?
Solved

haproxy works with listen but not forntend/backend config

Posted on 2014-07-22
5
Medium Priority
?
541 Views
Last Modified: 2014-08-15
I am about to pull my hair out with this.  For some time now we have been using a simple config with HAproxy.  It was using the listen method in TCP mode and routes traffic to two different servers.  It works fine except the check method was only able to check if the web server was up and serving request ok.  In this case if our Windows IIS server/service was working.  We have several web apps on the server and if one of them is not started or hung then HAproxy still routes traffic as it was only checking that IIS was serving ok.  We needed to build a more logical config that could test individual URLs for health checks as well as do HTTP to HTTPS redirects.

The old config worked fine with our sites minus the health check issue.  The new config works perfectly for the health check issue but certain tasks in our website/webapp just hang and never finish or go to an error message.  The old config did not cause this.  If I access the site via localhost or its direct IP bypassing HAproxy it still works fine.

Running HAproxy 1.5.2
Ubuntu 14.04

OLD CONFIG

global
    log 127.0.0.1    local0
    log 127.0.0.1    local1 notice
    #log loghost    local0 info
    maxconn 2048
    #chroot /usr/share/haproxy
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet

defaults
    log    global
    mode    http
    option    httplog
    option    dontlognull
    retries    3
    option redispatch
    maxconn    2048
    timeout connect    5000
    timeout client    5000

listen    MP-DEV-WEBFARM 192.168.0.128:443
    mode    tcp
    option  tcpka
    balance    source
    option  ssl-hello-chk
    option  httpchk HEAD /check.txt HTTP/1.0
    option  tcplog
    server    MP-DEV-WEBFARM-1 192.168.0.120:443 weight 1 check port 80 inter 2000 fall 2 rise 3
    server    MP-DEV-WEBFARM-2 192.168.0.121:443 weight 1 check port 80 inter 2000 fall 2 rise 3
    option  abortonclose
    timeout server    120000

listen stats 0.0.0.0:9600
    mode http
    balance
    stats uri /haproxy_stats       
    stats realm HAProxy\ Statistics
    stats auth admin:******
    stats admin if TRUE

Open in new window



NEW CONFIG

global
    log 127.0.0.1    local0
    log 127.0.0.1    local1 notice
    #log loghost    local0 info
    maxconn 2048
    #chroot /usr/share/haproxy
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet
    tune.ssl.default-dh-param 4096

defaults
    log    global
    mode    http
    option    httplog
    option    dontlognull
    retries    3
    option redispatch
    maxconn    2048
    timeout connect    5000
    timeout client    50000
    timeout server    120000
    option forwardfor
    option http-server-close

frontend www-http-dev-webfarm
   bind 192.168.0.128:80
   reqadd X-Forwarded-Proto:\ http
   acl mpi_dev url_dir /mpi_dev/
   use_backend www-backend-dev-webfarm-mpi_dev if mpi_dev
   default_backend www-backend-dev-webfarm

frontend www-https-dev-webfarm
   bind 192.168.0.128:443 ssl crt /etc/ssl/private/domain.pem
   reqadd X-Forwarded-Proto:\ https
   acl mpi_dev url_dir /mpi_dev/
   use_backend www-backend-dev-webfarm-mpi_dev if mpi_dev
   default_backend www-backend-dev-webfarm

backend www-backend-dev-webfarm
   redirect scheme https if !{ ssl_fc }
   option httpchk HEAD /check.txt HTTP/1.0
   option tcpka
   option abortonclose
   balance source
   errorfile 503 /etc/haproxy/errors/503-MP.http
   server MP-DEV-WEBFARM-1 192.168.0.120:80 weight 1 check port 80 inter 2000 fall 2 rise 3
   server MP-DEV-WEBFARM-2 192.168.0.121:80 weight 1 check port 80 inter 2000 fall 2 rise 3

backend www-backend-dev-webfarm-mpi_dev
   redirect scheme https if !{ ssl_fc }
   option http-server-close
   option forwardfor
   option httpchk GET /mpi_dev/wc.dll?UCoDASrv~mydesktop HTTP/1.0
   option tcpka
   option abortonclose
   balance source
   errorfile 503 /etc/haproxy/errors/503-MP.http
   server MP-DEV-WEBFARM-1 192.168.0.120:80 weight 1 check port 80 inter 2000 fall 2 rise 3
   server MP-DEV-WEBFARM-2 192.168.0.121:80 weight 1 check port 80 inter 2000 fall 2 rise 3

listen stats 0.0.0.0:9600
    mode http
    balance
    stats uri /haproxy_stats       
    stats realm HAProxy\ Statistics
    stats auth admin:******
    stats admin if TRUE

Open in new window


With the new config certain pages/actions in our webapp just hang and do nothing.

I was looking at FireBug in my browser and HAproxy logs and it just looks like HAproxy just thinks the page is done loading and stops when it's not done.  Any help would be great.

Thanks
0
Comment
Question by:sparticuz13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40230594
I would say you have too many parameters customized. Why would you need to adjust balancer weights when essentially nothing works?
0
 

Accepted Solution

by:
sparticuz13 earned 0 total points
ID: 40252488
I was able to find the problem.  It  was a spot in our web app that was pushing back a http url and not an https url.  For some reason this did not auto change to https.  The web app generated this during a POST and because of the protocol mix up it didn't work.  Once we changed it to https it worked fine.  Not sure why it was not auto switched over to https as I can manually type the URL and it get switched https ok.  Anyways I got it resolved.
0
 

Author Closing Comment

by:sparticuz13
ID: 40262647
It turned out to be an issue with our webapp and nothing related to HAPROXY.
0

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What You Need to Know when Searching for a Webhost Provider
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question