RE: Do I need more than HAProxy for SSL webserver

Hi Guy

I was curious, what problems did you have with heartbeat? I've been having a strange problem where the LB node, using Xen, where I keep loosing the ability to see the HAProxy stats page. If I stop and restart Heartbeat, then the stats come back for about 15-20 minutes. The failover capabilities seem to keep working, I just loose the stats. I also looked into pound, but I was concerned because others said they had problems on a busy CMS site.
When I started to set this up, I looked at DRBD VS rsync/replication, but I actually don't remember now why I chose against it.

Tom

-----Original Message-----
From: Guy [mailto:wyldfury#gmail.com]
Sent: Thursday, June 11, 2009 10:38 AM
To: haproxy#formilux.org
Subject: Re: Do I need more than HAProxy for SSL webserver

2009/6/10 Tom Potwin <wxman2#gmail.com>:
> I've read that all I need is to change mode http to mode tcp, balance
> roundrobin to balance source, and option httpchk to option
> ssl-hello-chk, and all should work. Then I also read that HAProxy
> can't do SSL so you have to install something like stunnel to get it
> to work. I'm trying to keep things as simple as I can, so what is the
correct way for me to handle this?

Another option is to have Pound (http://www.apsis.ch/pound/) doing your HTTPS proxying. It does the SSL authentication and then sends the request for the actual content to the backend servers. Not sure of performance if you've got a site with very heavy traffic though. I'm currently using HAProxy and Pound side by side for my web load balancing and it works just fine with webmail servers that get a fair bit of traffic.

On the subject of load balancing, I'd be careful about going the Heartbeat route. I've used it before and had headaches. I was using it with DRBD though, so it may work just fine in your situation.

Cheers
Guy Received on 2009/06/11 17:08