2012/1/9 iLXQ {IPICIN <chipits...@gmail.com>:
> Hello! Can you provide relays configuration as well as haproxy
> configuration?
Here's our relayd and haproxy configs as well as a dmesg, maybe this
will be helpful.
Regards,
---Gordon
# relayd.conf
#
# Macros
#
ext_ssl_listener="127.0.0.1"
int_ssl_listener="127.0.0.2"
haproxy_listener="127.0.0.1"
web1="10.210.0.11"
web2="10.210.0.12"
web3="10.210.0.13"
web4="10.210.0.14"
app1="10.211.0.11"
app2="10.211.0.12"
app3="10.211.0.13"
app4="10.211.0.14"
#
# Global Options
#
interval 3
prefork 10
# No lower, this needs to cover a complete SSL handshake over high-latency
# connections (several hundred ms best case).
timeout 2000
#
# Each table will be mapped to a pf table.
#
table <haproxy> { $haproxy_listener }
table <webhosts> { $web1 $web2 $web3 $web4 }
table <apphosts> { $app1 $app2 $app3 $app4}
#
# Protocol and relays for SSL acceleration. Decrypted traffic is forwarded
# to haproxy listening on a loopback IP.
#
http protocol http_ssl {
# Rewrite headers. 'X-Forwarded-For' is critical, any client-provided
# value must be overwritten.
header change "X-Forwarded-For" to "$REMOTE_ADDR"
header change "X-Forwarded-By" to "$SERVER_ADDR:$SERVER_PORT"
header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
ssl session cache disable
}
relay ext_ssl {
listen on $ext_ssl_listener port 443 ssl
protocol http_ssl
# Long timeout (30 min) required for large file uploads
session timeout 1800
forward to <haproxy> port 8080 check script
"/usr/local/bin/check_haproxy_ext.sh"
# If haproxy is dead, carry on by sending traffic directly
forward to <webhosts> port 8080 mode roundrobin interval 6 \
check http "/check.html" code 200
}
relay int_ssl {
listen on $int_ssl_listener port 443 ssl
protocol http_ssl
# Long timeout (30 min) required for large file uploads
session timeout 1800
forward to <haproxy> port 8081 check script
"/usr/local/bin/check_haproxy_int.sh"
# If haproxy is dead, carry on by sending traffic directly
forward to <apphosts> port 8080 mode roundrobin interval 6 \
check http "/check.html" code 200
# haproxy.cfg
global
log /dev/log daemon
maxconn 10240
chroot /var/haproxy
uid 604
gid 604
daemon
#spread-checks 3
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.sock group _relayd mode 664 level admin
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
retries 3
#maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 180s
stats enable
stats hide-version
stats auth admin:<passwd>
stats refresh 10
frontend external_ssl
bind 127.0.0.1:8080
acl root_url url_reg ^/$
redirect location /index.html if root_url
capture request header X-Forwarded-For len 15
capture request header Content-Length len 12
capture response header Content-Length len 12
capture response header Cache-Control len 8
default_backend web
frontend internal_ssl
bind 127.0.0.1:8081
acl root_url url_reg ^/$
redirect location /admin.html if root_url
capture request header X-Forwarded-For len 15
capture request header Content-Length len 12
capture response header Content-Length len 12
capture response header Cache-Control len 8
default_backend app
frontend external_clear
bind 10.200.0.1:80
reqidel ^X-Forwarded-For:.*
acl clear dst_port 80
redirect location https://www.example.com/ if clear
default_backend web
backend web
# Backend to service 'external' traffic
id 254
source 10.210.0.1
# Add 'X-Forwarded-For' header for all connections except those from
relayd
option forwardfor except 127.0.0.0/8
option httpclose
option httpchk /check.html
balance roundrobin
server web01 10.210.0.11:8080 check inter 2s rise 1 fall 2
server web02 10.210.0.12:8080 check inter 2s rise 1 fall 2
server web03 10.210.0.13:8080 check inter 2s rise 1 fall 2
server web04 10.210.0.14:8080 check inter 2s rise 1 fall 2
backend app
# Backend to service 'internal' traffic
id 255
source 10.211.0.1
# Add 'X-Forwarded-For' header for all connections except those from
relayd
option forwardfor except 127.0.0.0/8
option httpclose
option httpchk /check.html
balance roundrobin
server app01 10.211.0.11:8080 check inter 2s rise 1 fall 2
server app02 10.211.0.12:8080 check inter 2s rise 1 fall 2
server app03 10.211.0.13:8080 check inter 2s rise 1 fall 2
server app04 10.211.0.14:8080 check inter 2s rise 1 fall 2
# dmesg
OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3748134912 (3574MB)
avail mem = 3634339840 (3465MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (34 entries)
bios0: vendor American Megatrends Inc. version "2.0" date 09/17/10
bios0: Supermicro X8STi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT EINJ BERT ERST HEST
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4)
USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4)
GBE_(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4)
NPE1(S4) NPE2(S4) NPE3(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE7(S4)
NPE8(S4) NPE9(S4) NPEA(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.42 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu4: 256KB 64b/line 8-way L2 cache
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu5: 256KB 64b/line 8-way L2 cache
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu6: 256KB 64b/line 8-way L2 cache
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2800.00 MHz
cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu7: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 9 (P0P1)
acpiprt2 at acpi0: bus -1 (P0P4)
acpiprt3 at acpi0: bus -1 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpiprt8 at acpi0: bus 1 (NPE1)
acpiprt9 at acpi0: bus 2 (NPE2)
acpiprt10 at acpi0: bus 3 (NPE3)
acpiprt11 at acpi0: bus -1 (NPE4)
acpiprt12 at acpi0: bus -1 (NPE5)
acpiprt13 at acpi0: bus -1 (NPE6)
acpiprt14 at acpi0: bus 7 (NPE7)
acpiprt15 at acpi0: bus -1 (NPE8)
acpiprt16 at acpi0: bus 8 (NPE9)
acpiprt17 at acpi0: bus -1 (NPEA)
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpicpu4 at acpi0: C3, C1, PSS
acpicpu5 at acpi0: C3, C1, PSS
acpicpu6 at acpi0: C3, C1, PSS
acpicpu7 at acpi0: C3, C1, PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2800 MHz: speeds: 2801, 2800, 2667, 2533,
2400, 2267, 2133, 2000, 1867, 1733, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel X58 Host" rev 0x22
ppb0 at pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x22
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00:
apic 8 int 16 (irq 15), address 00:25:90:22:19:58
ppb1 at pci0 dev 2 function 0 "Intel X58 PCIE" rev 0x22
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00:
apic 8 int 16 (irq 15), address 00:25:90:22:19:59
ppb2 at pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x22
pci3 at ppb2 bus 3
ppb3 at pci3 dev 0 function 0 "IDT 89HPES12N3A" rev 0x0e
pci4 at ppb3 bus 4
ppb4 at pci4 dev 2 function 0 "IDT 89HPES12N3A" rev 0x0e
pci5 at ppb4 bus 5
em2 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev 0x06:
apic 8 int 19 (irq 11), address 00:15:17:e8:c9:a5
em3 at pci5 dev 0 function 1 "Intel PRO/1000 QP (82571EB)" rev 0x06:
apic 8 int 18 (irq 10), address 00:15:17:e8:c9:a4
ppb5 at pci4 dev 4 function 0 "IDT 89HPES12N3A" rev 0x0e
pci6 at ppb5 bus 6
em4 at pci6 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev 0x06:
apic 8 int 17 (irq 14), address 00:15:17:e8:c9:a7
em5 at pci6 dev 0 function 1 "Intel PRO/1000 QP (82571EB)" rev 0x06:
apic 8 int 16 (irq 15), address 00:15:17:e8:c9:a6
ppb6 at pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x22
pci7 at ppb6 bus 7
ppb7 at pci0 dev 9 function 0 "Intel X58 PCIE" rev 0x22
pci8 at ppb7 bus 8
"Intel X58 Misc" rev 0x22 at pci0 dev 20 function 0 not configured
"Intel X58 GPIO" rev 0x22 at pci0 dev 20 function 1 not configured
"Intel X58 RAS" rev 0x22 at pci0 dev 20 function 2 not configured
"Intel X58 Throttle" rev 0x22 at pci0 dev 20 function 3 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 0 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 1 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 2 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 3 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 4 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 5 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 6 not configured
"Intel X58 QuickData" rev 0x22 at pci0 dev 22 function 7 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801JI USB" rev 0x00: apic 8
int 16 (irq 15)
uhci1 at pci0 dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8
int 21 (irq 7)
uhci2 at pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8
int 19 (irq 11)
ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8
int 18 (irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
uhci3 at pci0 dev 29 function 0 "Intel 82801JI USB" rev 0x00: apic 8
int 23 (irq 10)
uhci4 at pci0 dev 29 function 1 "Intel 82801JI USB" rev 0x00: apic 8
int 19 (irq 11)
uhci5 at pci0 dev 29 function 2 "Intel 82801JI USB" rev 0x00: apic 8
int 18 (irq 10)
ehci1 at pci0 dev 29 function 7 "Intel 82801JI USB" rev 0x00: apic 8
int 23 (irq 10)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb8 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x90
pci9 at ppb8 bus 9
vga1 at pci9 dev 4 function 0 "Matrox MGA G200eW" rev 0x0a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 31 function 0 "Intel 82801JIR LPC" rev 0x00
pciide0 at pci0 dev 31 function 2 "Intel 82801JI SATA" rev 0x00: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 8 int 19 (irq 11) for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: <INTEL SSDSA2M080G2GC>
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 "Intel 82801JI SMBus" rev 0x00: apic
8 int 18 (irq 10)
iic0 at ichiic0
"w83795g" at iic0 addr 0x2e not configured
iic0: addr 0x2e 01=1d 02=3d 03=78 04=3c 05=01 06=3f 08=0f 0b=ff 10=93
12=c3 13=9f 14=de 15=b8 16=20 17=1d 1b=95 1c=87 1d=86 1e=87 1f=1d
20=20 21=2a 22=80 23=80 24=80 25=25 26=2e 2e=10 2f=ff 30=ff 31=ff
32=ff 33=ff 34=ff 35=ff 3d=ff 3e=ff 3f=ff 40=16 46=40 48=ff 49=7f
4a=7f 4b=fe 4c=fe 4d=7f 4e=3f 4f=ff 56=ff 57=ff 58=81 5a=03 61=80
62=80 6b=64 6c=64 6d=ff 6e=ff 6f=ff 70=c3 71=50 72=ba 73=4b 74=ce
75=a9 76=ca 77=8d 78=f9 79=cc 7a=be 7b=b1 7c=f9 7d=cc 7e=be 7f=b1
80=ff 82=ff 84=ff 86=e3 87=b9 88=98 89=7b 8a=98 8b=7b 8c=98 8d=7b
8e=ff 90=ff 92=3f 94=ff 96=7f 97=7f 98=7f 99=7f 9a=7f 9b=7f 9c=7f
9d=7f 9e=7f 9f=7f a0=7f a1=7f a2=7f a3=7f a4=7f a5=7f a6=4b a7=46
a8=7f a9=7f aa=7f ab=7f ac=7f ad=7f ae=64 af=5f b0=55 b1=50 b2=5f
b3=5c b4=5f b5=5c b6=76 b7=76 b8=76 b9=76 ba=76 bb=76 bc=76 bd=76
be=76 bf=76 c0=76 c1=76 c2=76 c3=76 c4=88 c5=88 c6=88 c7=88 c8=88
c9=88 ca=88 cb=ff cc=ff cd=ff ce=ff cf=ff d9=22 da=24 db=0a dc=60
df=14 e6=bb e7=c0 e8=09 e9=09 ea=09 eb=09 ec=09 ed=22 ee=22 ef=02
f0=ff f9=0f fa=ff fb=51 fc=ae fd=a3 fe=79 ff=50 words 00=00ff 01=1dff
02=3dff 03=78ff 04=3cff 05=01ff 06=3fff 07=00ff: w83795g
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600
pciide1 at pci0 dev 31 function 5 "Intel 82801JI SATA" rev 0x00: DMA,
channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using apic 8 int 19 (irq 11) for native-PCI interrupt
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627DHG-P rev 0x73
lm1 at wbsio0 port 0xca0/8: W83627DHG
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
carp4: state transition: BACKUP -> MASTER
carp5: state transition: BACKUP -> MASTER
carp0: state transition: BACKUP -> MASTER
carp1: state transition: BACKUP -> MASTER
carp2: state transition: BACKUP -> MASTER
carp3: state transition: BACKUP -> MASTER
