On Tue, 14 Oct 2008 01:36:37 -0400, "Anthony L"
<GhostSniper007(at)hotmail.com> wrote:[...]

Only one is allowed.  This is by design.  Robert has said he will consider
adding this functionality in the future.

In the mean time I've hacked my version of pound to allow me to use two. 
It's not pretty but it works and so far hasn't broken anything.  Let me
know if you want the patch so you can try it out.

Just that I want it too...
I think I even requested it before.

-----Oorspronkelijk bericht-----
Van: Fat Bear Incorporated - Pound Mailing List [mailto:pound(at)fatbear.com] 
Verzonden: donderdag 23 oktober 2008 21:04
Aan: pound(at)apsis.ch
Onderwerp: Re: [Pound Mailing List] Include Directive Wanted

Hi all,[...]
Anyone care to comment on the above request?

Thanks,
Steve Amerige
www.fatbear.com


--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

On Wed, Oct 22, 2008 at 13:52, Andreas Andersson <
andreas.andersson(at)gmail.com> wrote:

[...]
So nobody answered me on this. Let me clarify.

Would it be possible to have global session tracking in some way? I think it
would be really useful if the session tracking was the same on several
services.

Thanks.
[...]

I'd love to see this too. It would make our deployments much simpler.

On Sat, Nov 1, 2008 at 7:22 PM, Jean-Pierre van Melis <jp(at)mirmana.com>
wrote:[...][...][...]

[...]

Can you reach 192.168.0.160:8080 from the Pound box? 

like, can you fetch the index.html page with

wget http://192.168.0.160:8080/

-Kiriki










 

-----Original Message-----
From: Human Servers [mailto:serversrpeopletoo2(at)gawab.com] 
Sent: Wednesday, November 05, 2008 6:34 PM
To: pound(at)apsis.ch
Subject: [Pound Mailing List] URGENT HELP NEEDED


Hi,
 I posted here back in June but didn't get a reply... and I still have the
same issue.
Fortunately, we had to do a large hardware migration after I posted for
help with Pound, so it transpired that these servers weren't needing to be
online.
But now migration is done - it is URGENT that I get Pound going again and
web servers live.
PLEASE HELP
Here is link to my original mail:
http://www.apsis.ch/pound/pound_list/archive/2008/2008-06/1214199931000#1214
199931000
I apologise for the length - but I hope providing clear structured
information saves everyone asking the obvious questions.
If I have missed anything - please don't hesistate to ask.
Many thanks if someone, ANYONE, offers assistance.
My original mail follows:
----------
First, thanks for great software (and service) - it worked for
me until I broke it! =)
I'll get directly to my reason for emailing:
Issue
-------
When trying to resolve my URL, I get:
The service is not available. Please try again later.
On proxy box, /var/log/httpd-error.log: [warn] (49) Can't assign
requested address: connect to listener on 192.168.0.160:8080
Cause of Issue
-----------------
Being a noob, I thought an SSH issue was caused by Pound, which
my friend installed.
I don't normally work near the proxy box, so I thought I could
disable Pound, fix SSH, and then SSH in to re-enable Pound
later.
SSH it seems is fine regardless of proxy, and now I can't find
my note of the command I used to disable Pound, so that I may
reverse this.
I tried standard poundctl commands, but even poundctl isn't
working.
I've searched this mailing list, learnt a lot from posts, and
googled the subject, but no luck.
Server Setup
----------------
FreeBSD 6.2
Pound is in jail.
Jail is started as per normal at boot.
rc.conf in jail has pound_enable="YES".
Pound doesn't start.
---------------- my pound.conf --------------------------
User "xxx"
Group "xxx"
ListenHTTP
Address 192.168.0.161
Port 80
LogLevel 2
# Virtual Host xxxxx.com
#
Service
HeadRequire "Host: .* xxxxx.com/home.*"
BackEnd
Address 192.168.0.160
Port 8080
End
End
End
--------------- end of pound.conf ------------------------
Tests/Logs
--------------
After boot:
ps auwx | grep pound - shows nothing.
After forcing Pound to start:
/usr/jails/proxy.xxxxx.com/usr/local/sbin/pound -f
/usr/jails/proxy.xxxxx.com/usr/local/etc/pound.conf
ps auwx | grep pound - shows:
xxx 940 0.0 1.3 2804 2476 ?? Is 11:42AM 0:00.00 
/usr/jails...
xxx 941 0.0 1.4 3572 2680 ?? I 11:42AM 0:37.58 
/usr/jails...
According to posts I've read, 2 processes is normal.
Please correct me if I'm wrong.
poundctl: Once Pound is running as per above, I try to run
poundctl without args, but it only gives me help information - I
don't get status of any Listeners, Services, BackEnds -
anything.
pound.sock Some posts refered to pound.sock, which I thought
I may have to reference in using poundctl, but a search of my
server doesn't find this file, and I didn't find anything useful
in the 4 results Google returns for 'FreeBSD pound.sock'. Nor
could I find what its alternative on FreeBSD is.
Questions
------------
1. Before I fix Pound to start at boot, is there a way I can
enable listening to get rid of the 'This service is not
available error...'?
2. Concomitantly, if I fix this error, will Pound magically
start at boot again?
3. If I need to reinstall Pound, other than copying pound.conf,
what else may I need to copy or note to reinstall without
breaking the original install?
Eg any install dir prefixes, SSL stuff, etc noted elsewhere?
My friend who installed Pounds isn't available to help at this
time, and I don't want to create more server problems.
Many thanks and sorry for the long post - I just wanted to avoid
a stretched out number of posts in reply to the obvious
questions.
Send me any questions re info I may have missed - I should be
able to answer back pretty quickly.
Once again, thanks for great software - it's quite elegant,
especially the config file layout - easy for a noob like me.


----------------------------------------------------------------------------
-------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com


--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

Thanks for the prompt help Kiriki!

Yes I can reach that internal address. It's the outside domain specified by
the Service/head requires, that resolves to the 'The service is not
available. Please try again later' message.

This config file has worked in the past. But after disabling it, I can't
re-enable the two services. The poundctl command shows no service is
running.


Kiriki Delany <kiriki(at)streamguys.com> wrote on 6 Nov 2008, 03:45 PM:
Subject: RE: [Pound Mailing List] URGENT HELP NEEDED[...]
-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

Hi,

Is your back end IP and socket allowed in the pound jail? If you disable all
of the outbound connections in the pound jail, then it won't be able to
connect to the back end.

http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail

Like Kiriki mentions, go a wget on your back end, but do it from the pound
jail.

- Jake

[...]

Thanks for the question and link Jake!

 I checked using the jls command, and the jail Pound is in, is listening on
192.168.0.161.

Also, I have no problem using SSH to connect to this jail.

I hope this answers your question.



-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

Human Servers wrote:[...]
I think he meant for you to check if you are allowed to connect to 
192.168.0.160:8080 from inside the jail
[...]

I think your inbound to pound connection is working okay. It's your
pound->back_end that is failing. In the jail, you need to allow the pound
server to connect outbound to your inside network.

So you have:

USER -> { jail [pound] }
              |
              |--> back_end

The USER -> { jail [pound] } appears to be working just fine. The other
connection is where you are seeing the failure, and I bet that your jail
configuration is preventing that connection from occurring.

When jail prevents a connection from occurring, does it log that somewhere??

User "xxx"
Group "xxx"

ListenHTTP
         Address 192.168.0.161  <--- this is okay
         Port 80

LogLevel 2

# Virtual Host xxxxx.com
#
    Service
         HeadRequire  "Host:  .* xxxxx.com/home.*"

         BackEnd

                 Address 192.168.0.160  <---- This is being stopped by jail
(I theorize)
                 Port 8080
         End
    End
End
[...]

Thanks John and Jake,

I can view the site from 192.168.0.160:8080 (backend), but 192.168.0.161
(listener) gives the 'service is not available' message.

This means the backend is directly accessible but the listener isn't
enabled and directing to the backend, right?

I haven't changed the jail setup from when Pound was working, which makes
me think that the fix is just a matter of re-enabling the listener.

Of course, I'm not sure how to do this. If you could guide me through the
-L command I can try this.

As I wrote, at this time poundctl shows that Pound isn't currently
listening to any service.

-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

After forcing Pound to start:

when trying to reach the external .com address, /var/log/messages shows:
Nov  6 23:46:51 server pound: no service "GET / HTTP/1.1" from
192.168.0.254 (the router)

when trying to reach the listener address 192.168.0.161, /var/log/messages
shows:
Nov  6 23:46:51 server pound: no service "GET / HTTP/1.1" from
192.168.0.183 (viewing PC)

Both addresses give the 'The service is not available. Please try again
later.'

Could someone please suggest how to enable listening for the addresses in
the config file I have pasted earlier?

-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

On Mon, 2008-10-20 at 08:47 -0700, Fat Bear Incorporated - Pound Mailing
List wrote:[...]

Adding an "include" directive is not difficult, but its use is
questionable: after all, Pound does NOT read the config file after
starting. Are you sure that a simple shell script to concatenate your
files before starting Pound (perhaps with m4) would not be enough?[...]

On Mon, 2008-11-03 at 13:05 +0100, Andreas Andersson wrote:[...]

Would you care to suggest a possible (and not overly complex) syntax for
that? Patch?[...]

Hi Robert,

Does "Kill -HUP" on pound cause pound to reload its configuration? If so, then
an include directive would be helpful. Otherwise, a "pound restart" is
required, which means a small amount of downtime.
[...]

When it comes the syntax of the config file I think it can be made easy in
several different ways. One of the easiest and most flexible might be
  Session
    Type IP
    TTL  3600
    Global true
  End

Which would make this and all other ip-sessions with Global set to true
share the same session tracking.

As for patching it I wish I could. I'm a decent programmer but when it comes
to C I'm lost. I've tried to read the code to see if perhaps the hash key
was made out of something from the service but never found something like
that and I gave up :(


On Thu, Nov 6, 2008 at 17:59, Robert Segall <roseg(at)apsis.ch> wrote:
[...]

[...]

Human,

First, let me state that I do NOT use pound on FreeBSD, so I don't know the
startup process.

That being said, I believe you need something like
	Control "/var/run/pound.socket"
in your config file in order to actually access the pound process using
# poundctl -c /var/run/pound.socket
(or you can name it 'pound.sock' if you wish).

As for the "On proxy box, /var/log/httpd-error.log: [warn] (49) Can't assign
requested address: connect to listener on 192.168.0.160:8080" error...
1. why is pound logging to /var/log/httpd-error.log (and is it really logging
to this file?)
2. can you access 192.168.0.160:8080 from the machine pound is running on?

-Miles

Human Servers wrote:[...]

Thanks Mike!

Yes I can see 192.168.0.160:8080 directly without Pound running - and when
Pound is forced to start too. Without Pound running 192.168.0.161 doesn't
resolve, but with Pound running I get the 'Service not available...'
message whereas it should direct to 192.168.0.160:8080.

My pound.conf file (on Linux, I think this is same as pound.cfg) has no
pound.sock reference but has what I assume is the equivalent on FreeBSD;
/var/run/pound.pid.
I think I set the logging to go to httpd-error.log a while ago. But now I'm
just getting errors in /var/log/messages.log. Any logged errors are helpful
right now! =)
As I've written before, Pound should be setup to start at boot, but I have
to force start it now, and even then it doesn't direct from
192.168.0.161:80 to 192.168.0.160:8080. Poundctl shows NO services running
- just gives me instructions to use the command to enable/disable services.

I imagine there is something missing that stops Pound being started at
boot, and this is also stopping the services from running once I have
forced Pound to start.

It's hard to find stuff online re Pound + FreeBSD. I'm sorry to bother
everyone here. I've looked everywhere!

Please keep the ideas coming - I really do need to resolve this today.

Thanks!!!

-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

Hi,

The line below will not match any (valid) host header:

HeadRequire "Host: .* xxxxx.com/home.*"

The host header only contains the host name part of the URL (e.g.
www.xxxxx.com). This means it will never contain a / character. As this is
not being matched you have no service matching the request and pound is 
returning the service not available error.

Off the top of my head you might want a line like:

HeadRequire "Host: (.+\.)?xxxxx.com$"

To respond only to requests for xxxxx.com and its sub-domains.

Regards,
Andrew


On Fri, 7 Nov 2008, Human Servers wrote:
[...]

Human,

I believe pound.pid only contains the process id (for start/stop scripts)
necessary to know which process is pound, but pound.socket (or pound.socket) is
an actual listening control socket.  On my machines, I have both pound.pid and
pound.sock:
balancer1:~# ls -l /var/run/pound*
-rw------- 1 root root    5 2007-11-03 06:31 /var/run/pound.pid
srwx------ 1 root root    0 2007-11-03 06:31 /var/run/pound.socket
total 0
balancer1:~# poundctl -c /var/run/pound.socket 
  0. http Listener 0.0.0.0:80 a
    0. Service active (1)
      0. Backend (UNKNOWN):0 active (1 0.000 sec) alive
    1. Service active (1)
      0. Backend (UNKNOWN):0 active (1 0.000 sec) alive
    2. Service active (15)
      0. Backend 10.0.0.101:81 active (5 0.000 sec) alive
      1. Backend 10.0.0.102:81 active (5 0.000 sec) alive
      2. Backend 10.0.0.103:81 active (5 0.000 sec) alive
  1. HTTPS Listener 0.0.0.0:443 a
    0. Service active (15)
      0. Backend 10.0.0.101:442 active (5 0.000 sec) alive
      1. Backend 10.0.0.102:442 active (5 0.000 sec) alive
      2. Backend 10.0.0.103:442 active (5 0.000 sec) alive
  2. HTTPS Listener 0.0.0.0:444 a
    0. Service active (15)
      0. Backend 10.0.0.101:442 active (5 0.000 sec) alive
      1. Backend 10.0.0.102:442 active (5 0.000 sec) alive
      2. Backend 10.0.0.103:442 active (5 0.000 sec) alive
  3. HTTPS Listener 0.0.0.0:445 a
    0. Service active (15)
      0. Backend 10.0.0.101:442 active (5 0.000 sec) alive
      1. Backend 10.0.0.102:442 active (5 0.000 sec) alive
      2. Backend 10.0.0.103:442 active (5 0.000 sec) alive
  4. HTTPS Listener 0.0.0.0:446 a
    0. Service active (15)
      0. Backend 10.0.0.101:442 active (5 0.000 sec) alive
      1. Backend 10.0.0.102:442 active (5 0.000 sec) alive
      2. Backend 10.0.0.103:442 active (5 0.000 sec) alive
 -1. Global services

-Miles

Human Servers wrote:[...]

Thanks SBR!

My current config worked in the past.

I did try your statement and still got the 'not available' message, which
makes me rule out the config file as causing the problem.

That said, I'll try to put your statement to use once I have fixed the
cause.

Thanks!

-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com

Thanks Mike!

A search of the FreeBSD box for pound.sock and pound.socket returns
nothing.
ls -l /var/run/pound* just shows the .pid file.
I doubt I moved this file in the past to get SSH going. Like I've written
before, I can't find anything online to backup that pound on FreeBSD has a
pound.sock/socket file.
But being a noob, it's likely I'm wrong.
If I understand right, you are running Pound on Linux?
If so, and someone else is reading this who is running Pound on a *BSD -
please drop a mail as to the existence of pound.sock/socket.
Should it be missing, I'll have to consider either reinstalling Pound
(which could cause a lot more issues) or copying the file from elsewhere
(if its not uniquely written per install/machine).

Thanks!

-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com