|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2008
/
2008-09
/
Re: [Pound Mailing List] Pound on
[
making pound completely transparent for my ... ]
[
BPG managed Network & pound / "Jens ... ]
Re: [Pound Mailing List] Pound on
Dave Steinberg <dave(at)redterror.net> |
2008-09-11 21:38:33 |
[ SNIP ]
|
<snip>
> In nginx I was able to include directories with the statements:
>
> include /tmp/nginx/conf.d/*.conf; include
> /opt/etc/nginx/conf.d/*.conf;
>
> Because pound works with only one file (AFAIK), my shell script needs
> to write the whole configuration file, which is far from elegant.
> Maybe I can use patch....
Or 'cat' or m4. More below.
> My question is:
>
> Does pound support more than 1 config-file for 1 listen session? If
> so... how? If not... could this be incorporated?
I don't fully understand your question, but let me give you a rough
outline of what I think would do what you're asking:
=== header.conf ====
User "proxy"
Group "proxy"
RootJail "/var/pound"
Alive 15
TimeOut 120
LogLevel 5
Daemon 1
Control "/tmp/pound.sock"
DynScale 0
ListenHTTP
# localhost, for testing
Address a.b.c.d
Port 80
RewriteLocation 0
HeadRemove "X-Forwarded-Proto"
End
===
=== dom1.conf ====
### special handling for *.check*.geekisp.com
Service "foo1"
HeadRequire "^Host:[ \t]*foo\.bar\.com$"
Backend
Address backend_1
Port 80
end
end
===
=== dom2.conf ===
Service "baz"
HeadRequire "^Host:[ \t]*baz\.bar\.com$"
Backend
Address backend_1
Port 81
end
end
===
That's it. Just 'cat' them all together and you get your pound.conf
file. This would send requests to foo.bar.com to "backend_1" on port 80
and requests to "baz.bar.com" to backend_1 on port 81.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
|
|
|
Re: [Pound Mailing List] Not a proxy
Dave Steinberg <dave(at)redterror.net> |
2008-09-21 18:08:39 |
[ SNIP ]
|
Jean-Pierre van Melis wrote:
> I’m using Pound as a proxy to be able to have more than 1 webserver behind my
NAT-router.
> The proxy sits between the connection all the time which is what a proxy is
supposed to do.
>
> But I was wondering….
> It’s not really a proxy what I want. I just want an agent that will direct
the traffic to the proper webserver depending on the domain-name requested.
>
> If pound would spoof the IP of the http-client, the backed would not respond
to pound, but to the http-client itself and from then on the servers would be
talking to each other.
>
> I think a similar technique is used with SIP.
> Anyone knows how to do such a thing?
DSR, aka Direct Server Return, is not directly supported by pound. You
might be able to make it work if you did some magic, but I haven't heard
of anybody doing it.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
|
|
|
Re: [Pound Mailing List] socket closing/shutdown
Robert Segall <roseg(at)apsis.ch> |
2008-09-22 17:47:23 |
[ SNIP ]
|
On Wed, 2008-09-10 at 12:21 -0400, Albert wrote:
> We encountered a problem earlier today where pound had too many open
> files. This had never happened before (in 3 years of running pound),
> and happened right after we lost one of our web servers unexpectedly.
> We have a HAPort setup for all of our backends (port other than 80), and
> its checked every 15 sec. At the time when pound started complaining
> about too many open files, it hadn't removed the dead backend from
> available list.
>
> I believe I have tracked the problem to the fact that "shutdown" is not
> being called prior to "close(socket)" on line 774 of http.c V2.4.2.
> Looking at the rest of the code, every time a socket is about to be
> closed, shutdown is called. I don't know if this is the problem we
> encountered with too many file handles being opened, but I was wondering
> if shutdown() needs to be called before close(). Here's the snippet of
> pound errors when this occurred:
>
> Sep 10 09:45:36 p2 pound: (b4429ba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:37 p2 pound: (b3b05ba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:37 p2 pound: (b3b05ba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:37 p2 pound: (b487aba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:37 p2 pound: (b487aba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:38 p2 pound: HTTP accept: Too many open files
> Sep 10 09:45:38 p2 pound: (b52e3ba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:38 p2 pound: (b52e3ba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:34 p2 pound: (b4e51ba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:34 p2 pound: (b4e51ba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:34 p2 pound: (b697cba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:34 p2 pound: (b697cba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:35 p2 pound: (b509aba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:35 p2 pound: (b509aba0) backend 192.168.111.23:80 connect:
> Connection timed out
> Sep 10 09:45:35 p2 pound: (b70d9ba0) connect_nb: error after getsockopt:
> Connection timed out
> Sep 10 09:45:35 p2 pound: (b70d9ba0) backend 192.168.111.23:80 connect:
> Connection timed out
I am quite sure that adding a shutdown() would not hurt. However, having
too many open files is not likely to be related to this, but rather to
the total allowed number of open files.
--
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904
|
|
|
Re: [Pound Mailing List] pound transparency
IVANCSO Krisztian <pound(at)percek.hu> |
2008-09-22 22:54:02 |
[ SNIP ]
|
Hi!
Jean-Pierre van Melis Ãrta:
> Someone wrote source-code patches to make pound transparent when they are
running on a Linux-system that's also the gateway of the clients.
> http://poundtp.freeweb.hu/
>
I was the perpetrator. ;-)
> I'm still in the stage of investigating if I can make this run on my router.
I probably also need to get a kernel patch and a lot of other tinkering. If at
least the application supports it out of the box, it will make things simpler
when upgrading. I would love to have this as a standard feature in the firmware
of my router.
>
I don't maintain the code. :-(
I wrote this patch for 2.0 b4.
It needs a special iptables module which does the hard work
(iptable_tproxy implemented by Balabit Ltd.).
The link to the module on page is not up to date.
New link: http://www.balabit.com/downloads/files/tproxy/
Some information about tproxy:
http://www.balabit.com/support/community/products/tproxy/
TProxy is not a cross-platform solution so I think there is no chance to
include in the normal codebase.
Best regatds,
ivan
|
|
|
Re: [Pound Mailing List] pound transparency
Robert Segall <roseg(at)apsis.ch> |
2008-09-23 18:41:49 |
[ SNIP ]
|
On Mon, 2008-09-22 at 20:07 +0200, Jean-Pierre van Melis wrote:
> Someone wrote source-code patches to make pound transparent when they are
running on a Linux-system that's also the gateway of the clients.
> http://poundtp.freeweb.hu/
>
>
> I believe he wrote this patch in a way that it doesn't get in the way of
normal use.
> If this is true, could this code be included in the normal codebase?
>
> I'm still in the stage of investigating if I can make this run on my router.
I probably also need to get a kernel patch and a lot of other tinkering. If at
least the application supports it out of the box, it will make things simpler
when upgrading. I would love to have this as a standard feature in the firmware
of my router.
If that is what you want, have a look at the OpenBSD pf - I think it
would do this sort of routing.
The original patch seems not to be very portable - as are all
kernel-based solutions.
--
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904
|
|
|
Re: [Pound Mailing List] LogFacility
Dave Steinberg <dave(at)redterror.net> |
2008-09-28 04:40:49 |
[ SNIP ]
|
Anthony L wrote:
> On FreeBSD 6.4-PRERELEASE and latest Pound Version 2.4.3
>
> LogFacility pound
There is no such log facility as 'pound'. Read the syslog man page -
there is a small set of predefined facilities. To do what you want,
there's other ways that vary by the specifics of your syslog
implementation. You might ask on a FreeBSD users list and get more
detailed help.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
|
|
|
Re: [Pound Mailing List]
Albert <pound(at)alacra.com> |
2008-09-29 22:59:23 |
[ SNIP ]
|
Yes, there is an "Emergency" directive you can use for "Service", which
will kick in after your BackEnd A becomes unavailable. As soon as
BackEnd A is available, pound will switch to it, and stop sending
requests to the Emergency (BackEnd B) server.
McCollough, Alan wrote:
> I'm looking to see if pound will do what I need.
>
> I've got a webserver "A" that occasionally hangs up, and a backup "B"
> webserver with a snapshot of what is on "A".
>
> What I need is something that will forward requests only to "A" under
> normal circumstances, but if "A" becomes unavailable, forward requests
> to "B" instead.
>
> Does pound to this?
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
>
|
|
|
|
|
|
