Varnish or HAproxy help



  • Hi Team,

    I have varnist setup and working fine for http request with a few servers each a different website. But now I have a few servers running https and this does not work with varnish if I am right.

    So I installed HAproxy full but having some issues with it.

    Here are the config:

    Under settings I have

    Maximun connections : 10000 per Backend
    Remote syslog host  127.0.0.1

    Frondend settings I have

    Name : WEBLB
    Description : WEBLB
    Connection timeout : 30000
    Server timeout : 30000
    Retries : 3
    Type : HTTP
    Balance : Source
    Stats Enable : Checked
    Stats Realm : Haproxy\ Statistics
    Stats Uri : /haproxy?stats
    Stats Username : admin
    Stats Password : "Set my own password"
    Stats Refresh : 10
    Monitor Uri : /index.php
    Port : 443
    Max connections : 10000
    Client Timeout : 30000
    Use forward option : Checked
    Use httpclose option : checked
    Advance pass thru : cookie SERVERID insert indirect

    Under servers I have

    Name : serverA (Actual name not put on the forum)
    Frontend : WEBLB
    ip address : X.X.X.X ( Ip of serverA )
    Port : 443
    Status : Active
    Cookie : serverA
    Weight : 1

    Also when I go to http://X.X.X.X/haproxy?stats I get "404 page not found"

    Could anyone advise pls?

    Cheers,

    Raj



  • are you sure the haproxy process is running? ps -A | grep haproxy

    can you check the config with console command:
    haproxy -c -V -f /var/etc/haproxy.cfg

    can you post the contents of 'haproxy.cfg' ?



  • haproxy -c -V -f /var/etc/haproxy.cfg
    [WARNING] 079/075307 (42686) : config : cookie will be ignored for proxy 'WEBLB' (needs 'mode http').
    [WARNING] 079/075307 (42686) : config : 'cookie' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'stats' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'option forwardfor' ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'option httpclose' ignored for proxy 'WEBLB' as it requires HTTP mode.
    [ALERT] 079/075307 (42686) : config : proxy 'WEBLB' : server cannot have cookie or redirect prefix in non-HTTP mode.
    [ALERT] 079/075307 (42686) : Fatal errors found in configuration.

    If I change the settings in the front end fron https to hhp then i get :

    haproxy -c -V -f /var/etc/haproxy.cfg
    [WARNING] 079/075618 (675) : Proxy 'WEBLB': in multi-process mode, stats will be limited to process assigned to the current request.
    Configuration file is valid

    and in the logs i get :

    haproxy[3445]: Proxy WEBLB started.
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 3ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!

    Cheers,

    Raj



  • It seams you are trying to mix a few features of haproxy that cannot be used together.
    https < cannot use cookies or any other method that 'modifies' the traffic.
    http < should not run on port 443 but on port 80, but does not support https traffic in the haproxy1.4

    I suppose you do want the endusers to use your website securely, so that listening on port 443 is 'correct'.

    Do you really need the cookie? and the stats

    I you do there might be another option in the new haproxy-devel 1.5dev17 package that fits your needs.
    It allows using 'http mode' which allows for the cookie setting with SSL-offloading possibly even combined with a SSL backend. But this does require configuring the certificates on the haproxy settings. Though the package is still in active development and options might change without notice..


Log in to reply