LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-17-2016, 11:51 AM   #1
deelinux
Member
 
Registered: Nov 2009
Posts: 39

Rep: Reputation: 15
Ha Proxy


Hi Im trying to get HaProxy working in a test enviroment, to see how it all works.

1 x Centos 6.5 running V1.5 haproxy
2 x redhat 6.5 server running a test app that uses SSL

I want to connect to the haproxy which in turn forwards to either of the two backend servers, which run an app that uses ssl.

Im new to the haproxy config and my head is in a spin, so just looking for some tips or advise on how I might be able to get this working. (Its only a test enviroment, for me to get my head around the haproxy aspect).

I have the haproxy.cfg configured as below, Im sure its not complete, but the process starts and I can see the log which indicates its trying to get to one of the backedn servers, but fails to complete.

Log states "GET / HTTP/1.1", and this is I think is because http will not talk to https...


If anyone has some expertise on this aspect and can shed some light on what I would need to do, that would be great.


haproxy.cfg File contents

global

log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
ssl-server-verify none

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 1m
maxconn 3000



#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080 #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth howtoforge:howtoforge #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
option httpchk GET /health_check
server myserver1.test.com 192.168.0.1:443 #test1
server myserver1.test.com 192.168.0.1:443 #test2
 
Old 12-18-2016, 01:45 PM   #2
deelinux
Member
 
Registered: Nov 2009
Posts: 39

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by deelinux View Post
Hi Im trying to get HaProxy working in a test enviroment, to see how it all works.

1 x Centos 6.5 running V1.5 haproxy
2 x redhat 6.5 server running a test app that uses SSL

I want to connect to the haproxy which in turn forwards to either of the two backend servers, which run an app that uses ssl.

Im new to the haproxy config and my head is in a spin, so just looking for some tips or advise on how I might be able to get this working. (Its only a test enviroment, for me to get my head around the haproxy aspect).

I have the haproxy.cfg configured as below, Im sure its not complete, but the process starts and I can see the log which indicates its trying to get to one of the backedn servers, but fails to complete.

Log states "GET / HTTP/1.1", and this is I think is because http will not talk to https...


If anyone has some expertise on this aspect and can shed some light on what I would need to do, that would be great.


haproxy.cfg File contents

global

log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
ssl-server-verify none

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 1m
maxconn 3000



#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080 #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth howtoforge:howtoforge #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
option httpchk GET /health_check
server myserver1.test.com 192.168.0.1:443 #test1
server myserver1.test.com 192.168.0.1:443 #test2
I found an example file within the haproxy files, ssl.cfg, so all is good now
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
proxy server that accepts PARENT PROXY as a SOCKS PROXY shadyabhi Linux - Server 1 08-10-2010 03:09 PM
configure squid proxy with cc proxy as a parent proxy faisi Linux - Networking 1 08-10-2010 01:16 PM
Forwarding all traffic to the proxy to another proxy (transparent proxy/redirection) lakshithaww Linux - Networking 1 10-28-2009 12:54 AM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 01:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration