ah. ok never mind. i figured it out. it logs the http errors. got it. i also
figured out that it was getting all these 500 errors because various clients
were looking for favicon and robots. doh.
anyway, if i might consult the hive mind again: 1) wondering if anyone sees anything overtly wrong with my config. the timeouts are high because we have some reports that take 3-6 minutes to run.
2) is there a way to add a custom header with the client ip in the ssl loop? that way i can set my apache http logs to log that instead of always just having my ssl proxy internal ips. i know that there is documentation about using stun or lvs, but haproxy just works and is easy to maintain and this is the only thing i don't have right now, so if i can keep the moving parts down that would be preferable.
thanks. my config (all traffic is ssl):
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
retries 1
timeout connect 5000
timeout client 600000
timeout server 600000
listen ssl_loop vip1:443 # a virtual ip using heartbeat mapped to two real
apache servers
mode tcp
option tcplog
option ssl-hello-chk
balance source
server real_ssl_server1 realip1:443 weight 4 check # these forward to
http_loop after decryption
server real_ssl_server2 realip2:443 weight 6 check
listen http_loop vip1:8088 # same vip but on different port
mode http
stats enable
stats auth user:pw
balance roundrobin
option httpclose
option forwardfor
option httpchk HEAD /check.txt HTTP/1.0
server real_http_server1 real_ip1:8090 weight 4 check
server real_http_server2 real_ip2:8090 weight 6 check
-- greg gard, psyd www.carepaths.comReceived on 2008/10/02 15:06
This archive was generated by hypermail 2.2.0 : 2008/10/02 15:17 CEST