FW: HAProxy and pop and smtp?

From: Peter Lønberg <peter#edc.dk>
Date: Tue, 13 Nov 2007 17:49:32 +0100


And for the list as well.

Sorry about that.

-----Original Message-----
From: Peter Lønberg
Sent: 13. november 2007 17:47
To: 'Rob Morin'
Subject: RE: HAProxy and pop and smtp?

Hi

Question 1, yes.. That's one of the purposes of the loadbalancing software.

Question 2,

For Peter to be the primary webserver you've added it correctly. Now, to create a backupserver on Joe, simply put "backup" after the configuration of the server. Like so:

        server joe xxx.xxx.xxx.149:80 cookie B check backup

If Peter dies ( god forbid :( ), all requests are sent to Joe.

Best regards
Peter Lønberg

-----Original Message-----
From: Rob Morin [mailto:rob#dido.ca]
Sent: 13. november 2007 17:34
To: Kevin Maziere - Amen
Cc: haproxy#formilux.org
Subject: Re: HAProxy and pop and smtp?

OK, so here is my config and all seems just fine!

I am so happy...

I do have a couple questions,
1) My main use of haproxy is to provide availability over load balacning at this point... so with the below config shall i assume if one server dies, or the service in question becomes unavailable the other magically takes over ? meaning haproxy will simply send incoming connections to the other server?

2) Also for http i would like all requests to go to Peter ONLY, but if Peter fails go to Joe... how would i modify the config for that?

Thanks to all once again....

global 

        log 127.0.0.1   local0 info
        maxconn 4096
        #debug
        #quiet
        user haproxy
        group haproxy

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen http_proxy xxx.xxx.xxx.148:80
       mode http
       log global
       stats enable
       stats auth someuser:somepassword
       balance roundrobin
       cookie JSESSIONID prefix
       option httpclose
       option forwardfor
       option httpchk HEAD /check.txt HTTP/1.0
       server peter xxx.xxx.xxx.158:80 cookie A check
#       server joe xxx.xxx.xxx.149:80 cookie B check

### Setup for Mail

listen imap_proxy xxx.xxx.xxx.147:143 

      maxconn 100
       mode tcp
        log global
       balance roundrobin
       server peter xxx.xxx.xxx.158:143 check inter 5000 fall 4 rise 1
       server joe xxx.xxx.xxx.149:143  check inter 5000 fall 4 rise 1
       stats enable

listen smtp_proxy xxx.xxx.xxx.147:25
      maxconn 500
       mode tcp
        log global
       balance roundrobin
       server peter xxx.xxx.xxx.158:25
       stats enable

listen pop_proxy xxx.xxx.xxx.147:110
      maxconn 500
       mode tcp
        log global
       balance roundrobin
       server peter xxx.xxx.xxx.158:110 check inter 5000 fall 4 rise 1
       server joe xxx.xxx.xxx.149:110  check inter 5000 fall 4 rise 1
       stats enable

Rob Morin
Dido Internet Inc.
Montreal,Canada
http://www.dido.ca
514-990-4444

Rob Morin wrote:
> Solved... a weirdness, the binary was ruining , as i installed via
> apt-get, but the binary was not on the system as another SA removed
> the package by error.... so running /etc/init.d/haproxy restart was
> doing nothing.... as we run etch, and the package was from Lenny so
> the sa removed it to be safe...
>
>
> i installed by source and imap proxy is working well!
>
> Thanks to all for your help... i will nor try pop and smtp.... any
> special configs for those services?
>
> Rob Morin
> Dido Internet Inc.
> Montreal,Canada
> http://www.dido.ca
> 514-990-4444
>
>
>
> Rob Morin wrote:
>> Yes as i also use it for http, and that is working just fine... i got
>> the logs to work right , i forgot to add the lines in /etc/syslogd.conf
>>
>> That box has 4 IPs one for web one for mail one for the box itself
>> and one spare in case....
>> they are aliases of the eth0
>>
>> I currently connect to the ip know as xxx.xxx.xxx.147 with pop, imap
>> and smtp, i redirect with rinetd at the moment, but thats just a
>> redirect no load balancing or fail over.... so i disabled that then
>> restart haproxy with my below mentioned seeting and i cannot telnet
>> to port 143 on that server..
>>
>> Rob Morin
>> Dido Internet Inc.
>> Montreal,Canada
>> http://www.dido.ca
>> 514-990-4444
>>
>>
>>
>> Kevin Maziere - Amen wrote:
>>> Hi,
>>>
>>> Thanks for all these informations, I will try that as soon as
>>> possible :)
>>>
>>> Kevin
>>>
>>> Willy Tarreau a écrit :
>>>> Hi guys,
>>>>
>>>> On Mon, Nov 12, 2007 at 06:50:31PM +0100, Kevin Maziere - Amen wrote:
>>>>
>>>>> Hi Rob,
>>>>>
>>>>> I'm new in Haproxy too, I mean I used it since several weeks for
>>>>> http and imap proxy. For imap I used tcp mode on port 143, this
>>>>> work fine
>>>>>
>>>>> listen imap 10.1.1.143:143
>>>>> maxconn 500
>>>>> mode tcp
>>>>> balance roundrobin
>>>>> server _1_ 10.1.1.144:143 c1 check inter 5000 fall 4 rise 1
>>>>> server _2_ 10.1.1.145:143 c2 check inter 5000 fall 4 rise 1
>>>>> stats enable
>>>>>
>>>>> But I also need to be able to forward the source adress, but due
>>>>> to the way it works, I don't imagine that haproxy can send it on
>>>>> an non layer7 protocol, but as I said, I'm new in haproxy
>>>>>
>>>>
>>>> It is possible if you patch your linux kernel with the CTTPROXY patch
>>>> (from www.balabit.com). Then you build haproxy to use it and you add
>>>> "source x.x.x.x usesrc clientip" to your configuration. It will then
>>>> automatically create outgoing NAT entries making it look like haproxy
>>>> connects to the server using the client's IP address. For this, the
>>>> server mustt route through haproxy so that the packets are translated
>>>> again in the other direction.
>>>>
>>>> We do this on our appliances, and if we put aside the performance drop
>>>> of about 30%, it works fine.
>>>>
>>>>
>>>>> I need the source IP on SSL two, but is there a way to do that
>>>>> without an ssl reverse-proxy, after reading docs on haproxy
>>>>> website, and on ssl protocol itself, not sur it is possible
>>>>>
>>>>
>>>> If you need it for HTTPS, then simply install stunnel and apply the
>>>> x-forwarded-for patch from my site. Stunnel will then append a header
>>>> after the last request header, inserting the client's IP address
>>>> there.
>>>> The server will then be able to use it as it would with haproxy's
>>>> x-forwarded-for. This is by far the easiest method today, and it
>>>> offloads the server and brings you to the world of L7 mangling and
>>>> persistence on HTTPS, which is quite appreciable ;-)
>>>>
>>>> Regards,
>>>> Willy
>>>>
>>>>
>>>>
>>>
>>
>
Received on 2007/11/13 17:49

This archive was generated by hypermail 2.2.0 : 2007/11/13 18:30 CET