tag:blogger.com,1999:blog-9238405.post9043258068197010832..comments2024-03-18T02:04:50.380-07:00Comments on Agile Testing: Load Balancing in Amazon EC2 with HAProxyGrig Gheorghiuhttp://www.blogger.com/profile/17863511617654196370noreply@blogger.comBlogger25125tag:blogger.com,1999:blog-9238405.post-384780520549179382011-11-09T22:56:27.385-08:002011-11-09T22:56:27.385-08:00To get the X-Forwarded-For (XFF) HTTP header field...To get the X-Forwarded-For (XFF) HTTP header field on the backend you'll need to insert it before the request is sent to haproxy. Most methods of this doing this involve terminating ssl wtih nginx,apache,stunnel or stud. Then passing the unencrypted connection with the modified headers to haproxy.<br /><br />I'd like to have full ssl from client to backend, <br />This would involve encrypting after the header is modified.Edwinhttp://edwin.ionoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-87232061558550244762011-10-18T05:41:39.893-07:002011-10-18T05:41:39.893-07:00You cannot hack SSL support using "tcp" ...You cannot hack SSL support using "tcp" mode as you have listed here. TCP mode is only meant for things that use a persistent connection, like IMAP, RDP, etc... It is not meant to be used with SSL, and if it even works at all you still cannot use any of the other haproxy features such as session sticky and any sort of header injections. The haproxy web site specifically says it does not support SSL, and providing this hack which does not work only serves to confuse people who really wish it did.orevhttps://www.blogger.com/profile/00246945656519361005noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-42722801830960312772011-10-18T05:41:18.685-07:002011-10-18T05:41:18.685-07:00You cannot hack SSL support using "tcp" ...You cannot hack SSL support using "tcp" mode as you have listed here. TCP mode is only meant for things that use a persistent connection, like IMAP, RDP, etc... It is not meant to be used with SSL, and if it even works at all you still cannot use any of the other haproxy features such as session sticky and any sort of header injections. The haproxy web site specifically says it does not support SSL, and providing this hack which does not work only serves to confuse people who really wish it did.orevhttps://www.blogger.com/profile/00246945656519361005noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-60466748287528236692011-02-07T02:24:31.043-08:002011-02-07T02:24:31.043-08:00I have used HAproxy and i'm impressed with the...I have used HAproxy and i'm impressed with the High Availability handling.Parryhttp://www.xgate.com.hknoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-16036607253822972372010-08-31T03:24:06.613-07:002010-08-31T03:24:06.613-07:00Blatant advert but: We use the latest version of H...Blatant advert but: We use the latest version of HAProxy in our Loadbalancer.org EC2 VA. You can set up SSL termination, source IP or cookie persistence and URL rules etc. Before we do a full on launch we are looking for beta testers , who will then get a free license for life...You can find all the information on our blog entry here <a href="http://blog.loadbalancer.org/ec2-load-balancer-appliance-rocks-and-its-free-for-now-anyway/" rel="nofollow">EC2 load balancing appliance</a>. Thanks for the great blog.Malcolm Turnbullhttps://www.blogger.com/profile/07928494894235016660noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-3110788891182434402010-07-21T03:34:03.762-07:002010-07-21T03:34:03.762-07:00Thanks a lot
!Thanks a lot<br />!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-43819828552135252010-06-09T13:43:03.402-07:002010-06-09T13:43:03.402-07:00Hi, a GREAT THANX for this article from me. I woul...Hi, a GREAT THANX for this article from me. I wouldn't say it saved my life, but<br />it was quite close... :-)<br /><br />You just had the few important lines in your example that got me going in 10 Minutes and did exactly what i / my customer needed.<br /><br />karl nabbAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-46320447414585050212010-05-11T05:20:57.595-07:002010-05-11T05:20:57.595-07:00Thanx a lot :) very helpful guide.
:)Thanx a lot :) very helpful guide.<br />:)Unknownhttps://www.blogger.com/profile/05064995037305046679noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-66809411589055504462010-01-28T04:24:37.934-08:002010-01-28T04:24:37.934-08:00The Zeus Traffic Manager is also now available on ...The Zeus Traffic Manager is also now available on EC2 through DevPay at an hourly rate.<br /><br />http://www.zeus.com/downloads/developers/ec2/ <br /><br />NickFrintonboyhttp://knowledgehub.zeus.comnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-69524248877129041752010-01-25T07:29:48.330-08:002010-01-25T07:29:48.330-08:00It was extremely interesting for me to read this a...It was extremely interesting for me to read this article. Thanks for it. I like such topics and anything connected to this matter. I definitely want to read more on that blog soon.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-9380997805332311552009-10-20T08:54:04.039-07:002009-10-20T08:54:04.039-07:00I've setted haproxy on a med (high cpu instanc...I've setted haproxy on a med (high cpu instance) and is not working for me..<br /><br />i get<br />503 Service Unavailable<br />No server is available to handle this request. <br /><br />every single time i try to load something on the balancer... even the stats give me the error.<br /><br />here is my config file<br /># this config needs haproxy-1.1.28 or haproxy-1.2.1<br /><br />global<br /> #log 127.0.0.1 local0<br /> log 127.0.0.1 local1 notice<br /> log 127.0.0.1 local0 info<br /> maxconn 4096<br /> chroot /var/lib/haproxy<br /> user haproxy<br /> group haproxy<br /> daemon<br /> #debug<br /> #quiet<br /><br />defaults<br /> log global<br /> mode http<br /> option httplog<br /> option dontlognull<br /> retries 3<br /> option redispatch<br /> maxconn 2000<br /> contimeout 5000<br /> clitimeout 50000<br /> srvtimeout 50000<br /><br />frontend myfrontend *:80<br /> log global<br /> option forwardfor<br /> acl acl_1 url_sub haproxy<br /> use_backend farm_1 if acl_1<br /><br />backend farm_1<br /> balance roundrobin<br /> option httpclose<br /> stats enable<br /> stats auth avetti:demo1234<br /> server server1 XX.YY.ZZZ.101:80 check<br /> server server2 XX.YY.ZZZ.102:80 checkplebhttps://www.blogger.com/profile/01369027150835726900noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-64929386526133932902009-10-11T12:40:50.858-07:002009-10-11T12:40:50.858-07:00How do you do transparent reverse proxy with IP en...How do you do transparent reverse proxy with IP encapsulation? That comment intrigued me. You can put HAProxy in TPROXY mode (as long as the load balancer is in the return path of the traffic) But that would require some interesting routing on the real servers in an EC2 cloud app. At www.Loadbalancer.org we have developed an <b>EC2 appliance</b> based on HAProxy (currently in Beta) drop us an email if you want to try it out.Malcolm Turnbullhttps://www.blogger.com/profile/07928494894235016660noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-46154279685246494332009-10-07T15:19:06.820-07:002009-10-07T15:19:06.820-07:00Shlomo -- see another post of mine (http://agilete...Shlomo -- see another post of mine (http://agiletesting.blogspot.com/2009/03/haproxy-and-apache-performance-tuning.html) for performance tuning tips. I haven't seen the bottleneck you mentioned.<br /><br />GrigGrig Gheorghiuhttps://www.blogger.com/profile/17863511617654196370noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-5651822839852445412009-10-07T14:54:21.842-07:002009-10-07T14:54:21.842-07:00I set up HAProxy on a c1.xlarge EC2 instance, set ...I set up HAProxy on a c1.xlarge EC2 instance, set up 25000 maxconn, and set it to ulimit fileno 819200.<br /><br />Even hitting it with three other c1.xlarge instances generating constant traffic from 500 threads each I was only able to get the HAProxy machine to pump 5.5 MB per second through the network. Adding any additional back-end instances had no effect - the limit seemed to be the network connection on the LB.<br /><br />Does this jive with your experience, or is there something else I should check out about my configuration to see if I'm artificially limiting the rate?Shlomohttps://www.blogger.com/profile/10469902663120418195noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-2330785054721819482009-08-31T13:50:15.377-07:002009-08-31T13:50:15.377-07:00"One issue with load balancers and reverse pr..."One issue with load balancers and reverse proxies is that the backend servers will see traffic as always originating from the IP address of the LB or reverse proxy."<br /><br />This is incorrect. When using IP-in-IP encapsulation or transparent (layer 2) load balancing, the webserver sees the real IP. Inserting an XFF header adds work to the load balancer, and (e.g.) may affect your applications, so it's not really a great solution.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-6566965727333727552009-04-08T10:56:00.000-07:002009-04-08T10:56:00.000-07:00Dave -- generating the haproxy.cfg file automatica...Dave -- generating the haproxy.cfg file automatically is on my TODO list. For now I add the servers manually in the config file.Grig Gheorghiuhttps://www.blogger.com/profile/17863511617654196370noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-11244176497142071142009-04-08T10:54:00.000-07:002009-04-08T10:54:00.000-07:00How do you add new web servers to the config on th...How do you add new web servers to the config on the fly automatically as you scale your web tier?Davehttp://tech.mangot.com/noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-13857497341956672672009-03-18T10:40:00.000-07:002009-03-18T10:40:00.000-07:00Alex -- I haven't tried doing the X-Forward-For wi...Alex -- I haven't tried doing the X-Forward-For with SSL yet. <BR/><BR/>GrigGrig Gheorghiuhttps://www.blogger.com/profile/17863511617654196370noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-86916452347158330232009-03-18T10:20:00.000-07:002009-03-18T10:20:00.000-07:00I'm curious to know how you retain the source IP a...I'm curious to know how you retain the source IP address through SSL with haproxy. I've done 500000 different configurations and determined that it's not possible.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-25607350234189132912009-02-28T15:01:00.000-08:002009-02-28T15:01:00.000-08:001.3.14.6-1.el5, as given in you example does not h...1.3.14.6-1.el5, as given in you example does not have a leastconn mode, you need 1.3.15 or higher... just for those who might be confused by that.Catherinehttps://www.blogger.com/profile/14959492838026107508noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-16503889271341644052009-02-10T04:18:00.000-08:002009-02-10T04:18:00.000-08:00hi good post..but have you also tried any perform...hi good post..but have you also tried any performance testing using multiple instancesaparnahttps://www.blogger.com/profile/14359084128724027645noreply@blogger.comtag:blogger.com,1999:blog-9238405.post-11387877280266527262009-02-09T08:03:00.000-08:002009-02-09T08:03:00.000-08:00I know a number of people who are very happy using...I know a number of people who are very happy using <A HREF="http://www.trybuysoftware.co.uk/7186/details-load-balance.html" REL="nofollow">'Load Balance 9.1'</A>. Pick it up at www.TryBuySoftware.co.ukAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-54707597913102545102009-02-06T06:44:00.000-08:002009-02-06T06:44:00.000-08:00Yes, and Zeus ZXTM is now available on the Joyent ...Yes, and Zeus ZXTM is now available on the Joyent cloud: http://www.joyent.com/accelerator/zeus-accelerator/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-819432688229881292009-02-06T00:00:00.000-08:002009-02-06T00:00:00.000-08:00HAProxy is under active development and it is cons...HAProxy is under active development and it is constantly being perfected (I have uncovered an issue recently and being present on the mailing list just shows how much activity there is). Point being, if you are using it in production then I would suggest not to lock yourself to your distributions version and to install the latest, and keep up with updates. There have been a lot of good stuff in the latest 1.3.15+ branch.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9238405.post-34710376747907462072009-02-05T01:38:00.000-08:002009-02-05T01:38:00.000-08:00Have you tried anyother software loadbalancers? (s...Have you tried anyother software loadbalancers? (shameless plug) our ZXTM product goes quite a bit further in terms of capability, compared to HAProxy. Take a look http://www.zeus.com ...<BR/><BR/>NickAnonymousnoreply@blogger.com