I'm using haproxy to loadbalance and get high availability of my (RESTFUL)API, the problem I'm facing is: I can't send REST requests to the API.
I mean haproxy does not support REST API by default and I've figured that I should configure an ACL to make it work, but I couldn't find anything about configuring RESTFUL Support and enabaling http rewrite rules for haproxy.
MY API is based on laravel framework.
For example If I hit 192.168.1.139/login I get 404 error message. the only route which is working is / Which shows the user "you are not logged in." message.
This is haproxy configuration :
listen http_front
bind *:80
mode http
stats enable
stats uri /haproxy?stats
option httpclose
option forwardfor
#acl api_exp hdr(host) -i domain_name.com
#use_backend api_servers if api_exp
default_backend api_servers
backend api_servers
balance roundrobin
server replica1 192.168.100.110:80 check
server replica2 192.168.100.111:80 check
It's a bit strange but I've solved my problem with this configuration :
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
timeout connect 5000
timeout client 100s
timeout server 100s
listen ha-www
bind 0.0.0.0:80
mode http
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
balance roundrobin
option httpclose
option forwardfor
server app-www-1 192.168.100.110:80 check
server app-www-2 192.168.100.111:80 check
Related
I'm trying to code a chat with Symfony 5 and Mercure, but I have some issues with the configuration. I work with Windows 10.
This is the documentation that I followed : https://github.com/dunglas/mercure/blob/main/docs/hub/install.md
I installed this version on my project: mercure_0.13.0_Windows_arm64.zip.
Then, I decompressed it, and right after in my terminal, I ran "composer require symfony/mercure".
This is in my .env:
# See https://symfony.com/doc/current/mercure.html#configuration
# The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
MERCURE_URL=:https://127.0.0.1:8000/.well-known/mercure
# The public URL of the Mercure hub, used by the browser to connect
MERCURE_PUBLIC_URL=https://127.0.0.1:8000/.well-known/mercure
# The secret used to sign the JWTs
MERCURE_JWT_SECRET="!ChangeMe!"
###< symfony/mercure-bundle ###```
Then I ran the Mercure server with this command line : ```$env:MERCURE_PUBLISHER_JWT_KEY='!ChangeMe!'; $env:MERCURE_SUBSCRIBER_JWT_KEY='!ChangeMe!'; .\mercure.exe run -config Caddyfile.dev```.
In my PowerShell, I have this :
```2021/11/16 01:39:58.029 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/11/16 01:39:58.029 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/11/16 01:39:58.111 INFO tls cleaning storage unit {"description": "FileStorage:C:\\Users\\toufi\\AppData\\Roaming\\Caddy"}
2021/11/16 01:39:58.113 INFO tls finished cleaning storage units
2021/11/16 01:39:58.134 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2021/11/16 01:39:58.135 INFO http enabling automatic TLS certificate management {"domains": ["localhost"]}
2021/11/16 01:39:58.136 WARN tls stapling OCSP {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate"}
2021/11/16 01:39:58.143 INFO autosaved config (load with --resume flag) {"file": "C:\\Users\\toufi\\AppData\\Roaming\\Caddy\\autosave.json"}
2021/11/16 01:39:58.143 INFO serving initial configuration```
It seems to run well, but in my browser when I run ```https://localhost/.well-known/mercure```,
I have :
```Not Found
The requested URL was not found on this server.
Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.4.25 Server at localhost Port 443```
Someone can help me because I don't know how to access to my Mercure server with my browser ?
Thank you very much
Hey ben you should try and run https://localhost:8000/.well-known/mercure in ur browser
instead of https://localhost/.well-known/mercure
Maybe you've allready figured out this problem in the last 3 months, but here are a thing it came to my mind.
You start Mercure 0.13 in dev mode (Caddyfile.dev) allowing to access the demo page.
(Btw I miss the log entry here which tells you, that the server uses the file specified by you, and should be something like {"level":"info","ts":1646214769.1484525,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile.dev","config_adapter":""}) You may want to open this demo page to see if Mercure works or not. The default url is https://localhost/.well-known/mercure/ui/. It may vary depending on your settings. It worth to try also with http.
You don't provide the SERVER_NAME env variable, so I assume caddy attempts to use 80 and 443 ports. Therefore https://127.0.0.1:8000 in symfony config won't work. And 80 might fail if there is already a web server running to provide access for symfony.
You can use SERVER_NAME=:8000 to launch mercure on port 8000, but in this case it will be only http, not https.
So, what I would do in your case, I would start mercure in dev mode, and check the demo page. If both http and https attempts fail, I would start mercure with additional SERVER_NAME (ex. 8000) and check http://localhost:8000/.well-known/mercure/ui/. If nothing goes wrong, one of them should work. And then you can proceed to configure symfony to use the mercury service.
I am using nodejs for serving my angular application, and artisan for my laravel API. I would like to let the angular app communicate with the API, but I can't make it work. As far as I know, I can't run both on the same port, as only one app can be run on a port, however, I can't run them on different ports because then my front end app would not be able to send request to the API. I tried to send the request to the server by localhost:8000/login (authentication) but as my front end runs on port 3000 it just can't reach it.
Here's how I start my servers:
node server (starts on port 3000)
php artisan serve (optionally setting port by --port=8000
Is this way even right? I'm new to this kind of concept. What would be the best practice for reaching the API from the frontend?
Update:
When running both servers on the same port I get the error message from google chrome console:
angular.js:11756 POST http://localhost:3000/localhost/login 404 (Not Found)
When running frontend on port 3000 and API on 8000 I get this:
angular.js:11756 XMLHttpRequest cannot load localhost:8000/login. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.
If I don't define the port for the request it uses the same as the server running on (this case port 3000). If I specify the port I get the error above.
One other thing I tried is putting http:// before the url, then I get this error:
angular.js:11756 POST http://localhost:8000/login (anonymous function) # angular.js:11756sendReq # angular.js:11517serverRequest # angular.js:11227processQueue # angular.js:15961(anonymous function) # angular.js:15977Scope.$eval # angular.js:17229Scope.$digest # angular.js:17045Scope.$apply # angular.js:17337(anonymous function) # angular.js:25023defaultHandlerWrapper # angular.js:3456eventHandler # angular.js:3444
:3000/#/login:1 XMLHttpRequest cannot load http://localhost:8000/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 405.
I am running ubuntu with apache2, I have a php system that is working with rewrite rules - all is working perfect.
Recently, due to increasing traffic I added a load balancer (haproxy), this is the second time I am using haproxy so I am not a pro.
When working with the haproxy I see the the .htaccess rules are not working - accessing the pages without the rules stil works.
This is the haproxy.cnf:
global
maxconn 2048
defaults
option forwardfor
option http-server-close
timeout connect 5000
timeout client 10000
timeout server 10000
frontend www-http
mode http
bind LOADBALANCERIP:80
reqadd X-Forwarded-Proto:\ http
default_backend www-backend
frontend www-https
mode http
bind LOADBALANCERIP:443 ssl crt /home/bee.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
backend www-backend
mode http
cookie SRVNAME insert
server node1 WEB1IP:80 cookie S1 check
I have a pound server with ssl offload in front of a haproxy.
How can I check in my php code if the request has been done with ssl if I have offload ssl and the ssl doesn't hit the web server?
Maybe put some header tag or something in haproxy to the ssl request so I can check this header in the code?
From HAProxy and SSL
The configuration directive below must be inserted in the Frontend configuration. It tells HAProxy to add a header named X-SSL which contains the information about the type of frontend connection:
http-request set-header X-SSL %[ssl_fc]
This should then show up in $_SERVER['HTTP_X_SSL'].
The solution I came up is to add the header in Pound configuration and check this header in the code:
AddHeader "X-Pound: SSL"
I currently have two apps at AppFog, they are.
http://sru-forums-prod.aws.af.cm/ and http://sru-home-prod.aws.af.cm/
I have haProxy running locally on my computer, this is my current config file.
global
debug
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend legacy
server forums sru-forums-prod.aws.af.cm:80
frontend app *:8232
default_backend legacy
The end-goal is that localhost:8232 forwards traffic to sru-home-prod, while localhost:8232/forums/* forwards traffic to sru-forums-prod. However I cant even get a simple proxy up and running.
When I run HAProxy off this config file I receive AppFog 404 Not Found at localhost:8232.
What am I missing, is this even possible?
EDIT:
New config works but now i have a port 60032 coming back in the response.
global
debug
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend legacy
option forwardfor
option httpclose
reqirep ^Host: Host:\ sru-forums-prod.aws.af.cm
server forums sru-forums-prod.aws.af.cm:80
frontend app *:8000
default_backend legacy
The reason you are getting an AppFog 404 Not Found is because applications hosted on AppFog are routed by domain name. In order for AppFog to know what app to serve you, the domain name is required to be in the HTTP request. When you go to localhost:8232/forums/ it sends localhost as the domain name which AppFog does not have as a registered app name.
There is a good way to get around this issue
1) Map your application to a second domain name, for example:
af map <appname> sru-forums-prod-proxy.aws.af.cm
2) Edit your /etc/hosts file and add this line:
127.0.0.1 sru-forums-prod-proxy.aws.af.cm
3) Go to http://sru-forums-prod-proxy.aws.af.cm:8232/forums/ which will map to the local machine but will go through your haproxy successfully ending up with the right host name mapped to your app hosted at AppFog.
Here is a working haproxy.conf file that demonstrates how this has worked for us so far using similar methodologies.
defaults
mode http
timeout connect 500ms
timeout client 50000ms
timeout server 50000ms
backend appfog
option httpchk GET /readme.html HTTP/1.1\r\nHost:\ aroundtheworld.appfog.com
option forwardfor
option httpclose
reqirep ^Host: Host:\ aroundtheworld.appfog.com
server pingdom-aws afpingdom.aws.af.cm:80 check
server pingdom-rs afpingdom-rs.rs.af.cm:80 check
server pingdom-hp afpingdom-hp.hp.af.cm:80 check
server pingdom-eu afpingdom-eu.eu01.aws.af.cm:80 check
server pingdom-ap afpingdom-ap.ap01.aws.af.cm:80 check
frontend app *:8000
default_backend appfog
listen stats 0.0.0.0:8080
mode http
stats enable
stats uri /haproxy