Re: haproxy question about check

From: Herv COMMOWICK <hcommowick#exceliance.fr>
Date: Fri, 21 May 2010 18:47:52 +0200


Hello,

On 05/21/2010 03:15 PM, eni-urgence wrote:
> Hello all.
>
> I discover haproxy few weeks ago and I want to thanks willy for his
> very good product.
> I'm planing to integrate haproxy to our dmz.
> I want to use haproxy for loadbalancing heavy secure php/ajax
> applications with cookie persitence: a collaborate scheduler and a
> image consult extranet.
>
> stunnel service will handle https connections and forward decrypted
> requests to haproxy on port 88. Then haproxy will forward connections
> to web server on port 10088, 100089 (and so...) on a mass virtual host
> configuration of apache (see below).
> In /var/www/vhost-SSL/ on web server, there is some symbolic links to
> the php sources. Some domains are not linked to same path because
> they don't provide the same application. So i don't want to have to
> delete/rename the "running.ok" file on every path when I want to
> shutdown the webserver.
> I want to use the httpcheck on port 10081 and the file "running.ok" .
> But I want a soft stop of service. I want haproxy to stop forwarding
> new connection if he don't find the "running.ok" file but continue to
> forward connection if cookie is initialised. so i will configure a
> backup server with same cookies (like said in Haproxy documentation).

Use "http-check disable-on-404" for this

>
> So now my questions :
> - is it possible to check only the header like this /HEAD /
> HTTP/1.0 /for backup server ?

option httpchk HEAD / HTTP/1.0

> - Like said in the article of willy
> (http://1wt.eu/articles/2006_lb/),it is good to load balance the
> encryption/decryption flow too. So a haproxy instance in tcp mode
> (layer 4), seems to be a good solution. But our applications have to
> know the client IP for security reasons. I read that a recompiled
> kernel with tproxy support will forward connections keeping the real
> client IP. Is that true ?

Yes it is, tproxy has been included in mainstream >=2.6.28 kernel. Usage of X-Forwarded-For header is preferred if you use stunnel.

> - I want to manage a multi site configuration keeping the session
> persistence. How can I manage to do so?

I don't understand this question :)

Regards,

Herv. Received on 2010/05/21 18:47

This archive was generated by hypermail 2.2.0 : 2010/05/21 19:00 CEST