Inbound Failover for HTTPS

marcelloc · Mar 12, 2012, 12:39 PM

Did you tried the manual failover or haproxy before this fallback pool?

skipper · Mar 12, 2012, 12:48 PM

thnx for your time and help marcelloc

yes i tried them,
the manual failover cannot do what i need, because i want the traffic to be forwarded automatically to web2 when web1 is down.
and haproxy didn't look to work for https traffic, thus i chose to stay at loadbalancer solution, just i need to improve the time that it takes for forwarding the requests to web2 when web1 is down.
isn't it there a way to make it faster?
the point is that the load balancer is recognizing very fast that the web1 is down, is just not changing the forwarding to web2.

marcelloc · Mar 12, 2012, 12:52 PM

Well, I use haproxy for https as I told you with no issues.

Can you try haproxy again using source as balance method, one pool for http and another pool for https?

skipper · Mar 12, 2012, 1:02 PM

yeah i will give it a try with haproxy (legacy) again and see if it can work.

when i tried i used a virtual carp IP (internet IP) and there i could also access the stats, but i didn't like that the stats were accessible from internet.
is it possible to access the stats (and setup haproxy) in another IP and not in the external IP of haproxy?

marcelloc · Mar 12, 2012, 1:07 PM

I enable stats on internal pools only. Any stat page show stats for all pools.

skipper · Mar 12, 2012, 3:01 PM

haproxy doesn't seem to be working for me :/ it's not even forwarding the requests to web1 or web2, i don't know what i am doing wrong there :-[

furthermore, after some tries to edit the configuration for the frontend is accepting the changes but is not updating the configuration, it seems like there is a bug in haproxy legacy (at least 2.0-RELEASE (amd64)).

as for the load balancer what i noticed is that when i take web1 down i can see from the pool tab that web1 is down (red) but on the virtual server tab it keeps "targeting" (forwarding) the requests to web1, which means that the virtual server is not refreshing the status right after the pool.

marcelloc · Mar 12, 2012, 3:08 PM

Can you screenshot your haproxy config?

skipper · Mar 12, 2012, 3:32 PM

here it's my configuration of haproxy…what am i doing wrong ???

the virtual IP is on the wan interface and it's CARP.
when the client is sending https request is not getting any answer
with http requests is going to pfsense web interface.

thnx once again man!!

marcelloc · Mar 12, 2012, 3:38 PM

Can you try this setup with legacy package?

I'm using it, so it will be easier to me to compare my setup with yours.

This week I`ll rename haproxy-lagacy to haproxy-full as it has more options then current 1.2 package.

Both(1.2 and 1.0) use the same 1.4.19 version of haproxy.

att,
Marcello Coutinho

skipper · Mar 12, 2012, 3:55 PM

i removed haproxy and installed haproxy legacy and then i configured it again.
the results are same as before :/
here is my configuration…

marcelloc · Mar 12, 2012, 7:06 PM

On backends I do not fill up Advanced pass thru and do not set cookies on Servers.

The other settings looks similar here.

Enable stats and try to see what happens.

skipper · Mar 12, 2012, 10:44 PM

hey marcelloc,

thanks a lot man!! i removed the "server cookies" from the backends and also "advanced pass thru" from the frontends and seems to be working great so far!! :)

btw, as i don't want the stats to be accessible from internet.. is it possible to make the stats accessible just from VPN connection in some other internal IP address? or i should just disable the stats?

marcelloc · Mar 12, 2012, 11:36 PM

Publish another haproxy server config with internal address, stats enabled and assign the http backend just to get stats working.

skipper · Mar 13, 2012, 10:29 PM

thnx once again!!

i published haproxy in an internal ip address as well for the stats, it was not necessary to assign any backend.

best regards