Hi Lukasz,
You must use stunnel in front of haproxy in order to be able to inspect pure clear HTTP traffic.
Concerning your HAProxy configuration, it's not fully accurate. Please give a try to the configuration below:
frontend
mode tcp
tcp-request inspect-delay 1s
use_backend nodejs_flashpolicy_http if HTTP
default_backend nodejs_flashpolicy
backend nodejs_flashpolicy
mode tcp
server node1 localhost:10843 maxconn 2000 check
backend nodejs_flashpolicy_http
mode http
option httplog
server node1 localhost:10843 maxconn 2000 check
cheers
On Mon, Dec 12, 2011 at 8:10 AM, Lukasz Michalski <lm#zork.pl> wrote:
> On 12/10/2011 04:29 PM, Baptiste wrote:
>> Hi,
>>
>> There is an ACL for that: req_proto_http (and an alias exists: HTTP)
>> you can choose you backend based on it's return:
>>
>> tcp-request content inspect-delay 1s
>> use_backend bk_http if HTTP
>> use_backend bk_xml if !HTTP
>>
>
> I am not sure how this should be configured.
>
> I added to my conf file:
>
> tcp-request content accept if !HTTP
> tcp-request inspect-delay 1s
> use_backend nodejs_flashpolicy_http if !HTTP
>
> backend nodejs_flashpolicy
> mode tcp
> server node1 localhost:10843 maxconn 2000 check
>
> backend nodejs_flashpolicy_http
> mode http
> option httplog
> server node1 localhost:10843 maxconn 2000 check
>
> haproxy does not let me use_backend nodejs_flashpolicy in my frontend:
>
> [ALERT] 345/074250 (26349) : Unable to use proxy 'nodejs_flashpolicy'
> with wrong mode, required: http, has: tcp.
>
> But now I realized that the connection is dropped by stunnel and does
> not even get to haproxy. It seems that the best way would be to inspect
> the data on ports 80 and 443 and if I get xml string (which is always
> the same) then connect to appropriate service, otherwise use
> stunnel/haproxy.
>
> The problem is that I cannot find any software for linux that is capable
> of doing so.
>
> If you know any please share.
>
> Many thanks,
> Łukasz
Received on 2011/12/12 09:52
This archive was generated by hypermail 2.2.0 : 2011/12/12 10:00 CET