Re: FW: HAProxy and pop and smtp?

From: Rob Morin <rob#dido.ca>
Date: Tue, 13 Nov 2007 13:01:25 -0500


I never tried the stats page yet.... It shows Joe as down ???

Rob Morin
Dido Internet Inc.
Montreal,Canada
http://www.dido.ca
514-990-4444

Peter Lønberg wrote:
> In that case you should look at the stats page, see if the secondary webserver is registering as UP.
>
>
> /Peter
>
> -----Original Message-----
> From: Rob Morin [mailto:rob#dido.ca]
> Sent: 13. november 2007 18:41
> To: Peter Lønberg
> Cc: haproxy#formilux.org
> Subject: Re: FW: HAProxy and pop and smtp?
>
> Interesting, so i tried the below config, then stopped apache on peter,
> and i got this in the logs.... but i could not get any websites...
>
> i get a
>
>
> 503 Service Unavailable
>
> No server is available to handle this request.
>
> And in the logs i get...
>
> localhost haproxy[30683]: proxy http_proxy has no server available !
>
> did i do something wrong?
>
> listen http_proxy xxx.xxx.xxx.148:80
> mode http
> log global
> stats enable
> stats auth someuser:somepassword
> balance roundrobin
> cookie JSESSIONID prefix
> option httpclose
> option forwardfor
> option httpchk HEAD /check.txt HTTP/1.0
> server webA xxx.xxx.xxx.158:80 cookie A check
> server webB xxx.xxx.xxx.149:80 cookie B check backup
>
>
> Rob Morin
> Dido Internet Inc.
> Montreal,Canada
> http://www.dido.ca
> 514-990-4444
>
>
>
> Peter Lønberg wrote:
>
>> And for the list as well.
>>
>> Sorry about that.
>>
>> -----Original Message-----
>> From: Peter Lønberg
>> Sent: 13. november 2007 17:47
>> To: 'Rob Morin'
>> Subject: RE: HAProxy and pop and smtp?
>>
>> Hi
>>
>> Question 1, yes.. That's one of the purposes of the loadbalancing software.
>>
>> Question 2,
>>
>> For Peter to be the primary webserver you've added it correctly. Now, to create a backupserver on Joe, simply put "backup" after the configuration of the server. Like so:
>> server joe xxx.xxx.xxx.149:80 cookie B check backup
>>
>> If Peter dies ( god forbid :( ), all requests are sent to Joe.
>>
>> Best regards
>> Peter Lønberg
>>
>>
>> -----Original Message-----
>> From: Rob Morin [mailto:rob#dido.ca]
>> Sent: 13. november 2007 17:34
>> To: Kevin Maziere - Amen
>> Cc: haproxy#formilux.org
>> Subject: Re: HAProxy and pop and smtp?
>>
>> OK, so here is my config and all seems just fine!
>>
>> I am so happy...
>>
>> I do have a couple questions,
>> 1) My main use of haproxy is to provide availability over load balacning
>> at this point... so with the below config shall i assume if one server
>> dies, or the service in question becomes unavailable the other magically
>> takes over ? meaning haproxy will simply send incoming connections to
>> the other server?
>>
>> 2) Also for http i would like all requests to go to Peter ONLY, but if
>> Peter fails go to Joe... how would i modify the config for that?
>>
>> Thanks to all once again....
>>
>> ----------------------------------------
>>
>> global
>> log 127.0.0.1 local0 info
>> maxconn 4096
>> #debug
>> #quiet
>> user haproxy
>> group haproxy
>>
>> defaults
>> log global
>> mode http
>> option httplog
>> option dontlognull
>> retries 3
>> redispatch
>> maxconn 2000
>> contimeout 5000
>> clitimeout 50000
>> srvtimeout 50000
>>
>> listen http_proxy xxx.xxx.xxx.148:80
>> mode http
>> log global
>> stats enable
>> stats auth someuser:somepassword
>> balance roundrobin
>> cookie JSESSIONID prefix
>> option httpclose
>> option forwardfor
>> option httpchk HEAD /check.txt HTTP/1.0
>> server peter xxx.xxx.xxx.158:80 cookie A check
>> # server joe xxx.xxx.xxx.149:80 cookie B check
>>
>>
>> ### Setup for Mail
>>
>> listen imap_proxy xxx.xxx.xxx.147:143
>> maxconn 100
>> mode tcp
>> log global
>> balance roundrobin
>> server peter xxx.xxx.xxx.158:143 check inter 5000 fall 4 rise 1
>> server joe xxx.xxx.xxx.149:143 check inter 5000 fall 4 rise 1
>> stats enable
>>
>> listen smtp_proxy xxx.xxx.xxx.147:25
>> maxconn 500
>> mode tcp
>> log global
>> balance roundrobin
>> server peter xxx.xxx.xxx.158:25
>> stats enable
>>
>> listen pop_proxy xxx.xxx.xxx.147:110
>> maxconn 500
>> mode tcp
>> log global
>> balance roundrobin
>> server peter xxx.xxx.xxx.158:110 check inter 5000 fall 4 rise 1
>> server joe xxx.xxx.xxx.149:110 check inter 5000 fall 4 rise 1
>> stats enable
>>
>>
>>
>> Rob Morin
>> Dido Internet Inc.
>> Montreal,Canada
>> http://www.dido.ca
>> 514-990-4444
>>
>>
>>
>> Rob Morin wrote:
>>
>>
>>> Solved... a weirdness, the binary was ruining , as i installed via
>>> apt-get, but the binary was not on the system as another SA removed
>>> the package by error.... so running /etc/init.d/haproxy restart was
>>> doing nothing.... as we run etch, and the package was from Lenny so
>>> the sa removed it to be safe...
>>>
>>>
>>> i installed by source and imap proxy is working well!
>>>
>>> Thanks to all for your help... i will nor try pop and smtp.... any
>>> special configs for those services?
>>>
>>> Rob Morin
>>> Dido Internet Inc.
>>> Montreal,Canada
>>> http://www.dido.ca
>>> 514-990-4444
>>>
>>>
>>>
>>> Rob Morin wrote:
>>>
>>>
>>>> Yes as i also use it for http, and that is working just fine... i got
>>>> the logs to work right , i forgot to add the lines in /etc/syslogd.conf
>>>>
>>>> That box has 4 IPs one for web one for mail one for the box itself
>>>> and one spare in case....
>>>> they are aliases of the eth0
>>>>
>>>> I currently connect to the ip know as xxx.xxx.xxx.147 with pop, imap
>>>> and smtp, i redirect with rinetd at the moment, but thats just a
>>>> redirect no load balancing or fail over.... so i disabled that then
>>>> restart haproxy with my below mentioned seeting and i cannot telnet
>>>> to port 143 on that server..
>>>>
>>>> Rob Morin
>>>> Dido Internet Inc.
>>>> Montreal,Canada
>>>> http://www.dido.ca
>>>> 514-990-4444
>>>>
>>>>
>>>>
>>>> Kevin Maziere - Amen wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> Thanks for all these informations, I will try that as soon as
>>>>> possible :)
>>>>>
>>>>> Kevin
>>>>>
>>>>> Willy Tarreau a écrit :
>>>>>
>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>> On Mon, Nov 12, 2007 at 06:50:31PM +0100, Kevin Maziere - Amen wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hi Rob,
>>>>>>>
>>>>>>> I'm new in Haproxy too, I mean I used it since several weeks for
>>>>>>> http and imap proxy. For imap I used tcp mode on port 143, this
>>>>>>> work fine
>>>>>>>
>>>>>>> listen imap 10.1.1.143:143
>>>>>>> maxconn 500
>>>>>>> mode tcp
>>>>>>> balance roundrobin
>>>>>>> server _1_ 10.1.1.144:143 c1 check inter 5000 fall 4 rise 1
>>>>>>> server _2_ 10.1.1.145:143 c2 check inter 5000 fall 4 rise 1
>>>>>>> stats enable
>>>>>>>
>>>>>>> But I also need to be able to forward the source adress, but due
>>>>>>> to the way it works, I don't imagine that haproxy can send it on
>>>>>>> an non layer7 protocol, but as I said, I'm new in haproxy
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> It is possible if you patch your linux kernel with the CTTPROXY patch
>>>>>> (from www.balabit.com). Then you build haproxy to use it and you add
>>>>>> "source x.x.x.x usesrc clientip" to your configuration. It will then
>>>>>> automatically create outgoing NAT entries making it look like haproxy
>>>>>> connects to the server using the client's IP address. For this, the
>>>>>> server mustt route through haproxy so that the packets are translated
>>>>>> again in the other direction.
>>>>>>
>>>>>> We do this on our appliances, and if we put aside the performance drop
>>>>>> of about 30%, it works fine.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> I need the source IP on SSL two, but is there a way to do that
>>>>>>> without an ssl reverse-proxy, after reading docs on haproxy
>>>>>>> website, and on ssl protocol itself, not sur it is possible
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> If you need it for HTTPS, then simply install stunnel and apply the
>>>>>> x-forwarded-for patch from my site. Stunnel will then append a header
>>>>>> after the last request header, inserting the client's IP address
>>>>>> there.
>>>>>> The server will then be able to use it as it would with haproxy's
>>>>>> x-forwarded-for. This is by far the easiest method today, and it
>>>>>> offloads the server and brings you to the world of L7 mangling and
>>>>>> persistence on HTTPS, which is quite appreciable ;-)
>>>>>>
>>>>>> Regards,
>>>>>> Willy
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>
>>
>
>
Received on 2007/11/13 19:01

This archive was generated by hypermail 2.2.0 : 2007/11/13 19:45 CET