Error 500 in lighttpd

Guest

Hi,

Fisrt, congratulations for your great project (and sorry about my poor english.. I´m brazilian..)

I need to balance http request to a pool of webservers, and one of the switch criterias to
forward requests must be part of URL.

So, I configured a CARP interface with the virtual IP that I pretend to proxy, and in a shell
console, I add a line:

include ("lighttpd-user.inc")

in file: "/etc/inc/system.inc" line 750, and create a file "/etc/inc/lighttpd-user.inc" as:
#begin

server.modules     += ( "mod_accesslog", "mod_status", "mod_proxy" )

server.errorlog          = "/var/log/lighttpd.error.log"
accesslog.filename       = "/var/log/lighttpd.access.log"

status.status-url        = "/server-status"
status.config-url        = "/server-config"

$HTTP["host"] == "192.168.3.150" {
  proxy.debug                = 0
  proxy.balance              = "fair"
  proxy.server               = ( "" => ( ( "host" => "192.168.230.50", "port" => 8180 ),
                                         ( "host" => "192.168.230.51", "port" => 8180 ) ) )
}

#end

Just a legend:
  192.168.3.150 -> my pfsense box external ip address (wish I use for management)
  192.168.3.151 -> my Web VIP address
  192.168.230.50 -> One real server
  192.168.230.51 -> Another real server

as well as appropriated firewall rules, and aparently, things goes just like I thougth..
but when I put some real load (with jmeter),  sometimes (near 15% of requests),
I had error 500…

Someone have already made something like this ? and worked ?

PS: roud-robin balance not work too...

thanks..

Ibere

sullrich

Wait a second.  Your attempting to bench server performance by using the built in webserver!?!?!?!??!?!

Guest

No.. I´m just trying to use builtin webserver as a proxy to my real webservers;
but how I need to forward requests based on URL, I cannot use slbd (load balance) service
supplied regularly by pfsense.

sullrich

This is not supported, do NOT use the built in webserver for this.  Its not made for this and frankly, I cannot believe someone would even attempt this.

Guest

Ok… bad news.... so, I´m trying to install an apache server to do this..,

but when I install gcc (thru a pkg_add -r gcc41), do not have links to

/usr/local/bin/gcc, only for /usr/local/bin/gcc41...

do you know what I´m doing wrong ?

btw... the apache22 port does not have mod_proxy included... (so I need to compile)

tks a lot..

sullrich

@Ibere:

Ok… bad news.... so, I´m trying to install an apache server to do this..,

but when I install gcc (thru a pkg_add -r gcc41), do not have links to

/usr/local/bin/gcc, only for /usr/local/bin/gcc41...

do you know what I´m doing wrong ?

btw... the apache22 port does not have mod_proxy included... (so I need to compile)

tks a lot..

This is a firewall.  None of this is supported.  Please install and test on a dedicated machine any of your custom items.

Guest

Ok, you are the boss… I´ll choose another product, but really,
I don´t agree with "Hey man, this is a firewall, take this apache out of here !!"..
Reverse proxy is a security feature, and almost all top of line firewalls complies this
(Connect Control Module of Check Point Firewall-1, Http Proxy of Cisco PIX....)
I just thought this could (and should) be an important feature.

sullrich

You can do what you want with it.  The point is to not ask for help when doing things beyond the scope of what we offer support for.