Re: HAProxy and pop and smtp?

From: Rob Morin <rob#dido.ca>
Date: Tue, 13 Nov 2007 08:09:16 -0500


Yes as i also use it for http, and that is working just fine... i got the logs to work right , i forgot to add the lines in /etc/syslogd.conf

That box has 4 IPs one for web one for mail one for the box itself and one spare in case....
they are aliases of the eth0

I currently connect to the ip know as xxx.xxx.xxx.147 with pop, imap and smtp, i redirect with rinetd at the moment, but thats just a redirect no load balancing or fail over.... so i disabled that then restart haproxy with my below mentioned seeting and i cannot telnet to port 143 on that server..

Rob Morin
Dido Internet Inc.
Montreal,Canada
http://www.dido.ca
514-990-4444

Kevin Maziere - Amen wrote:
> Hi,
>
> Thanks for all these informations, I will try that as soon as possible :)
>
> Kevin
>
> Willy Tarreau a écrit :
>> Hi guys,
>>
>> On Mon, Nov 12, 2007 at 06:50:31PM +0100, Kevin Maziere - Amen wrote:
>>
>>> Hi Rob,
>>>
>>> I'm new in Haproxy too, I mean I used it since several weeks for http
>>> and imap proxy. For imap I used tcp mode on port 143, this work fine
>>>
>>> listen imap 10.1.1.143:143
>>> maxconn 500
>>> mode tcp
>>> balance roundrobin
>>> server _1_ 10.1.1.144:143 c1 check inter 5000 fall 4 rise 1
>>> server _2_ 10.1.1.145:143 c2 check inter 5000 fall 4 rise 1
>>> stats enable
>>>
>>> But I also need to be able to forward the source adress, but due to the
>>> way it works, I don't imagine that haproxy can send it on an non layer7
>>> protocol, but as I said, I'm new in haproxy
>>>
>>
>> It is possible if you patch your linux kernel with the CTTPROXY patch
>> (from www.balabit.com). Then you build haproxy to use it and you add
>> "source x.x.x.x usesrc clientip" to your configuration. It will then
>> automatically create outgoing NAT entries making it look like haproxy
>> connects to the server using the client's IP address. For this, the
>> server mustt route through haproxy so that the packets are translated
>> again in the other direction.
>>
>> We do this on our appliances, and if we put aside the performance drop
>> of about 30%, it works fine.
>>
>>
>>> I need the source IP on SSL two, but is there a way to do that without
>>> an ssl reverse-proxy, after reading docs on haproxy website, and on ssl
>>> protocol itself, not sur it is possible
>>>
>>
>> If you need it for HTTPS, then simply install stunnel and apply the
>> x-forwarded-for patch from my site. Stunnel will then append a header
>> after the last request header, inserting the client's IP address there.
>> The server will then be able to use it as it would with haproxy's
>> x-forwarded-for. This is by far the easiest method today, and it
>> offloads the server and brings you to the world of L7 mangling and
>> persistence on HTTPS, which is quite appreciable ;-)
>>
>> Regards,
>> Willy
>>
>>
>>
>
Received on 2007/11/13 14:09

This archive was generated by hypermail 2.2.0 : 2007/11/13 14:45 CET