In order to test every possible solution to get Socket.io working with a parallel Apache installation, I have now installed HAproxy that listens on port 80. It proxies everything to Apache, unless the hostname equals io.server.com.
We have two IPs connected to our server: 1 is for SSL, the other for all the NON-SSL subdomains we have. I have created the io.server.com subdomain to point to that NON-SSL IP-address. However, the following this occurs:
A visit to regular_http.server.com results in Apache handling that sub domain (OK)
A visit to io.server.com results in "Welcome to Socket.io" (OK)
Next visit to regular_http.example.com results in "Welcome to Socket.io"
Why is HAproxy sending requests from a subdomain not configured to go to Socket.io, to Socket.io ?
Yes, the two sub domains share the IP, but is HAproxy really proxying the whole IP under one? What is then the point with setting up ACLs based on host name?
Here's my configuration:
global
daemon
maxconn 4096
user haproxy
group haproxy
defaults
log global
#this frontend interface receives the incoming http requests
frontend http-in
mode http
bind *:80
timeout client 86400000
#default behavior sends the requests to apache
default_backend www_backend
#when "io.test.tld" is matched, an acl I call arbitrarily
# "websocket" triggers
acl websocket hdr_end(host) -i io.server.com
use_backend node_backend if websocket
Thank you!
This problem was solved using the option http-server-close configuration value in HAproxy.
Related
I am having a hard time trying to get the authentication working from Nginx through a Haproxy for load balancing. I had the configurations written for haproxy.cfg and nginx.conf as shown below respectively. The Haproxy is in front of my nginx server. I was able to get a prompt for username and password when I hit the haproxy server, however when hit enter after filling up the username and password, it returns "403 Forbidden" as a response on the web page.
Does anyone know what could be the correct configuration settings for the haproxy.cfg? Or perhaps a solution? Thanks in advance!!
HAPROXY.cfg
global
daemon
maxconn 256
defaults
mode tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
balance roundrobin
server server1 http://mynginx.test.com:9090 maxconn 32
NGINX.conf
location /myapp {
auth_gss on;
auth_gss_allow_basic_fallback off
auth_gss_keytab /etc/krb5.keytab
proxy_pass http://192.168.1.100:8080/link/;
}
Found the solution. The reason for the 403 forbidden error is because of my keytab. I need to regenerate a new one use by the haproxy instead of nginx. However, I'm getting 'Access-Control-Allow-Origin'. Could anybody enlighten?
How can I put a docker between the web requests and my web server (in order to analyse and block requests)? I found morbz/docker-web-redirect docker, but it seems that it is not enough for this task.
I'd recommend using nginx as reverse proxy, or better haproxy:
https://hub.docker.com/_/haproxy/
You have to configure haproxy container to listen to port 80 on the host, then direct traffic to your proxied web server.
Haproxy ACLS might be of your interest: How to route traffic (reverse Proxy) with HAProxy based on request body
Here we are using haproxy for the redirection of HTTP to https, at backend we use the gateway. here gateway having already ssl certificate we redirected to it directly through HAProxy.
We have 2 URL one hit on port 80 and 2nd hit on port 8080 what are the possible conditions required for that have tried all possibilities. without using SSL it's working but regarding to the SSL it can't work it only work on 443 and its only applicable to the port 80 not getting assign to others.
I have a very cheap VPS with the IP 123.123.123.123 which listens on these ports: 7000, 7001, ... 7020. Apache listens on port 7010. Then I can access my website with http://123.123.123.123:7010.
As this is a shared IP, I cannot listen on port 80 myself with my VPS: I only have access to 7000 ... 7020.
I have registered a domain mydomain1.com by a domain provider and I'm using their nameservers.
How to set up the DNS records such that any user going on http://www.mydomain1.com will be transparantly directed to my website, with Apache ? (the browser will probably default to port 80, is that right?)
I initially thought about such a DNS record:
Name TTL Type Priority Content
*.mydomain1.com 3600 A 0 123.123.123.123
but then, I think I would have to access the website with http://www.mydomain1.com:7010 (which is not nice) and not http://www.mydomain1.com (which would be better).
Unfortunately you cannot specify ports on DNS records. The only way to make it work as you expect is to have a reverse proxy running elsewhere (nginx, haproxy), listening on port 80, and then forward traffic to your server.
Some useful information about HTTP proxying with nginx:
What is a reverse proxy?
Configuring nginx as a reverse proxy for apache
I have configured haproxy to redirect the path "/rawman" to port 8080 on my server. It works the first time, but as soon as I visit the default site it stops working. The default site is running on apache with mod_rewrite and it is catching invalid requests (using codeigniter) so instead of seeing the redirected site when I visit http://mysite.com/rawman?foo=bar I see the default site.
This is my haproxy config:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend http_proxy
bind 0.0.0.0:8090
acl is_ast path_beg /rawman
use_backend ast if is_ast
default_backend mysite
backend ast
server ast 0.0.0.0:8080
backend mysite
server local 0.0.0.0:80
Try setting option httpclose after the srvtimeout line.
If you don't do that then haproxy uses the target server's keepalive setting. Once you visit the main site the connection is opened and kept open, and on your next request haproxy goes oh isn't that nice: I have an open connection. Lets just use it even though it shouldn't. With the httpclose option set it always closes the connection, ensuring that each new request uses the right connection.
Lost 3 hours of my life figuring that out.