I'm currently using node spdy to serve files. This works beautifully.
However I would like to use HAproxy to load balance amongst these node servers. But when my node/spdy server is behind HAproxy, request.isSpdy is false... so spdy is all of a sudden not supported?
Here's my HAproxy configuration:
global
maxconn 4096
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http_proxy
mode http
bind *:80
redirect prefix https://awesome.com code 301
frontend https_proxy
mode tcp
bind *:443
default_backend webservers
backend webservers
balance source
server server1 127.0.0.1:10443 maxconn 4096
# server server2 127.0.0.1:10444 maxconn 4096
Thanks!
You can't use HAProxy's HTTP load balancing mechanism with SPDY. First, you need to use the latest development branch to enable support for NPN (and hence SPDY), and after that, you will have to configure it to run closer to simple TCP load-balancing mode -- HAProxy does not understand SPDY.
For an example HAProxy + SPDY config script, see here:
http://www.igvita.com/2012/10/31/simple-spdy-and-npn-negotiation-with-haproxy/
I ran into this same issue. Instead of using spdy, I went back to using express and made haproxy use the http/2 protocol.
frontend http-in
bind *:80
mode http
redirect scheme https code 301
frontend https-in
mode http
bind *:443 ssl crt /path/to/cert.pem alpn h2,http/1.1
the key here is this part alpn h2,http/1.1
Related
My base case is that my Meteor App runs perfectly on Opsworks.
I do a Meteor build, tweak the files and all is good (without HTTPS/SSL). I am not using METEORUP. I just upload my tweaked build file and deploy on opsworks.
Also, I am using the out of the box Opsworks HAPROXY loadbalancer.
I then install the SSL certificates for my app and set Meteor to list on PORT=443 as per screenshot:
In the browser, I see:
503 Service Unavailable
No server is available to handle this request.
In the log files I see:
Mar 8 03:22:51 nodejs-app1 monit[2216]: 'node_web_app_buzzy' start: /bin/bash
Mar 8 03:23:51 nodejs-app1 monit[2216]: 'node_web_app_buzzy' failed, cannot ope
n a connection to INET[127.0.0.1:443/] via TCPSSL
Any ideas welcome
Your HAproxy configuration is expecting meteor/node to respond with SSL.
It should instead, terminate SSL and talking to node/meteor in plain HTTP. This is because, meteor doesn't do SSL ; it expects a server in front to handle it.
Solution:
Update the frontend https-in section to terminate ssl and redirect to the http backend
defaults
#... add this line to enable the `X-Forwarded-For` header
option forwardfor
# ...
# .... update this section ...
frontend https-in
mode tcp
# this bit causes HAProxy to talk TLS rather than just forward the connection
bind :443 ssl crt /path/to/your/certificate
reqadd X-Forwarded-Proto:\ https
# now direct it to your plain HTTP application
acl nodejs_application_buzzy_domain_buzzy hdr_end(host) -i buzzy
use_backend nodejs_app_servers if nodejs_application_buzzy_domain_buzzy
I am trying to configure HAProxy on OpenShift to achieve following URL based routing.
when I am trying to restart my app, I am getting following error in HAProxy log
Starting frontend http-in: cannot bind socket
Following are the changes I made to haproxy.cfg, in addition I have also added "user nobody" to global section. What am I doing wrong? I am new to HAProxy, so I believe it might be very basic thing I am missing.
frontend http-in
bind :80
acl is_blog url_beg /blog
use_backend blog_gear if is_blog
default_backend website_gear
backend blog_gear
mode http
balance roundrobin
option httpchk
option forwardfor
server WEB1 nodejs-realspace.rhcloud.com weight 1 maxconn 512 check
backend website_gear
mode http
balance roundrobin
option httpchk
option forwardfor
server WEB2 website-realspace.rhcloud.com weight 1 maxconn 512 check
To note a few problems with your configuration.
The first problem in your configuration is that you should listen on port 8080.
Ports 80, 443, 8000 an 8443 on the outside will be redirected to port 8080 on your gear.
Second website-realspace.rhcloud.com is probably the external name of your gear that also hosts your HAProxy. This means that you have created a loop.
To acces your nodejs app you'll need to use the 127.a.b.c address assigned to your gear.
Also your nodejs app should most likely cannot listen on the same port as your HAProxy.
I've got a server setup in NodeJS which looks like the picture below:
Now what i want to do two things which seem to be possible with HAProxy:
To only use one port no matter what server a client wants to access. I want to use the external port 8080 for all non SSL
traffic. (All SSL traffic should use the port 443)
Enable SSL on the SockJS Server and the Express Server.
Please not that all my servers are running on the same instance on an amazon ec2. So i want to internally route the traffic.
This is my haproxy.cfg so far:
mode http
# Set timeouts to your needs
timeout client 10s
timeout connect 10s
timeout server 10s
frontend all 0.0.0.0:8080
mode http
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
backend sockjs
# Load-balance according to hash created from first two
# directories in url path. For example requests going to /1/
# should be handled by single server (assuming resource prefix is
# one-level deep, like "/echo").
balance uri depth 2
timeout server 120s
server srv_sockjs1 127.0.0.1:8081
backend express
balance roundrobin
server srv_static 127.0.0.1:8008
backend stats
stats uri /stats
stats enable
Cant figure out how to route the SSL and the traffic to the TCP Server (8080 internal port)
Any ideas?
Your setup is kinda hard to understand (for me). If I understand your goals correctly, you want to serve your web service through SSL hence port 443. And from 443, connect to port 8080 (internally). If that is the case then the following configuration might be what you are looking for. It does not really use port 8080 but instead it connects directly to your express backend. You don't really need to have port 8080 exposed (unless you have special reasons for doing so) because you can just use the backend servers directly inside the frontend section.
Note that this only works for HAProxy 1.5+, if you are using older version of HAProxy, you should put something to tunnel the SSL connection before it reaches HAProxy (But I strongly suggest 1.5 because it makes your setup less complex)
frontend ssl
bind *:443 ssl crt /path/to/cert.pem ca-file /path/to/cert.pem
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
I've been trying for hours and have read what this site and the internet have to offer. I just can't quite seem to get Socket.IO to work properly here. I know nginx by default can't handle Socket.IO however, HAproxy can. I want nginx to serve the Node apps through unix sockets and that works great. Each have a sub directory location set by nginx, however, now I need Socket.IO for the last app and I'm at a loss of configuring at this point.
I have the latest socket.io, HAproxy 1.4.8 and nginx 1.2.1. Running ubuntu.
So reiterating, I need to get socket.io working though nginx to a node app in a subdirectory, ex: localhost/app/.
Diagram:
WEB => HAproxy => Nginx => {/app1 app1, /app2 app2, /app3 app3}
Let me now if I can offer anything else!
There is no reason to get "get socket.io working though nginx". Instead you just route HAProxy directly to Socket.IO (without Nginx in the middle).
I recommend you checkout the following links:
https://gist.github.com/1014904
http://blog.mixu.net/2011/08/13/nginx-websockets-ssl-and-socket-io-deployment/
You could use Haproxy on port 80 to front several node.js apps running on different ports.
E.g.
URL:80/app1 -> haproxy -> node app1:8080
URL:80/app2 -> haproxy -> node app2:8081
URL:80/app3 -> haproxy -> node app3:8083
UPDATE:
The following is an example HAPROXY configuration that routes requests made to http://server:80/hello to localhost:20001 and http://server:80/echo to localhost:20002
backend hello
server hellosvr 127.0.0.1:20002
backend echo
server echosvr 127.0.0.1:20001
frontend http_in
option httpclose
option forwardfor except 127.0.0.1 # stunnel already adds the header
bind *:80
acl rec_hello path_beg /hello/
use_backend hello if rec_hello
acl rec_echo path_beg /echo
use_backend echo if rec_echo
I use node.js and socket.io.
I have an application that runs on the IP address: 31.31.69.79:3000
I have a domain name: zkus.eu - I want to redirect this domain to this ip: 31.31.69.79:3000
How do I set haproxy config (haproxy.cfg)?
There are several examples on the haproxy site: http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
That said, a fairly minimal config (taken from the examples on that page) is:
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen http-in
bind *:80
server server1 127.0.0.1:3000 maxconn 32