Varnish or HAproxy help



  • Hi Team,

    I have varnist setup and working fine for http request with a few servers each a different website. But now I have a few servers running https and this does not work with varnish if I am right.

    So I installed HAproxy full but having some issues with it.

    Here are the config:

    Under settings I have

    Maximun connections : 10000 per Backend
    Remote syslog host  127.0.0.1

    Frondend settings I have

    Name : WEBLB
    Description : WEBLB
    Connection timeout : 30000
    Server timeout : 30000
    Retries : 3
    Type : HTTP
    Balance : Source
    Stats Enable : Checked
    Stats Realm : Haproxy\ Statistics
    Stats Uri : /haproxy?stats
    Stats Username : admin
    Stats Password : "Set my own password"
    Stats Refresh : 10
    Monitor Uri : /index.php
    Port : 443
    Max connections : 10000
    Client Timeout : 30000
    Use forward option : Checked
    Use httpclose option : checked
    Advance pass thru : cookie SERVERID insert indirect

    Under servers I have

    Name : serverA (Actual name not put on the forum)
    Frontend : WEBLB
    ip address : X.X.X.X ( Ip of serverA )
    Port : 443
    Status : Active
    Cookie : serverA
    Weight : 1

    Also when I go to http://X.X.X.X/haproxy?stats I get "404 page not found"

    Could anyone advise pls?

    Cheers,

    Raj



  • are you sure the haproxy process is running? ps -A | grep haproxy

    can you check the config with console command:
    haproxy -c -V -f /var/etc/haproxy.cfg

    can you post the contents of 'haproxy.cfg' ?



  • haproxy -c -V -f /var/etc/haproxy.cfg
    [WARNING] 079/075307 (42686) : config : cookie will be ignored for proxy 'WEBLB' (needs 'mode http').
    [WARNING] 079/075307 (42686) : config : 'cookie' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'stats' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'option forwardfor' ignored for proxy 'WEBLB' as it requires HTTP mode.
    [WARNING] 079/075307 (42686) : config : 'option httpclose' ignored for proxy 'WEBLB' as it requires HTTP mode.
    [ALERT] 079/075307 (42686) : config : proxy 'WEBLB' : server cannot have cookie or redirect prefix in non-HTTP mode.
    [ALERT] 079/075307 (42686) : Fatal errors found in configuration.

    If I change the settings in the front end fron https to hhp then i get :

    haproxy -c -V -f /var/etc/haproxy.cfg
    [WARNING] 079/075618 (675) : Proxy 'WEBLB': in multi-process mode, stats will be limited to process assigned to the current request.
    Configuration file is valid

    and in the logs i get :

    haproxy[3445]: Proxy WEBLB started.
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
    Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 3ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
    Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!

    Cheers,

    Raj



  • It seams you are trying to mix a few features of haproxy that cannot be used together.
    https < cannot use cookies or any other method that 'modifies' the traffic.
    http < should not run on port 443 but on port 80, but does not support https traffic in the haproxy1.4

    I suppose you do want the endusers to use your website securely, so that listening on port 443 is 'correct'.

    Do you really need the cookie? and the stats

    I you do there might be another option in the new haproxy-devel 1.5dev17 package that fits your needs.
    It allows using 'http mode' which allows for the cookie setting with SSL-offloading possibly even combined with a SSL backend. But this does require configuring the certificates on the haproxy settings. Though the package is still in active development and options might change without notice..


Locked