/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2006
/
2006-08
/
Re: [Pound Mailing List] Pound and SSL Setup
[
advice for use of pound / "dirk dekker" ... ]
[
Timeout problems / Ondra Kudlik ... ]
Re: [Pound Mailing List] Pound and SSL Setup
"Mathew Brown" <mathewbrown(at)fastmail.fm> |
2006-08-01 03:51:57 |
[ FULL ]
|
Adam,
Thanks a lot for your reply. I noticed that the homepage for Pound is
very sparse. Are there any links to tutorials? I couldn't find any
on the main page? Finally, can Pound be used as an SSL bridge / SSL
initiation where the SSL link is terminated at it and then
re-initiates the SSL session (kind of like ISA 2004)?. Thanks for
your help.
On Mon, 31 Jul 2006 01:14:05 +0200, "Adam Borowski"
<kilobyte(at)angband.pl> said:[...][...]
|
|
Re: [Pound Mailing List] advice for use of pound
Johannes Findeisen <mailman(at)hanez.org> |
2006-08-01 04:00:20 |
[ FULL ]
|
Hi,
On Mon, 2006-07-31 at 21:49 +0200, dirk dekker wrote:[...]
Yeah, you really could do that with Pound. But Pound takes focus on
being a load balancer like: Url: www.abc.com is redirected to
192.168.0.1 (Webserver-1) or 192.168.0.2 (Webserver-2) depending on the
"load" of these machines. But what you want to do is possible too -
Without any problems.
[...]
Do you mean, if there is Hardware available, that is looking like small
*DSL routers and where Pound is installed?
I think no, but i don't know... But you could build one by
yourself... ;)
I've never seen a solution build with this board but you could buy a
mini PC from http://www.soekris.com/ and
install Linux or BSD and Pound.
Hehe, I don't know if the CPU's are fast enough but i am really
interested in some benchmarks... :)
Is anybody out there who tried that out?
[...]
No Problem... Let me know what solution you will select at the end.
[...]
Regards,
[...]
|
|
Re: [Pound Mailing List] Timeout problems
Fat Bear Server Administration <server(at)fatbear.com> |
2006-08-01 17:41:39 |
[ FULL ]
|
I, too, am getting customer complaints of error 500s. With a customer on the
phone and looking at the logs in real time, I saw the error 500 happening at
just the same time that pound emitted an error. And, pound is emitting errors
every few minutes. I've copied a recent sample below. This makes pound seem
buggy. From past posts, I seem to recall that some of these are just warnings
that need no modification of the pound config at all. If so, I'd like to turn
these warning messages off. But, for the rest, what should I do. I've also
copied my simple config file below.
Thanks,
Steve Amerige
Fat Bear Incorporated
System: Red Hat Linux 9.0 (also on Fedora Core 1 and Fedora Core 4 with the
same problems)
Pound version: 2.0.4
pound.cfg
LogLevel 0
User "safeuser"
Group "safegroup"
ListenHTTP
Address 64.242.84.187
Port 80
End
ListenHTTPS
Address 64.242.84.187
Port 443
Cert "/usr/local/apache2/conf/ssl/fatbear.com/fatbear.com.pem"
End
Service
BackEnd
Address 64.242.84.187
Port 8088
End
End
/var/log/messages
Aug 1 07:53:11 fat1 pound: error copy server cont: Connection timed out
Aug 1 07:53:55 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 07:53:55 fat1 pound: error flush headers to 86.209.26.127: Connection
reset by peer
Aug 1 07:54:06 fat1 pound: error copy server cont: Connection timed out
Aug 1 07:54:22 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 07:56:17 fat1 pound: error copy server cont: Connection timed out
Aug 1 07:58:38 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:00:24 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:03:29 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:04:03 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:05:15 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:05:46 fat1 pound: error flush headers to 68.79.159.2: Connection
reset by peer
Aug 1 08:05:48 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:05:51 fat1 pound: error flush headers to 68.79.159.2: Connection
reset by peer
Aug 1 08:05:51 fat1 pound: error flush headers to 68.79.159.2: Connection
reset by peer
Aug 1 08:05:51 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:06:45 fat1 pound: error flush headers to 68.79.159.2: Connection
reset by peer
Aug 1 08:07:01 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:07:49 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:08:05 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:08:06 fat1 pound: error flush headers to 68.79.159.2: Connection
reset by peer
Aug 1 08:08:08 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:08:49 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:09:00 fat1 pound: error flush headers to 71.139.184.220: Connection
reset by peer
Aug 1 08:09:17 fat1 pound: response error read from 64.242.84.187:8088:
Connection timed out
Aug 1 08:09:52 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:09:54 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:10:34 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:10:38 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:12:57 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:13:29 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:13:32 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:15:22 fat1 pound: error copy chunk cont: Connection reset by peer
Aug 1 08:15:25 fat1 pound: error flush headers to 128.218.39.136: Connection
reset by peer
Aug 1 08:15:25 fat1 pound: error flush headers to 128.218.39.136: Connection
reset by peer
Aug 1 08:15:30 fat1 pound: error copy chunk cont: Connection reset by peer
Aug 1 08:17:36 fat1 pound: error flush headers to 81.231.98.56: Connection
reset by peer
Aug 1 08:18:18 fat1 pound: can't read header
Aug 1 08:18:32 fat1 pound: error copy chunk cont: Connection reset by peer
Aug 1 08:18:38 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:18:59 fat1 pound: error flush headers to 212.219.238.55: Connection
reset by peer
Aug 1 08:19:03 fat1 pound: error read from 220.179.77.169: Connection timed
out
Aug 1 08:19:12 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:19:13 fat1 pound: error flush headers to 81.231.98.56: Connection
reset by peer
Aug 1 08:19:49 fat1 pound: error read from 68.254.149.123: Connection reset by
peer
Aug 1 08:19:49 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:19:49 fat1 pound: error flush headers to 68.254.149.123: Connection
reset by peer
Aug 1 08:21:07 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:23:18 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:24:57 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:25:05 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:25:06 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:25:09 fat1 pound: error flush headers to 24.143.15.102: Connection
reset by peer
Aug 1 08:26:55 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:28:58 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:29:06 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:29:27 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:29:35 fat1 pound: error copy server cont: Connection timed out
Aug 1 08:29:47 fat1 pound: error copy server cont: Connection reset by peer
Aug 1 08:32:29 fat1 pound: error copy server cont: Connection timed out
----- Original Message -----
From: Ondra Kudlik
To: Pound
Sent: Tuesday, August 01, 2006 2:57 PM
Subject: [Pound Mailing List] Timeout problems
Hi,
two days ago we switched to Pound 2.0.9 from 1.8 and now we have
problem with timeouts.
We have apache behind pound and when some client have script which
take long time it returns error 500 and in logs there is
response error read from 127.0.0.1:10000: Connection timed out
I found TimeOut in documentation so I add it to BackEnd end yes, it
is better.. but how I can set ideal value for TimeOut? What if
script take 3 minutes to go or 5 minutes or 30 seconds? I'm not
really sure but I think that with Pound 1.8 there wasn't this
problem.
Can you give me some advice?
Thanks
[...]
|
|
|
Re: [Pound Mailing List] Timeout problems
Jacques Caron <jc(at)oxado.com> |
2006-08-01 19:04:15 |
[ FULL ]
|
Hi,
At 12:27 01/08/2006, Ondra Kudlik wrote:[...]
Depends on your app and your requirements.
[...]
We use several "Service" entries in our pound configuration that map
to different actions (matching the Host and/or URL): URLs that are
associated with reports that can be quite long to generate have a
longer TimeOut value (e.g. 300 seconds) while others that need to
complete very quickly or die right away (JS scripts linked into
affiliate pages) have a very short TimeOut (2 seconds), while others
have an "average" TimeOut at 120 seconds, etc.
That seems to work pretty well now.
Jacques.
|
|
Re: [Pound Mailing List] Timeout problems
Jacques Caron <jc(at)oxado.com> |
2006-08-01 19:06:15 |
[ FULL ]
|
Hi,
At 17:41 01/08/2006, Fat Bear Server Administration wrote:[...]
Well, no, it does exactly what it is told: if a server does not
respond within the expected time, complain and don't stay there
forever. You can adjust the TimeOut value based on your requirements.
Jacques.
|
|
Re: [Pound Mailing List] Timeout problems
Ondra Kudlik <kepi(at)orthank.net> |
2006-08-01 19:16:39 |
[ FULL ]
|
Út, srp 01, 2006 ve 07:04:15 +0200, Jacques Caron napsal:[...]
Yes, I understand this well. But we are webhosting company and have
hundreds of clients and we are not able to know good timeout for
each of them :(
|
|
Re: Welcome to [Pound Mailing List]
"Tony Perrie" <tony(at)involution.com> |
2006-08-02 00:07:09 |
[ FULL ]
|
I'm having a bit of trouble deploying Pound 2.0.9. It appears that
the output of my rails application is slightly garbled after sending
it through the Pound proxy from Mongrel. Some newline characters look
like they have been eaten. The application is fine if I load it from
Mongrel directly. Is this a known problem?
Tony
http://involution.com
|
|
Re: [Pound Mailing List] Problem w/ Openssl
Falk Brockerhoff <fb(at)smartterra.de> |
2006-08-04 21:03:08 |
[ FULL ]
|
beno schrieb:
[...]
Hi Beno (Realname would be fine),
[...]
Did you installed openssl from the ports? (openssl-0.9.8b_1 or newer).
While configuring you have to give the path to the userside installed
openssl-libs:
./configure --with-ssl=/usr/local/
Runs fine for me with FreeBSD 6.1
[...]
Regards,
Falk Brockerhoff
|
Attachments: | | |
fb.vcf |
text/x-vcard |
363 Bytes |
|
|
Re: [Pound Mailing List] Timeout problems
Fat Bear Server Administration <server(at)fatbear.com> |
2006-08-04 23:13:38 |
[ FULL ]
|
>> We use several "Service" entries in our pound configuration that map
to [...][...]
1. We're in the same situation.... what did you decide to do? Would you share
your configuation file? I'm not familiar with the "Service" entries you're
referring to... does anyone have an example of this that could work on a server
hosting many customer domains (for which I have no knowledge of what they use
their domains for)? For that matter, I'd love to see a template configuration
file that would be good for a general virtual hosting provider. Please see
below what we're using right now.
2. I see errors of the form:
Aug 1 08:19:12 fat1 pound: error copy server cont: Connection reset by
peer
every few minutes in the log file. I've changed the TimeOut to 120 (to get rid
of the Connection timed out messages), and I was hoping that would take care of
this as well. What does this error mean? What action do I need to take to
resolve whatever are the underlying problems? If it's not a problem message,
shouldn't LogLevel 0 supress it?
Thanks,
Steve Amerige
Fat Bear Incorporated
pound.cfg
LogLevel 0
User "safeuser"
Group "safegroup"
ListenHTTP
Address 64.242.84.187
Port 80
End
ListenHTTPS
Address 64.242.84.187
Port 443
Cert "/usr/local/apache2/conf/ssl/fatbear.com/fatbear.com.pem"
End
Service
BackEnd
Address 64.242.84.187
Port 8088
End
End
|
|
|
Re: [Pound Mailing List] Timeout problems
Ondra Kudlik <kepi(at)orthank.net> |
2006-08-05 00:57:39 |
[ FULL ]
|
Pá, srp 04, 2006 ve 02:13:38 -0700, Fat Bear Server Administration napsal:[...]
I can't resolve this correctly, so I set timeout to very high number
but I'm not sure about impacts
[...]
search the pound archive, but I think that this isn't related to
this isue. For timeout problem you will see Connection timeout in
logs.
[...]
No, cause loglevel 0 disable access logging but error messages are
shown anyway
Service
HeadRequire "Host: .*somehost\.cz.*"
BackEnd
Address 127.0.0.1
Port 10000
TimeOut 1200
End
End
But again, I just wonder why this issue is only in Pound 2.x, we
have no such problems with 1.x branch
Ondra Kudlik
[...]
|
|
Re: [Pound Mailing List] Timeout problems
Robert Segall <roseg(at)apsis.ch> |
2006-08-05 11:52:26 |
[ FULL ]
|
On Tue, 2006-08-01 at 12:27 +0200, Ondra Kudlik wrote:[...]
In 1.8 the default was "infinite", thus no time-outs at all. In later
versions we moved away from that, as it lead to dead back-ends not being
recognised (dead as in an infinite loop rather than off).
In general you can set as long a time-out as you want - the effect is
only that unresponsive servers will take a while to be recognised as
dead. Servers that have crashed completely will still refuse the
connection, and thus the time-out is not relevant.[...]
|
|
Re: [Pound Mailing List] Session Handling Problem - still exists
Falk Brockerhoff <noc(at)smartterra.de> |
2006-08-10 14:05:41 |
[ FULL ]
|
Hello again,
In the meanwhile I upgraded to pound 2.0.9 (still on FreeBSD 6.1) and
changed my configuration syntax:
User "www"
Group "www"
LogLevel 2
Alive 5
ListenHTTP
Address 0.0.0.0
Port 80
End
Service
Session
Type PARM
ID "PHPSESSID"
TTL 300
End
BackEnd
Address 10.0.0.1
Port 80
Priority 1
End
BackEnd
Address 10.0.0.2
Port 80
Priority 1
End
End
[...]
The problem still exists - does anyone have an idea how to fix this
behavior?
Regards,
Falk Brockerhoff
|
|
Re: [Pound Mailing List] Session Handling Problem - still exists
Falk Brockerhoff <noc(at)smartterra.de> |
2006-08-10 14:38:35 |
[ FULL ]
|
Hmmm,
it seems that the problem is not caused by pound - the redirects to the
backends are working fine. If the users is redirected to web1 everything
works fine, but on web2 the session dies after some time.
Ok, so I have to find the bug on the web2-backend, not within pound.
Sorry for my hastily posting to the list.
But I don't know why web2 is doing so strange things. It is exactly
identicaly to web1, where everything works fine...
Regards,
Falk
|
|
Re: [Pound Mailing List] Enhanvements
Falk Brockerhoff <noc(at)smartterra.de> |
2006-08-17 15:20:52 |
[ FULL ]
|
Robert Segall schrieb:
[...]
This would be a very nice feature, I think!
Regards,
Falk
|
|
Re: [Pound Mailing List] Enhanvements
Adam Borowski <kilobyte(at)angband.pl> |
2006-08-17 15:45:36 |
[ FULL ]
|
On Thu, Aug 17, 2006 at 02:49:59PM +0200, Robert Segall wrote:[...]
You'll want to start with:
http://www.apsis.ch/pound/pound_list/archive/2006/2006-07/1151714111000
It does almost what you want -- I didn't eliminate xHTTP, but WebDAV
accepts four values:
* 0 -- disabled
* 1 -- as currently w/o --enable-msdav
* 2 -- RFC-compliant methods
* 3 -- as in --enable-msdav: all Microsoft extensions
Values higher than 1 force xHTTP to be on.
[...]
|
|
Re: [Pound Mailing List] Enhanvements
Ondra Kudlik <kepi(at)orthank.net> |
2006-08-17 15:46:05 |
[ FULL ]
|
ÄŒt, srp 17, 2006 ve 02:49:59 +0200, Robert Segall napsal:[...]
as you know, this will be great for us. No further patching and
hacking :)
[...]
this will be really great future!
[...]
I have to say same thing as before. We have big problems with pound
not supporting redirect from same domain to https version in
scripts...
http://www.domain.com/ -> https://www.domain.com is must for us and
it is very hard time now without it and many complaints from our
clients :(
--
.''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
`- http://www.nosoftwarepatents.com/cz/m/intro/index.html
|
|
Re: [Pound Mailing List] Enhanvements
Eric McCarthy <eric(at)desert.net> |
2006-08-17 19:41:01 |
[ FULL ]
|
On Thu, Aug 17, 2006 at 02:49:59PM +0200, Robert Segall wrote:[...]
An "Include" directive for the configuration file would be a nice
feature to have.
-Eric
|
|
RE: [Pound Mailing List] Enhanvements
<F.Alcala-Soler(at)iaea.org> |
2006-08-17 20:23:47 |
[ FULL ]
|
Hello,
These are my needs for features:
[...]
1) +1 on the above.
2) When logging the backend server that has been used (LogLevel 2), I
see only the Port in parenthesis. If it is not possible to configure
Pound to display also the Address, I'd find such a feature useful. I
have all backend servers configured on the same port and the current
information in the log is not enough to determine which one's been used.
3) I have a NAT router between Pound and the backend servers. This is so
because my backend servers are cloned VMware virtual machines and I do
not have enough IP addresses to bridge them. There are several backend
machines on every physical host and I use port forwarding to access the
web servers in them (all on port 80, while the forwarders on the
physical host listen on ports 80, 81, 82... one for each clone). This
means that the checks that Pound performs on backend hosts (both Port
and HAPort) are actually responded to by the NAT router. I can shut down
a backend web server and Pound won't notice. My suggestion would be a
configuration option to do pervasive checks, i.e. something on top of
the currently used TCP handshake, something like requesting a dummy URL
or doing a HEAD HTTP request. These would need to be answered by backend
servers only.
If suggestion 3) were to be implemented, I would not need 1) and 2).
They are derived from the fact that to overcome the above problem, I
have daisy-chaining Pound servers. I place a Pound server on each
physical host balancing the load for the clone backends on that same
host and one external Pound server distributing the load between these
Pound installations on the physical hosts. Because I can no longer use
the sequential port numbers, I would need the Address on the log files,
and because the death of all clones on a physical server would not be
noticed by the external Pound (unless I created yet one more HAPort
server), the emergency backend directive would help us serve requests
from any host with dead backends by fetching them directly from an
adjacent physical host. (Currently I am thinking of trying out with a
very low priority configuration for the emergency backend, which would
actually be the Pound installation on a physical host).
If anyone sees other solutions to my issues, please let me know.
Thanks,
Curro
This email message is intended only for the use of the named recipient.
Information contained in this email message and its attachments may be
privileged, confidential and protected from disclosure. If you are not the
intended recipient, please do not read, copy, use or disclose this
communication to others. Also please notify the sender by replying to this
message and then delete it from your system.
|
|
RE: [Pound Mailing List] Enhanvements
Robert Segall <roseg(at)apsis.ch> |
2006-08-18 11:25:07 |
[ FULL ]
|
On Thu, 2006-08-17 at 20:23 +0200, F.Alcala-Soler(at)iaea.org wrote:[...]
Not here - it logs in the usual address:port format.
[...]
That is simply impossible - it would break just about every IP standard
I ever heard about. By definition the NAT router cannot respond to
packets for forwarded ports. To check: run a port scan on your NAT box;
if what you say is true then each and every port will show as open,
regardless of weather it is forwarded or not.
As to the lack of IP addresses: the network segment(s) between Pound and
the servers is private, so you have as many addresses as you want.
[...]
In other words you have no NAT but extra Pound instances.
This is not a particularly efficient topology - you are better off with
a single Pound instance distributing the load to the various servers
directly. Use routing rather than NAT to get access to the virtual
machines.[...]
|
|
Re: [Pound Mailing List] Enhanvements
Robert Segall <roseg(at)apsis.ch> |
2006-08-18 11:27:20 |
[ FULL ]
|
On Thu, 2006-08-17 at 10:41 -0700, Eric McCarthy wrote:[...]
Why? What is the advantage? Is your config file so large that you
actually need the feature? Not criticising but asking, as I'd like Pound
to stay as simple as possible.
In any case Pound reads the config file (with or without includes)
exactly once, on start-up.[...]
|
|
Re: [Pound Mailing List] Enhanvements
Holger Gläß <holger.glaess(at)asknet.de> |
2006-08-18 11:55:16 |
[ FULL ]
|
Robert Segall wrote:[...][...]
>>> Please post additional suggestions here and we'll try to add them
to the
>>> list.
>>> [...][...]
hi
an include function is nice to have for configuration syncronistation
between 2 boxes
in a HA environment.
but this need an fuktion for reload of config by an singal ( like a HUP
) or an automatic check
and reload feature for configs.
holger
|
|
Re: [Pound Mailing List] Enhanvements
Malte Ahrens <malte.ahrens(at)web.de> |
2006-08-18 12:29:08 |
[ FULL ]
|
Hello,[...]
I'm not sure whether it was mentioned before. For me it would be great
to have the possibility to track a 'health page' of the back ends. For
example pound should retrieve every X seconds a special page which only
content is 'OK' or 'FAIL'. This would give me the possibility to do some
health checks like DB lookups, server status and so on and drop a
backend even when apache (the server) is still responding.
I know there is the HAport directive but to my mind it's a very
complicate way...
Malte
|
|
Re: [Pound Mailing List] Enhanvements
Falk Brockerhoff <noc(at)smartterra.de> |
2006-08-18 12:34:02 |
[ FULL ]
|
Holger Gläß schrieb:
[...]
In a HA environment a session synchronisation between two carped
pound-boxes would be fine...
[...]
Regards,
Falk
|
|
Re: [Pound Mailing List] Enhanvements
=?UTF-8?B?SG9sZ2VyIEdsw6TDnw==?= <holger.glaess(at)asknet.de> |
2006-08-18 12:49:11 |
[ FULL ]
|
Falk Brockerhoff wrote:[...][...][...]
holger
[...]
hi
i don´t talk about session sycronistation just from the syncronisation
of the configs between the boxes
or do you do configure your settings on both machine by hand ?
holger
|
|
Re: [Pound Mailing List] Enhanvements
Simon Slaytor <sslaytor(at)iom.com> |
2006-08-18 12:57:22 |
[ FULL ]
|
I can confirm that on OpenBSD 3.9 only the port is logged.
Aug 18 11:51:12 CLI-LB1 pound: 10.190.66.66 GET / HTTP/1.1 - HTTP/1.1
200 OK (http:80)
Aug 18 11:51:19 CLI-LB1 pound: 10.190.66.66 GET / HTTP/1.1 - HTTP/1.1
304 Not Modified (http:80)
Aug 18 11:51:19 CLI-LB1 last message repeated 2 times
Aug 18 11:51:22 CLI-LB1 pound: 10.190.70.70 GET / HTTP/1.1 - HTTP/1.1
304 Not Modified (http:80)
Aug 18 11:51:22 CLI-LB1 last message repeated 3 times
This might have a bearing on my none load balancing problem.
Robert Segall wrote:[...][...]
>>> - add an emergency back-end directive (hot back-up): a
>>> back-end that is
>>> used only when all other back-ends are dead and stops being used
when
>>> any of the others is reactivated.
>>> [...][...][...][...][...][...]
|
|
|
Re: [Pound Mailing List] Enhanvements
Falk Brockerhoff <noc(at)smartterra.de> |
2006-08-18 13:03:19 |
[ FULL ]
|
Holger Gläß schrieb:
[...]
Ok, I should said that this was meant as an additional suggestion.. No,
I run a script on the master which scopy the config to the slave and
restarts pound on both machines.
[...]
Regards,
Falk
|
|
Re: [Pound Mailing List] Enhanvements
Robert Klikics <robert.klikics(at)unitedprint.com> |
2006-08-18 13:12:35 |
[ FULL ]
|
Am 18.08.2006 12:29 schrieb Malte Ahrens:
I'm not sure
whether it was mentioned before. For me it would be great to have the
possibility to track a 'health page' of the back ends. For example
pound should retrieve every X seconds a special page which only content
is 'OK' or 'FAIL'. This would give me the possibility to do some health
checks like DB lookups, server status and so on and drop a backend even
when apache (the server) is still responding.
I know there is the HAport directive but to my mind it's a very
complicate way...
Great Idea!
Would also be nice to have a statusinfo like Apache's "server-status"
or something where the admin can see the current/average requests and
other things ....
Malte
Robert
|
|
|
Re: [Pound Mailing List] Pound Performance
Harmen <harm(at)tty.nl> |
2006-08-18 13:56:39 |
[ FULL ]
|
On Fri, Aug 18, 2006 at 07:51:22AM -0400, Jeffrey Brown wrote:[...]
Can you show the pound config file?
[...]
[...]
|
|
Re: [Pound Mailing List] Enhanvements
Ondra Kudlik <kepi(at)orthank.net> |
2006-08-18 14:05:36 |
[ FULL ]
|
Hi,
I have imlemented this solution in my config.
in /etc/pound/conf.d there are many parts of config and then I have
rebuild action in init scripts:
rebuild)
echo -n "Generating sites config: "
gen_pound_sites # generate config for pound
/bin/cat /etc/pound/conf.d/* > /etc/pound/pound.cfg
/usr/local/bin/pound_check_config $DAEMON $CONFIG
;;
important is only part /bin/cat /etc/pound/conf.d/* >
/etc/pound/pound.cfg
So if you add this to start action, there is no need to Include
directive.
And Robert, I'm wondering if it is problem for pound to have huge
amount of Service sections? My conf script has 2348 line now and it
is growing..
--
.''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
`- http://www.nosoftwarepatents.com/cz/m/intro/index.html
Pá, srp 18, 2006 ve 11:27:20 +0200, Robert Segall napsal:[...]
|
|
Re: [Pound Mailing List] Pound Performance
Jeffrey Brown <jbrown(at)camsys.com> |
2006-08-18 16:03:10 |
[ FULL ]
|
Harmen <harm(at)tty.nl> wrote on 08/18/2006 07:56:39 AM:
[...]
time. [...]
Certainly.
# cat /usr/local/etc/pound.cfg
User "pound"
Group "pound"
Daemon 1
LogLevel 0
Alive 30
ListenHTTP
Address 192.168.5.101
port 80
Client 10
Change30x 1
Service
URL ".*"
HeadRequire "Host:.*http-test.domain.com.*"
backEnd
Address 192.168.5.21
Port 80
End
Session
Type IP
TTL 300
End
End
End
ListenHTTPS
Address 192.168.5.101
Port 443
xHTTP 0
WebDAV 0
Client 10
Change30x 1
Cert "/usr/local/etc/newcert.pem"
Service
URL ".*"
HeadRequire "Host:.*serverA.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
Service
URL ".*"
HeadRequire "Host:.*serverB.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
Service
URL ".*"
HeadRequire "Host:.*serverC.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
Service
URL ".*"
HeadRequire "Host:.*serverD.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
Service
URL ".*"
HeadRequire "Host:.*serverE.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
Service
URL ".*"
HeadRequire "Host:.*serverF.domain.com.*"
BackEnd
Address x.x.x.x
Port 80
End
# Session
# Type IP
# TTL 300
# End
End
# Service
# URL ".*"
# HeadRequire "Host:.*www-test.domain.com.*"
# BackEnd
# Address 192.168.5.21
# Port 80
# End
# Session
# Type IP
# TTL 300
# End
#
|
|
|
RE: [Pound Mailing List] Enhanvements
<F.Alcala-Soler(at)iaea.org> |
2006-08-18 18:49:03 |
[ FULL ]
|
Hi Robert,
[...]
I am not seeing the backend's address? Here is an example log line produced
with LogLevel 2 on SuSE 10:
Aug 18 13:18:42 LOADB1 pound: 192.168.218.127 GET /stylesheets/mainSearch.css
HTTP/1.1 - HTTP/1.1 304 Not Modified (:80)
It shows only the port in parenthesis.
[...]
I think I haven't explained it properly. The "NAT router" and "port forwarding"
refer to the way VMware GSX server handles these virtual devices. The router
isn't a physical device, but a Windows services that passes inbound
communications through forwarding tunnels from ports on the NIC of a physical
host to the virtual, private network used to communicate with the virtual
machines on this same host.
I've done the packet captures with Ethereal and the VMware NAT router closes
the connection with Pound before it's started the corresponding connection with
the backend server. It goes like this:
Pound NAT Router Backend
>- SYN ->
<- SYN,ACK -<
>- ACK ->
>- FIN,ACK ->
>- SYN ->
<- ACK -<
<- SYN,ACK -<
>- ACK,RST -> (not sure about this one,
writing from top of my head,
but the router closes it,
since the other side is closed)
The communication between the NAT router and the backend happen in memory,
since the VMware networks are virtual (super quick, also). The sequence is not
always the same: sometimes the whole communication between Pound and the NAT
router is finished before the router has time to start to talk to the backend.
Regarding the port scan, I haven't tried it, but I am sure that it would find
open only the ports for which there is a forwarding tunnel defined. This type
of VMware virtual NAT router actually routes only for the defined forwarding
tunnels (or for the outgoing communications, of course).
Also, note that the router is not bridging transparently at layer 2, so it is
responsible for the TCP connections that are opened against it.
[...]
You're right, but in our configuration Pound is on a different physical host as
the servers and I do not have access to that network. It is one of our
organization's DMZ areas and I get one IP address per physical host. With the
virtual machines behind the NAT router I have as many private networks/IP
addresses as I like (all of them virtual).
However, I think I get an idea of what you mean. Perhaps you mean that I am
free to add a second, private IP address to the NICs and expose the virtual
machines' private address on the network through bridging, instead of NATing.
Thus, every NIC would be able to communicate both on the "official" as on the
"private" network through the same wire. I am not sure about how to do this on
Windows 2003, but I am off to the drawing board... It would allow us to go back
to the single Pound installation.
[...]
The NAT is there:
Host 1 Host 2
Pound -> NAT router -> Pound -> Backend
-> Backend
-> Backend
Host 3
-> NAT router -> Pound -> Backend
-> Backend
-> Backend
All servers in hosts 2 and 3 are virtual machines, so they have full (private)
network access among themselves. Hosts 1, 2 and 3 have each a single IP
address, this is why we need NATing to the Pound and Backends on hosts 2 and 3.
I would love to have a single Pound instance. Actually this is what I tested
first, until I discovered that Pound on host 1 could not check the availability
of the HAPorts and Ports of the backends.
Thanks a lot for your help,
Curro
This email message is intended only for the use of the named recipient.
Information contained in this email message and its attachments may be
privileged, confidential and protected from disclosure. If you are not the
intended recipient, please do not read, copy, use or disclose this
communication to others. Also please notify the sender by replying to this
message and then delete it from your system.
|
|
Re: [Pound Mailing List] Enhanvements
Sean Gabriel Heacock <gabriel(at)korsoft.com> |
2006-08-18 23:05:18 |
[ FULL ]
|
On Fri, 2006-08-18 at 11:27 +0200, Robert Segall wrote:[...]
I'd like to see this feature myself, not that my Pound config is very
big, but at some point I'd like to automate the process of setting up
SSL for a customer. I'd rather create a new file that's included by
pound.conf (preferably in the conf.d style) than have a script touch the
main config file and probably screw it up. And if the customer leaves,
I'd just have to delete their included file.
At some point I'll patch Pound to do this myself if it's not going to be
officially supported (I have no qualms about doing this - you should see
my Apache!) but this strikes me as a fairly simple feature that a lot of
people would find useful.
[...]
|
|
Re: [Pound Mailing List] Enhanvements
Eric McCarthy <eric(at)desert.net> |
2006-08-19 01:02:55 |
[ FULL ]
|
On Aug 18, 2006, at 2:27 AM, Robert Segall wrote:[...][...]
>>> Please post additional suggestions here and we'll try to add them
>>> to the
>>> list.[...][...]
Sean's answer is the same for us. We have a lot of our setups
automated, except for the pound parts.
[...]
Acknowledged. I'm thinking of an include along the lines of an Apache
Include directive or an #include used by the pre-parser in C.
-Eric
|
|
Re: [Pound Mailing List] Enhanvements
Adam Borowski <kilobyte(at)angband.pl> |
2006-08-19 02:30:46 |
[ FULL ]
|
On Fri, Aug 18, 2006 at 03:05:18PM -0600, Sean Gabriel Heacock wrote:[...]
Since you ALREADY have to restart Pound, most likely using a short script
(even if it's just an one-liner), why won't you create pound.cfg from the
conf.d files? This way you have exactly the same functionality, can tailor
it as you want while Pound itself is kept simple.
[...]
|
|
Re: [Pound Mailing List] Enhanvements
Alessio Cervellin <a.cervellin(at)acm.org> |
2006-08-19 10:30:52 |
[ FULL ]
|
> In any case Pound reads the config file (with or without includes)[...]
A nice-to-have would be a feature that allows to change the
configuration file without restarting pound. As example, there could be
a SIGnal which once sent to the pound process instructs it to read again
the configuration file. Would it be possible?
|
|
Re: [Pound Mailing List] Enhanvements
Ted Dunning <tdunning(at)veoh.com> |
2006-08-21 08:44:40 |
[ FULL ]
|
So put an invocation of m4 into your startup script. You can build the real
config from an arbitrarily macro-ized, include-filed config master file that
way.
No need to integrate m4 into pound when another tool already exists.
On 8/18/06 4:02 PM, "Eric McCarthy" <eric(at)desert.net> wrote:
>>> An "Include" directive for the configuration file would be a nice
>>> feature to have.[...][...][...][...]
|
|
Re: [Pound Mailing List] Enhanvements
"M. Krainer" <mkrainer05(at)gmail.com> |
2006-08-21 12:36:39 |
[ FULL ]
|
On 8/17/06, Robert Segall <roseg(at)apsis.ch> wrote:[...]
An additional loglevel that logs the durration of the request to the backend
would be nice.
- Markus
|
|
|
Re: [Pound Mailing List] Enhanvements
Robert Segall <roseg(at)apsis.ch> |
2006-08-21 17:39:44 |
[ FULL ]
|
On Fri, 2006-08-18 at 14:05 +0200, Ondra Kudlik wrote:[...]
I honestly can't imagine why would you need over 2000 lines. The
performance penalty is not that big (an extra pattern match or two per
service) but the maintenance must be a nightmare.
Would you care to post an example of what you are doing? I suspect we
could reduce this quite a bit.[...]
|
|
Re: [Pound Mailing List] Enhanvements
Ondra Kudlik <kepi(at)orthank.net> |
2006-08-21 20:49:20 |
[ FULL ]
|
Po, srp 21, 2006 ve 05:39:44 +0200, Robert Segall napsal:[...]
i have service for every virtual host... I'm not sure if this is
needed now but in past, I can't redirect between to web sites or
something simmilar...
[...]
not at all.. almost whole config is generated from database
[...]
Of course.
---------- start pound.conf ---------------
User "pound"
Group "pound"
LogLevel 0
Alive 20
ListenHTTP
Address 81.0.246.70
Port 80
HTMLErr414 "/var/www/default/500.html"
HTMLErr500 "/var/www/default/500.html"
HTMLErr501 "/var/www/default/501.html"
HTMLErr503 "/var/www/default/503.html"
RewriteLocation 0
Service
HeadRequire "Host: .*firstdomain\.com.*"
BackEnd
Address 127.0.0.1
Port 8080
TimeOut 1200
End
End
Service
HeadRequire "Host: .*seconddomain\.com.*"
BackEnd
Address 127.0.0.1
Port 8081
TimeOut 1200
End
End
Service
HeadRequire "Host: .*thirddomain\.com.*"
BackEnd
Address 127.0.0.1
Port 8080
TimeOut 1200
End
End
Service
....
.... etc etc ...
End
---------- end pound.conf ---------------
You may wonder why I have only one backend :) but I'm not using
pound as load balancer for know (but I plan to) but as proxy for
distributing domains between http servers (we have some php4 and
php5 and some on other machines).
I'm not sure if I can optimize this, only option from my point of
view is to group the sites by http server (no problem) so it can
look like:
Service
HeadRequire "Host: .*(firstdomain\.com)|(thirddomain\.com).*"
BackEnd...
End
But I'm really not sure if it helps cause regexp is more
complicated.
Thanks for you time
--
.''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
`- http://www.nosoftwarepatents.com/cz/m/intro/index.html
|
|
Re: [Pound Mailing List] SSL/Zope Question
"Klaus Alexander Seistrup" <kseistrup(at)gmail.com> |
2006-08-23 17:45:58 |
[ FULL ]
|
Re: [Pound Mailing List] SSL/Zope Question
"Klaus Alexander Seistrup" <kseistrup(at)gmail.com> |
2006-08-24 10:03:13 |
[ FULL ]
|
John Snowdon wrote:
[...]
It didn't work for me (older zope version, upgrade is not an option),
so I chose another solution and it works like a charm.
Cheers,
[...]
|
|
Re: [Pound Mailing List] SSL/Zope Question
"Klaus Alexander Seistrup" <kseistrup(at)gmail.com> |
2006-08-24 11:25:08 |
[ FULL ]
|
John Snowdon wrote:
[...]
I agree. I have Zope 2.7+ running on some of my servers, but at least
one is still running an older version.
Cheers,
[...]
|
|
Re: [Pound Mailing List] SSL/Zope Question
Robert Segall <roseg(at)apsis.ch> |
2006-08-24 18:29:08 |
[ FULL ]
|
On Thu, 2006-08-24 at 11:25 +0200, Klaus Alexander Seistrup wrote:[...]
Modified versions of z2.py are available in the distribution for older
(2.5, 2.6) Zope versions.[...]
|
|
|