Let's say I have two Tornado servers, server1 for serving web pages with pattern /news/blahblah, and server2 for pages with pattern /data/blahblah. These two servers together form the back-end of my application.
I wonder how should I integrate and expose them to the clients, so that different requests to different URLs get served by different server.
I heard of HAProxy, do I have to use that?
You can use haproxy, but you don't need it in this case.
Use nginx.
Here is example of config for multiple tornados:
server {
listen *:80;
server_name myserver.com;
location /data/blahblah {
proxy_pass http://127.0.0.1:3001;
proxy_redirect off;
}
location /news/blahblah {
proxy_pass http://127.0.0.1:4001;
proxy_redirect off;
}
}
And then you can scale it with haproxy...
listen http 0.0.0.0:80
mode http
stats enable
stats refresh 10s
stats hide-version
cookie MYSERVER insert
balance roundrobin
option httpclose
option httpchk OPTIONS /heath.html
option forwardfor
option httplog
option logasap
log global
server MYSERVER 10.0.0.1:80 cookie SERVER1 check
server MYSERVER 10.0.0.2:80 cookie SERVER2 check
server MYSERVER 10.0.0.3:80 cookie SERVER3 check
Related
I need an example HAProxy config to do the following:
Server1 = 192.168.0.177 ( I did not give the servers names - only IP's)
On Server1, I run HAproxy as well as Apache.
Apache on Server1 is setup to listen on port 8080 now, and has two Virtual Hosts correctly setup for two sub-domains - each serving its own website content.
Sub-domain 1 = s.mydomain.com
Sub-domain 2 = x.mydomain.com
I have a second server running on 192.168.0.233.
I want to setup HAProxy to listen to s.mydomain.com and then forward it to Apache on the same server ( 192.168.0.177), x.mydomain.com and forward it to Apache on the same server (192.168.0.177) and y.mydomain.com and forward traffic to the second server (192.168.0.233).
I do not need any load balancing at this point, just routing/forwarding as described above.
Here you go,
global
#debug
defaults
mode http
option httpclose
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
backend same_server
server same_server 127.0.0.1:8001
backend second_server
server second_server 192.168.0.233:80
frontend app *:80
acl sub_y hdr(host) -i y.mydomain.com
use_backend second_server if sub_y
default_backend same_server
I have 3 server:
server (A)= a nginx(port 80) as reverse proxy to kestler (5000 port)
server (B)= a nginx(port 80) as reverse proxy to kestler (5000 port)
server (C)= a HAProxy as load balancer for port 80 of server (A) and (B)
and server A & B are quite similar.
every things works very well and haproxy forwards requests to server (A) & (B), but if kestrel in one of servers (e.g. A) be killed, nginx respond 502 bad gateway error and haproxy not detect this issue and still redirect requests to it, and this is mistake! it must redirect requests to server (B) in this time.
global
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
retries 3
timeout connect 5s
timeout client 50s
timeout server 50s
stats enable
stats hide-version
stats auth admin:admin
stats refresh 10s
stats uri /stat?stats
frontend http_front
bind *:80
mode http
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ http
default_backend http_back
backend http_back
balance roundrobin
mode http
cookie SERVERID insert indirect nocache
server ServerA 192.168.1.2:80 check cookie ServerA
server ServerB 192.168.1.3:80 check cookie ServerB
How Can I resolve this issue?
thanks very much.
You are only checking whether nginx is running, not whether the application is healthy enough to use.
In the backend, add option httpchk.
option httpchk GET /some/path HTTP/1.1\r\nHost:\ example.com
Replace some path with a path that will prove whether the application is usable on that server if it returns 200 OK (or any 2xx or 3xx response), and replace example.com with the HTTP Host header the application expects.
option httpchk
By default, server health checks only consist in trying to establish a TCP connection. When option httpchk is specified, a complete HTTP request is sent once the TCP connection is established, and responses 2xx and 3xx are
considered valid, while all other ones indicate a server failure, including the lack of any response.
This will mark the server as unhealthy if the app is not healthy, so HAProxy will stop sending traffic to it. You will want to configure a check interval for each server using inter and downinter and fastinter options on each server entey to specify how often HAProxy should perform the check.
i want to make one website(lets say blocked.com) that is not accessible from my country to be accessible for my clients throue the custom url like notblocked.com using haproxy.
i have my haproxy box configured on the vps outside of the country. the main problem is,that website sending url redirection on the response body using javascript function and my clients getting redirected to the original web address.
how can i intersept the response body and change the domain name in the java scrip to my domain (notblocked.com) .
haproxy configuration
global
log 127.0.0.1 local0
maxconn 4000
maxsslconn 256
tune.ssl.default-dh-param 2048
daemon
uid 99
gid 99
defaults
log global
mode http
option httplog
option dontlognull
timeout server 5s
timeout connect 5s
timeout client 5s
stats enable
stats refresh 10s
stats uri /stats
frontend https_frontend
bind *:443 ssl crt /etc/ssl/certs/kstore.pem
no option http-server-close
mode http
default_backend web_server
http-request set-header Host blocked.com
backend web_server
mode http
balance roundrobin
server srv01 1.2.3.4:443 weight 1 maxconn 100 check ssl verify none
thanks
The Haproxy documentation (http://cbonte.github.io/haproxy-dconv/1.7/intro.html#3.3.2) lists as a basic feature:
authentication with the backend server lets the backend server it's really the expected haproxy node that is connecting to it
I have been attempting to do just that and have been unable to. So here's the question:
How do I send a request off to a backend with self signed certificates for authentication. The front-end request that uses this backend, is just http.
Here's my haproxy.cfg file:
global
maxconn 4096
daemon
log 127.0.0.1 local0
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
frontend public
bind *:8213
use_backend api if { path_beg /api/ }
default_backend web
backend web
mode http
server blogweb1 127.0.0.1:4000
backend api
mode tcp
acl clienthello req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
server blogapi 127.0.0.1:8780
I eventually got this to start working. I believe what was throwing me off was the fact that after doing a haproxy -f <configFile> -st it didn't actually close the process like I thought it would. So, none of my changes/updates took. I kill -9 the tens of haproxy service and reran the command (haproxy -f ) and now it's working.
Now, this is a hypothesis, albeit one I am very confident in. I will still present my final configuration just in case someone will glean something from here. I used https://www.haproxy.com/doc/aloha/7.0/deployment_guides/tls_layouts.html. That link answers the question I had of "how do you authenticate to the backend using ssl" like the docs say you can.
global
maxconn 4096
daemon
log 127.0.0.1 local0
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
frontend public
bind *:443
mode http
use_backend api if { path_beg /api/ }
backend api
mode http
option httplog
server blogapi 127.0.0.1:4430 ssl ca-file <caFile.Pem> crt <clientCert.pem> verify required
I'm running HAProxy 1.4.24 behind LB. SSL terminates on LB. I want to redirect http requests to https. I have following config:
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend httpIn *:7258
maxconn 100000
option forwardfor header x-forwarded-for
acl is_http hdr(X-Forwarded-Proto) http
redirect scheme https code 301 if is_http
default_backend app
backend app
balance roundrobin
cookie LBSTICKY insert indirect nocache httponly secure maxlife 8h
server app1 10.10.10.10:8080 cookie app1
server app2 10.10.10.11:8080 cookie app2
My problem is the line
redirect scheme https code 301 if is_http
which generates the following error when running haproxy -f /etc/haproxy/haproxy.cfg -c :
[ALERT] 026/210541 (8482) : parsing [/etc/haproxy/haproxy.cfg:67] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').`
I rechecked documentation which says I'm using correct syntax for redirect. Any ideas?
redirect scheme is indeed not available in HAProxy 1.4.24. Right now, it is available in HAProxy 1.5-dev13 and newer as well as in HAProxy 1.4.25 and newer, including the haproxy-1.4 master.
The documentation you had a look at was probably the one by Cyril Bonté which currently is generated from the 1.4 master, not the 1.4.24 release.
As such, you could either upgrade to one of the named versions or work around the limitation. A common workaround is to use redirect prefix like this
redirect prefix https://domain.com if is_http { hdr(host) -i domain.com }
This rule has to be enumerated for each hostname where you want the redirect to happen.
This option is available on HAProxy 1.5...
You have to use redirect location in 1.4 branch for this purpose.
Baptiste