Making changes to haproxy package; how do I make them available to everyone?
-
The balance option depends on the service. For OWA, use source because you need to keep the same client on the same CAS server and since it's HTTPS you can't insert a tracking cookie. For SMTP/POP3/IMAP use round robin. RPC is a bit complex because by default Exchange uses three different services over RPC (the endpoint mapper, the address book, and MAPI) and a giant range of ports for RPC. You have to make changes so that the address book and MAPI use a single port. Then you need to create a separate frontend for each of those and add advanced options to keep the client connections on the same CAS servers (technically you don't need to create separate frontends to do this in HAProxy, but with the way it's implemented in pfSense you do). For the MAPI stuff I'm using the newly added leastconn balance option, but I was using round robin before that. I think that the advanced options end up overriding it anyway so I'm not sure it makes a difference.
It'll be clearer once I have time to put together a real write-up.
As for spam protection, we have that covered for now with a single appliance. Once this is in place, we plan making use of multiple spam gateways which we will also load balance with this setup.
-
Also one quick question before I go to sleep, how big is your exchange environment?
-
There are 14 exchange servers distributed in some locations, but my problem is with 02 exchange servers in the main site.
Total mailboxes are 60k.
-
Everything is looking good to me.
I noticed that you made the required version 2.0. Are we only updating this for 2.0? As far as I know it's only the binary for 7 that is needed to make this work on 1.2.3.
That's a large exchange environment you have! We've got around 1,100 mailboxes. Are you on Exchange 2010 as well?
-
Everything is looking good to me.
Good news. :) Did you tested all features?
I noticed that you made the required version 2.0. Are we only updating this for 2.0? As far as I know it's only the binary for 7 that is needed to make this work on 1.2.3.
I'll compile it to 1.2.3 too. The required version you see is just on 2.0 xml.
Are you on Exchange 2010 as well?
not yet.
-
Yes, as far as I can tell all features are working. I am still running my own Outlook instance through it. All options in the package are there and appear to be working fine. The XMLRPC sync is good.
Any chance I can get access to this wiki page to update it once this goes totally live:
http://doc.pfsense.org/index.php/Haproxy_packageAre you on 2007 or 2003?
-
Are you on 2007 or 2003?
Both, some locations are not migrated yet.
Any chance I can get access to this wiki page to update it once this goes totally live:
Ask core developers to create an acount at docs.pfsense.org to you.
-
Hey marcello, are we ready to finalize the package? Is there anything else you need from me?
What's the best way to contact a core developer for wiki access without annoying them? I know PMing is generally frowned upon..
-
Just changed package version to 1.4.18 pkg v 1.0
Since I finish 1.2.3 compiling and testing I'll change there too.
to create an account at docs.pfsense.com, just send an email to wikiadmin@pfsense.org asking it.
-
Sounds good, though I do not see the version updated.
-
I've republished package version change.
-
Marcello, just want to say that everything is working great. Thanks so much for your help. I have wiki access and as soon I have some time, this week or early next week, I'll update the docs to reflect the changes.
I updated my cluster members today and noticed that the package still pulls files from your servers rather than the pfSense servers. Is that normal? Will it stay that way?
-
Package version 1.4.18 was not on ports when I published this update and also files.pfsense.org was not building haproxy everyday.
Since freebsd ports updated haproxy to 1.4.18 and it this package is available on files.pfsense, I will update package download link.
-
Thanks again for everything; I may make more changes in the future but I think I'm done for a little while. I've updated the docs, and I referred to you by your forums name in case you didn't want your real name in there. Feel free to change that or let me know and I'll make the change.
http://doc.pfsense.org/index.php/Haproxy_package
-
Nice work on this package update. No issues at all. :)
-
Marcello, HAProxy has released 1.4.19 which has a few important bigfixes in it. Can you update the binaries? If I could I would definitely do this myself..
Also the package still says it requires 2.0 and points to your server, though those are not very important.
-
Ok, I will update it.
If this update is also in freebsd ports, maybe tomorrow It's available on files.pfsense.org
Do you have freebsd 8.1 vms to compile it via ports?
-
I don't actually know what "ports" is :-[
I have a FreeBSD 8.1 amd64 VM available. I was able to compile 1.4.18 before but I don't think I used ports. I'm willing to learn though..
-
http://www.freebsd.org/ports/ :)
It's how programs are distributed in source form for FreeBSD. If you have a standard FreeBSD install then you already have a huge collection of source code in /usr/ports.
Steve
-
To install ports do:
portsnap fetch
portsnap extractTo update do
portsnap fetch
portsnap update
