dnsproxy icon indicating copy to clipboard operation
dnsproxy copied to clipboard
verified publisher icon jamiees2

Figure out why haproxy seems to require restarting quite often.

Open jamiees2 opened this issue 10 years ago • 9 comments

This is a somewhat annoying issue. It might just be an issue with HAProxy, but it might be possible to resolve with better config generation.

jamiees2 avatar Apr 07 '15 22:04 jamiees2

I think the problem is that HAProxy does the address resolution on start up and then Netflix etc slowly change the ip addresses.

chocolatebegood avatar Apr 08 '15 04:04 chocolatebegood

Hmm, how would you propose resolving that? I can't seem to find a fix that is different from adding service haproxy restart to crontab.

jamiees2 avatar Apr 08 '15 11:04 jamiees2

Perhaps other alternatives to HAProxy like sniproxy are worth looking into. Regarding the automated restarts, perhaps this is enough: http://www.forouzani.com/reload-haproxy-cfg-without-restarting.html.

jamiees2 avatar Apr 08 '15 11:04 jamiees2

You need to add the check inter line to each backend server, this is force HAProxy to check the server and see if its up or down, IP chnage etc.

Something such as this (probably smaller numbers)

use-server cp143012-i.akamaihd.net if { req_ssl_sni -i cp143012-i.akamaihd.net } server cp143012-i.akamaihd.net cp143012-i.akamaihd.net:443 check inter 60000 fast inter 60000 down inter 60000 fall 14430

Dan-Wood avatar Sep 07 '15 11:09 Dan-Wood

Oh neat! As you clearly know more about this than I do, would you mind sending a PR? :^)

jamiees2 avatar Sep 07 '15 11:09 jamiees2

Sure, will do that sometime tomorrow. Will probably jump on that Named/BIND generator too.

Dan-Wood avatar Sep 07 '15 11:09 Dan-Wood

Any suggestions for getting haproxy to start if a domain has gone completely? Today I found atv.amazon.com did not resolve causing

[ALERT] 276/003112 (4325) : parsing [/etc/haproxy/haproxy.cfg:119] : 'server atv.amazon.com' : invalid address: 'atv.amazon.com' in 'atv.amazon.com:80'

I just pointed it to localhost in /etc/hosts as a workaround

kcd83 avatar Oct 04 '15 00:10 kcd83

Hmm, no, not really. I have yet to investigate the HAProxy configuration better, although I was researching sniproxy last weekend and am considering adding a generator for it, as it just seemed to work better regarding DNS lookups.

jamiees2 avatar Oct 04 '15 00:10 jamiees2

sniproxy is nice and I used it before, but Amazon Instant Video in combination with a Fire TV gave me headaches, until I found out that the Fire TV resolves some hostnames via DNS but sends the HTTP requests directly to the resolved IP. I was not able to find a workaround like the dnat setup here.

ck-ws avatar Oct 26 '15 17:10 ck-ws