Varnish or HAproxy help
-
Hi Team,
I have varnist setup and working fine for http request with a few servers each a different website. But now I have a few servers running https and this does not work with varnish if I am right.
So I installed HAproxy full but having some issues with it.
Here are the config:
Under settings I have
Maximun connections : 10000 per Backend
Remote syslog host 127.0.0.1Frondend settings I have
Name : WEBLB
Description : WEBLB
Connection timeout : 30000
Server timeout : 30000
Retries : 3
Type : HTTP
Balance : Source
Stats Enable : Checked
Stats Realm : Haproxy\ Statistics
Stats Uri : /haproxy?stats
Stats Username : admin
Stats Password : "Set my own password"
Stats Refresh : 10
Monitor Uri : /index.php
Port : 443
Max connections : 10000
Client Timeout : 30000
Use forward option : Checked
Use httpclose option : checked
Advance pass thru : cookie SERVERID insert indirectUnder servers I have
Name : serverA (Actual name not put on the forum)
Frontend : WEBLB
ip address : X.X.X.X ( Ip of serverA )
Port : 443
Status : Active
Cookie : serverA
Weight : 1Also when I go to http://X.X.X.X/haproxy?stats I get "404 page not found"
Could anyone advise pls?
Cheers,
Raj
-
are you sure the haproxy process is running? ps -A | grep haproxy
can you check the config with console command:
haproxy -c -V -f /var/etc/haproxy.cfgcan you post the contents of 'haproxy.cfg' ?
-
haproxy -c -V -f /var/etc/haproxy.cfg
[WARNING] 079/075307 (42686) : config : cookie will be ignored for proxy 'WEBLB' (needs 'mode http').
[WARNING] 079/075307 (42686) : config : 'cookie' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
[WARNING] 079/075307 (42686) : config : 'stats' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
[WARNING] 079/075307 (42686) : config : 'option forwardfor' ignored for proxy 'WEBLB' as it requires HTTP mode.
[WARNING] 079/075307 (42686) : config : 'option httpclose' ignored for proxy 'WEBLB' as it requires HTTP mode.
[ALERT] 079/075307 (42686) : config : proxy 'WEBLB' : server cannot have cookie or redirect prefix in non-HTTP mode.
[ALERT] 079/075307 (42686) : Fatal errors found in configuration.If I change the settings in the front end fron https to hhp then i get :
haproxy -c -V -f /var/etc/haproxy.cfg
[WARNING] 079/075618 (675) : Proxy 'WEBLB': in multi-process mode, stats will be limited to process assigned to the current request.
Configuration file is validand in the logs i get :
haproxy[3445]: Proxy WEBLB started.
Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 3ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!Cheers,
Raj
-
It seams you are trying to mix a few features of haproxy that cannot be used together.
https < cannot use cookies or any other method that 'modifies' the traffic.
http < should not run on port 443 but on port 80, but does not support https traffic in the haproxy1.4I suppose you do want the endusers to use your website securely, so that listening on port 443 is 'correct'.
Do you really need the cookie? and the stats
I you do there might be another option in the new haproxy-devel 1.5dev17 package that fits your needs.
It allows using 'http mode' which allows for the cookie setting with SSL-offloading possibly even combined with a SSL backend. But this does require configuring the certificates on the haproxy settings. Though the package is still in active development and options might change without notice..