HAProxy on 1.2.3-RELEASE - Successful!!!
-
Ok having read the initial post would this be correct? I have a little test rig in the office and between my daily work I sometimes have time to tinker with this kit. I have been scouring google and not come up with anything concrete with regards to overcoming the https question. Other posts have mentioned about using stunnel but the link here
http://agiletesting.blogspot.com/2009/02/load-balancing-in-amazon-ec2-with.html
says
SSL
To handle SSL traffic in HAProxy, you need 3 things:
- Define a frontend with a unique name which handles *:443
- Send traffic to real_server_IP_1:443 through real_server_IP_N:443 in the backend(s) associated with the frontend
- Specify 'mode tcp' instead of 'mode http' both in the frontend section and in the backend section(s) which handle port 443. Otherwise you won't see any SSL traffic hitting your real servers, and you'll wonder why….
------ Would the follwing be correct?
- Configure HAProxy using default values except the following:
--> On Settings Tab:
--> Enable HAProxy
--> DO NOT USE REMOTE SYSLOG HOST (bug in current version of pfSense haproxy package)
--> On Frontend Tab:
--> 10.10.10.1 (fictitious VIP)--> On Servers Tab:
--> 192.168.5.1
--> 192.168.5.2- Configure the firewall rule - very impt!
--> On the Firewall-->Rules tab
--> New rule -
--> Protocol=any
--> Source=Any
--> Port=80
--> Destination=CARP VIP 10.10.10.1
--> On the Firewall-->Rules tab
--> New rule -
--> Protocol=any
--> Source=Any
--> Port=443
--> Destination=CARP VIP 10.10.10.1
ACL
frontend myfrontend *:80
log global
maxconn 25000
option forwardfor
acl acl_example1 server1 example1
acl acl_example2 server2 example2
use_backend example1_farm if acl_example1
use_backend example2_farm if acl_example2
default_backend default_farmI’m a little confused, will haproxy take the http header and pass both http&https requests.
I have assumed that I would need to add the 443 port rule to pfsense is this correct? -
I'm also trying haproxy out. Though for some reason it's very slow looking at download speeds. A file of 2 mb is downloading with 15 kb/s thru haproxy though when i enter a simple NAT rule it's downloads with 1 MB/s . Latency on haproxy is very low (15ms).
For now it's an experimental cluster so no other traffic is going thru. Can someone help me out on this? HaProxy seems to be alot better then the build in load balancer looking at features.
(i do use a carp vip to the internet, and my webservers are using apache on a 192.168.2.0/24 network. All settings are pretty basic.)
-
Hi,
I also try to configure my pfsense box to reach my LAN backend webservers but it does not work as expected.
It seems my pfsense haproxy doesn't see my backends servers (unreachable from VIP, displayed in red in haproxy stats page).I configured a public VIP (I tried IP alias and CARP configuration) with a port and 3 backends servers (reachable on LAN subnet) associated with this frontend.
I added a rule to allow traffic to go through the public VIP.I can reach the stats page on the public VIP but all backends servers are desperatly red (as attached) :(
Here is my haproxy configuration :
global
maxconn 200
uid 80
gid 80
nbproc 2
chroot /var/empty
daemonlisten web-frontends
bind xxx.xxx.xxx.xxx:8080
mode http
log global
option dontlognull
option forwardfor
maxconn 200
clitimeout 120000
balance roundrobin
contimeout 120000
srvtimeout 30000
option httpchk HEAD HTTP/1.0
stats enable
stats uri /haproxy?stats
stats realm haproxyqstats
stats auth user:pass
server web1 192.168.0.1:80 check inter 1000 weight 1
server web2 192.168.0.2:80 check inter 1000 weight 1
server web3 192.168.0.3:80 check inter 1000 weight 1Are there some more rules I have to add ?
Thanks,
Nicolas Maupu
-
For the record, I found my mistake and now, it is working like a charm !
I just forgot to add a non mandatory field : monitor URI - fail