View Single Post
  #5  
Old 6th April 2012, 11:48
mansonthomas mansonthomas is offline
Junior Member
 
Join Date: Mar 2012
Posts: 4
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Willy,

thanks for your reply.

So I should add

"option http-server-close"
after the listen instruction ? (for both http & https ?)
(I didn't have option http-close in my setup... )

I've seen while googling this option that one can add "mode http".
I don't have it in my current setup, could this be the root of the issue ?
(well after reading this : http://code.google.com/p/haproxy-docs/wiki/mode I don't think so)

And about Stunnel, I sould put something else that TIMEOUTclose = 0?
like 60 seconds?

==> your post + some googling is really rewarding

Stunnel :
Code:
debug = 7
output = /var/log/stunnel4/extranet.service.com_stunnel.log
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/extranet.service.com.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1


[extranet.service.com]
key           = /etc/stunnel/sites/extranet.service.com/extranet.service.com.key
cert          = /etc/stunnel/sites/extranet.service.com/extranet.service.com.crt
accept        = 8.90.17.4:443
connect       = 127.0.0.1:82

sslVersion = SSLv3
TIMEOUTclose  = 0

HAProxy:
Code:
# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
  log      127.0.0.1  local0
  log      127.0.0.1  local1 notice
  #log loghost  local0 info
# default value of maxcon overrided because of the Error 502 issue due to prestashop large header
# maxconn  4096
  #chroot /usr/share/haproxy
  user     haproxy
  group    haproxy
  daemon
#Probleme d'erreur 502 avec prestashop (valeur par défaut : 16384)
  tune.bufsize 65536
#maxcon(default = 4096) *4 : as we increase the bufsize*2 (according to the documentation maxcon should be increased by the same multiplier we used for bufsize (compared to its initiale value)
  maxconn  16384
  #debug
  #quiet

defaults
  log         global
  mode        http
  option      httplog
  option      dontlognull
  retries     3
  option      redispatch
  maxconn     2000
  contimeout  5000
  clitimeout  50000
  srvtimeout  50000

listen    dedibox_cluster1 0.0.0.0:80
  stats   enable
  stats   auth user:pwd  cookie  SERVERID insert indirect nocache
  balance roundrobin
  server  s1.monsite.com 8.91.02.7:80 cookie app1inst1 check inter 2000 rise 2 fall 5
  server  s2.monsite.com 8.91.8.2:80  cookie app1inst2 check inter 2000 rise 2 fall 5

#instance pour le https
listen    dedibox_cluster1_https 127.0.0.1:82
  stats   enable
  stats   auth user:pwd
  cookie  SERVERID insert indirect nocache
  balance roundrobin
  server  s1.monsite.com 8.91.02.7:80 cookie app1inst1 check inter 2000 rise 2 fall 5
  server  s2.monsite.com 8.91.8.2:80  cookie app1inst2 check inter 2000 rise 2 fall 5


  #errorloc 502 http://192.168.114.58/error502.html
  #errorfile  503 /etc/haproxy/errors/503.http
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
Thanks for your help !
I didn't get much replies on stunnel mailing list and was a bit desperate
Thomas.
Reply With Quote