RE: Do I need more than HAProxy for SSL webserver

From: Tom Potwin <>
Date: Thu, 11 Jun 2009 11:08:58 -0400

Hi Guy

I was curious, what problems did you have with heartbeat? I've been having a strange problem where the LB node, using Xen, where I keep loosing the ability to see the HAProxy stats page. If I stop and restart Heartbeat, then the stats come back for about 15-20 minutes. The failover capabilities seem to keep working, I just loose the stats. I also looked into pound, but I was concerned because others said they had problems on a busy CMS site.
When I started to set this up, I looked at DRBD VS rsync/replication, but I actually don't remember now why I chose against it.


-----Original Message-----
From: Guy []
Sent: Thursday, June 11, 2009 10:38 AM
Subject: Re: Do I need more than HAProxy for SSL webserver

2009/6/10 Tom Potwin <>:
> I've read that all I need is to change mode http to mode tcp, balance
> roundrobin to balance source, and option httpchk to option
> ssl-hello-chk, and all should work. Then I also read that HAProxy
> can't do SSL so you have to install something like stunnel to get it
> to work. I'm trying to keep things as simple as I can, so what is the
correct way for me to handle this?

Another option is to have Pound ( doing your HTTPS proxying. It does the SSL authentication and then sends the request for the actual content to the backend servers. Not sure of performance if you've got a site with very heavy traffic though. I'm currently using HAProxy and Pound side by side for my web load balancing and it works just fine with webmail servers that get a fair bit of traffic.

On the subject of load balancing, I'd be careful about going the Heartbeat route. I've used it before and had headaches. I was using it with DRBD though, so it may work just fine in your situation.

Guy Received on 2009/06/11 17:08

This archive was generated by hypermail 2.2.0 : 2009/06/11 17:15 CEST