>
>>
>> Rob Morin wrote:
>>
>>> Yes as i also use it for http, and that is working just fine... i got
>>> the logs to work right , i forgot to add the lines in /etc/syslogd.conf
>>>
>>> That box has 4 IPs one for web one for mail one for the box itself
>>> and one spare in case....
>>> they are aliases of the eth0
>>>
>>> I currently connect to the ip know as xxx.xxx.xxx.147 with pop, imap
>>> and smtp, i redirect with rinetd at the moment, but thats just a
>>> redirect no load balancing or fail over.... so i disabled that then
>>> restart haproxy with my below mentioned seeting and i cannot telnet
>>> to port 143 on that server..
>>>
>>> Rob Morin
>>> Dido Internet Inc.
>>> Montreal,Canada
>>> http://www.dido.ca
>>> 514-990-4444
>>>
>>>
>>>
>>> Kevin Maziere - Amen wrote:
>>>
>>>> Hi,
>>>>
>>>> Thanks for all these informations, I will try that as soon as
>>>> possible :)
>>>>
>>>> Kevin
>>>>
>>>> Willy Tarreau a écrit :
>>>>
>>>>> Hi guys,
>>>>>
>>>>> On Mon, Nov 12, 2007 at 06:50:31PM +0100, Kevin Maziere - Amen wrote:
>>>>>
>>>>>
>>>>>> Hi Rob,
>>>>>>
>>>>>> I'm new in Haproxy too, I mean I used it since several weeks for
>>>>>> http and imap proxy. For imap I used tcp mode on port 143, this
>>>>>> work fine
>>>>>>
>>>>>> listen imap 10.1.1.143:143
>>>>>> maxconn 500
>>>>>> mode tcp
>>>>>> balance roundrobin
>>>>>> server _1_ 10.1.1.144:143 c1 check inter 5000 fall 4 rise 1
>>>>>> server _2_ 10.1.1.145:143 c2 check inter 5000 fall 4 rise 1
>>>>>> stats enable
>>>>>>
>>>>>> But I also need to be able to forward the source adress, but due
>>>>>> to the way it works, I don't imagine that haproxy can send it on
>>>>>> an non layer7 protocol, but as I said, I'm new in haproxy
>>>>>>
>>>>>>
>>>>> It is possible if you patch your linux kernel with the CTTPROXY patch
>>>>> (from www.balabit.com). Then you build haproxy to use it and you add
>>>>> "source x.x.x.x usesrc clientip" to your configuration. It will then
>>>>> automatically create outgoing NAT entries making it look like haproxy
>>>>> connects to the server using the client's IP address. For this, the
>>>>> server mustt route through haproxy so that the packets are translated
>>>>> again in the other direction.
>>>>>
>>>>> We do this on our appliances, and if we put aside the performance drop
>>>>> of about 30%, it works fine.
>>>>>
>>>>>
>>>>>
>>>>>> I need the source IP on SSL two, but is there a way to do that
>>>>>> without an ssl reverse-proxy, after reading docs on haproxy
>>>>>> website, and on ssl protocol itself, not sur it is possible
>>>>>>
>>>>>>
>>>>> If you need it for HTTPS, then simply install stunnel and apply the
>>>>> x-forwarded-for patch from my site. Stunnel will then append a header
>>>>> after the last request header, inserting the client's IP address
>>>>> there.
>>>>> The server will then be able to use it as it would with haproxy's
>>>>> x-forwarded-for. This is by far the easiest method today, and it
>>>>> offloads the server and brings you to the world of L7 mangling and
>>>>> persistence on HTTPS, which is quite appreciable ;-)
>>>>>
>>>>> Regards,
>>>>> Willy
>>>>>
>>>>>
>>>>>
>>>>>
>
>
>
Received on 2007/11/13 18:41

This archive was generated by hypermail 2.2.0 : 2007/11/13 19:15 CET