It appears to.

What version of pound are you using?

I made a small cfm page to kick back a 432 error....

On my 2.5 install, I see the following:

Direct to backend:
$ telnet localhost 81
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
GET /CFMXTesting/432err.cfm HTTP/1.0

HTTP/1.1 432 432
Date: Mon, 03 Jan 2011 17:12:30 GMT
Set-Cookie: CFID=4301; Expires=Wed, 26-Dec-2040 17:12:31 GMT; Path=/
Set-Cookie: CFTOKEN=732752807a993dc0-00A89175-EF9B-1D30-A6D2FF6683D77350;
Expires=Wed, 26-Dec-2040 17:12:31 GMT; Path=/
Set-Cookie: JSESSIONID=F5DB47294BCECFCD388E7676E992CF5C; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close


Upgrade a component please.
Connection closed by foreign host.

Through Pound:
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
GET /CFMXTesting/432err.cfm HTTP/1.0

HTTP/1.1 432 432
Date: Mon, 03 Jan 2011 17:14:34 GMT
Set-Cookie: CFID=4302; Expires=Wed, 26-Dec-2040 17:14:34 GMT; Path=/
Set-Cookie: CFTOKEN=d096e5b2ec40d3ab-00BB79A9-F507-7C55-8B4C1E973AE7EAAF;
Expires=Wed, 26-Dec-2040 17:14:34 GMT; Path=/
Set-Cookie: JSESSIONID=6917D0124D6B7AFDD4005023F2015298; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close


Upgrade a component please.
Connection closed by foreign host.


Pretty much the same.  And no 500 error.

Apache logs show:
127.0.0.1 - - [03/Jan/2011:12:12:30 -0500] "GET /CFMXTesting/432err.cfm
HTTP/1.0" 432 29 "-" "-" - - [-]
and
127.0.0.1 - - [03/Jan/2011:12:14:34 -0500] "GET /CFMXTesting/432err.cfm
HTTP/1.0" 432 29 "-" "-" - - [-]


So I can't find a problem with Pound...


Joe
[...]

I've implemented the "tag each request with the backend in the browser instead
of storing our sessions locally and incurring concurrency costs" method of
session tracking.  Described in 5 below.

Patch (against 2.6c) is at: https://users.k12system.com/mrwizard/pound/pound_26_backend_cookies.patch.bz2

Essentially the change to session handling is when it has to choose a random
backend (i.e. didn't find in the hashtable, or hashtable/sessions are
disabled), it will check for the backend key header and if found, it will use
the backend that matches (if possible).  This can be used to turn off session
handling entirely (allowing pound to use backend keys to use backend
stickyness), or to augment session handling... For instance, if pound is
restarted, the session DB is cleared.  Using the cookie in the browser, when
sessions are recreated, the correct backend will be chosen to resume their
sessions.


Joe
[...]

Hi again,

I was running an older pound version and just upgraded to 2.5.1.
However, no change in the behavior - so I checked with tcpdump what apache
really sends - and you were right, 
apache already sends the 500 error. It turns out its a defect in the mod_jk
(1.2.26) we were using.
I upgraded to mod_jk 1.3.31 and now it works as it should.

Sorry to have bothered you, but thanks for your help!
- Cheers, Peter

On Jan 3, 2011, at 18:16, Joe Gooch wrote:
[...][...]

--
DI Peter Burgstaller
-----------------------------------
Head of Hosted Services

SKIDATA AG
Untersbergstraße 40
A-5083 Grödig, Salzburg
[p] +43 (0) 6246 888-4155
[f] +43 (0) 6246 888-7
[e] peter.burgstaller(at)skidata.com
[w] http://www.skidata.com

No worries, glad you got it figured out!

Joe
[...]

My guess would be the new pound was compiled without the PCRE library. (Since 0
width lookaheads probably require that...)  Do a ldd on each pound binary and
see if either one is using libs the other isn't.

You could try adding the --enable-pcreposix option to configure.

Joe
[...]

Yes, this was the solution, thank you Joe!

Paul


schrieb Joe Gooch, Am 04.01.2011 17:17:[...][...][...]

No problemo! :)

Joe
[...]

Hi,

Yes, in my patch log level 4 doesn't change just log level 5 and  send 
between '(' and ')' the Service name and the backend (in this case de 
redirected URL) as is done in other places of the code.

I'm afraid I don't understand why it would break compatibility with the 
Common log Format ¿does not Service name and backend break Compatibility 
log Format?

Regards.

El 31/12/2010 10:22, Robert Segall escribió:[...][...][...]

Hi Joe!

I like the idea! You also implemented it pretty quick!
I tested you're implementation(not production) and it seems to work quite good.
The only thing I wonder is, why not choose a property which you can
deterministically extract a backend from. Like the clients ip for example. The
decimal value, modulo the number of backends. Or a cookie, modulo the #backends
etc.

About the writers-starvation. What platforms does pound want to support? I can
think of the main ones: Linux, *BSD, Solaris?, MacOS?
If these platforms support the writers-starvation regulations is it acceptable
to adopt this system?

Steven

-----Oorspronkelijk bericht-----
Van: Joe Gooch [mailto:mrwizard(at)k12system.com] 
Verzonden: maandag 3 januari 2011 21:19
Aan: <pound(at)apsis.ch>
Onderwerp: RE: [Pound Mailing List] RE: Website stalls every 60 seconds

I've implemented the "tag each request with the backend in the browser instead
of storing our sessions locally and incurring concurrency costs" method of
session tracking.  Described in 5 below.

Patch (against 2.6c) is at: https://users.k12system.com/mrwizard/pound/pound_26_backend_cookies.patch.bz2

Essentially the change to session handling is when it has to choose a random
backend (i.e. didn't find in the hashtable, or hashtable/sessions are
disabled), it will check for the backend key header and if found, it will use
the backend that matches (if possible).  This can be used to turn off session
handling entirely (allowing pound to use backend keys to use backend
stickyness), or to augment session handling... For instance, if pound is
restarted, the session DB is cleared.  Using the cookie in the browser, when
sessions are recreated, the correct backend will be chosen to resume their
sessions.


Joe
[...]

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

Just something that came to mind: what about using memcached? You can provide
an expire parameter. This invalidates old items automatically.

-----Oorspronkelijk bericht-----
Van: Steven van der Vegt [mailto:steven(at)echelon.nl] 
Verzonden: woensdag 5 januari 2011 14:34
Aan: pound(at)apsis.ch
Onderwerp: RE: [Pound Mailing List] RE: Website stalls every 60 seconds

Hi Joe!

I like the idea! You also implemented it pretty quick!
I tested you're implementation(not production) and it seems to work quite good.
The only thing I wonder is, why not choose a property which you can
deterministically extract a backend from. Like the clients ip for example. The
decimal value, modulo the number of backends. Or a cookie, modulo the #backends
etc.

About the writers-starvation. What platforms does pound want to support? I can
think of the main ones: Linux, *BSD, Solaris?, MacOS?
If these platforms support the writers-starvation regulations is it acceptable
to adopt this system?

Steven

-----Oorspronkelijk bericht-----
Van: Joe Gooch [mailto:mrwizard(at)k12system.com] 
Verzonden: maandag 3 januari 2011 21:19
Aan: <pound(at)apsis.ch>
Onderwerp: RE: [Pound Mailing List] RE: Website stalls every 60 seconds

I've implemented the "tag each request with the backend in the browser instead
of storing our sessions locally and incurring concurrency costs" method of
session tracking.  Described in 5 below.

Patch (against 2.6c) is at: https://users.k12system.com/mrwizard/pound/pound_26_backend_cookies.patch.bz2

Essentially the change to session handling is when it has to choose a random
backend (i.e. didn't find in the hashtable, or hashtable/sessions are
disabled), it will check for the backend key header and if found, it will use
the backend that matches (if possible).  This can be used to turn off session
handling entirely (allowing pound to use backend keys to use backend
stickyness), or to augment session handling... For instance, if pound is
restarted, the session DB is cleared.  Using the cookie in the browser, when
sessions are recreated, the correct backend will be chosen to resume their
sessions.


Joe
[...]

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

> -----Original Message-----[...]

Good to hear :)
[...]

I have issues with client ip specifically... Pools of proxy servers with
different ips, mobile devices that might jump ips frequently, and the case of
internal clients where the ips might not be significantly different.

The main reason not to do this in my opinion is it won't allow for a proper
load balance.  If you have 5 backends and yournet.10 and yournet.20 are your
biggest talkers, they'll both be assigned to the same backend.  Even worse, if
a backend dies, what do you do?  If your number of backends decreases you will
remap a lot of your sessions.  If you don't decrease your modulo, you have to
deterministically figure out a replacement backend, which will likely overload
one or more of them.

Session type IP in pound works with client ips, but it's still using the
session database to ensure an equal load balance.

At least going with a cookie like this, Pound is deciding where to place the
requests.  It can do so based on the same logic as using a session database, it
can handle dead and disabled servers properly, and the backend assignment will
be as fair as usual.  (Using dynscale or not, depending on your config)

Joe

I wouldn't even consider it for anything other than UNIX domain sockets.  Even
so, I'm not sure adding another network based call-response protocol to every
request is going to solve any of our problems.  I would think local memory and
synchronization, even with locking, would be faster.  Then again, without
proper benchmarking I can't be sure. :)

Since my patch will allow creation of sessions even when the client doesn't
give one, you might want to rerun your benchmarking w/ ab.  

Joe
[...]

On 1/7/2011 4:00 PM, Nelson Pereira wrote:[...]

Yes, you want to use the 'HeadRequire' directive.  You should follow the 
example on apsis.ch/pound under the section "VIRTUAL HOSTS (IN 
GENERAL)".  I believe that describes what you want.

You get to choose your favorite text editor as the gui for configuring 
pound.  :)

Regards,[...]

Ok, but how do you configure it and how is it called? I can install it
on a ubuntu 10.10 server, any special package requirement? Is there a
debian packe available for pound?

Sent from my iPhone4 on IOS4

On Jan 7, 2011, at 4:17 PM, Dave Steinberg <dave(at)redterror.net> wrote:
[...][...][...]

2.4.3 is available in Lenny, 2.5 is available in squeeze and sid.

Joe
[...]

So no lucid support?

Sent from my iPhone4 on IOS4

On Jan 7, 2011, at 4:47 PM, Joe Gooch <mrwizard(at)k12system.com> wrote:
[...][...]
>>>> Not sure if pound can do this but here is what i need to do:
>>>> web1.mydomain.com resolves to 209.5.5.5 which is my public IP
on the
>>>> external side of my router. Router is setup to forward
(port[...]
>>>> port 80 based traffic to internal ip 192.168.1.10 (my PVE
system)[...]
>>>> want that server to lookup the request, and for web1 forward
to
>>>> 192.168.1.101, for web2 to .102 etc.... Can pound do this and
if so,[...]
>>>> should it be configured and what is the configuration file?
>>>> Is there a web GUI to configure pound?
>>>
>>> Yes, you want to use the 'HeadRequire' directive.  You should
follow[...]
>>>
>>> You get to choose your favorite text editor as the gui for[...]
>>>
>>> Regards,
>>> --
>>> Dave Steinberg
>>> http://www.geekisp.com/
>>> http://www.steinbergcomputing.com/
>>> http://www.redterror.net/
>>>
>>> --
>>> To unsubscribe send an email with subject unsubscribe to[...]
>>> Please contact roseg(at)apsis.ch for questions.[...][...]

The pound project does not package a binary at all.  Any packaging support
would be done by external maintainers.  I merely provided the Debian
information because I run Debian and could run apt-cache policy.

A 10sec google search yields that 2.4.5 is available in lucid.
http://packages.ubuntu.com/lucid/pound

There's apparently further ubuntu documentation here:
https://help.ubuntu.com/community/Pound

Which I believe just about covers what you're asking... Since the example has
multiple backends and illustrates the HeadRequire directive.

Joe
[...]

Thanks joe ill check it out

Sent from my iPhone4 on IOS4

On Jan 7, 2011, at 5:06 PM, Joe Gooch <mrwizard(at)k12system.com> wrote:
[...][...]
>>>
>>> Joe
>>>
>>>> -----Original Message-----
>>>> From: Nelson Pereira [mailto:kitkat0981(at)gmail.com]
>>>> Sent: Friday, January 07, 2011 4:34 PM
>>>> To: pound(at)apsis.ch
>>>> Subject: Re: [Pound Mailing List] Question on setup
>>>>
>>>> Ok, but how do you configure it and how is it called? I can
install[...]
>>>> on a ubuntu 10.10 server, any special package requirement? Is
there[...]
>>>> debian packe available for pound?
>>>>
>>>> Sent from my iPhone4 on IOS4
>>>>
>>>> On Jan 7, 2011, at 4:17 PM, Dave Steinberg
<dave(at)redterror.net>[...]
>>>>
>>>>> On 1/7/2011 4:00 PM, Nelson Pereira wrote:
>>>>>> Not sure if pound can do this but here is what i need
to do:
>>>>>> web1.mydomain.com resolves to 209.5.5.5 which is my
public IP on[...]
>>>>>> external side of my router. Router is setup to forward
(port
>>>> forwarding) all
>>>>>> port 80 based traffic to internal ip 192.168.1.10 (my
PVE system)
>>>> which I
>>>>>> want that server to lookup the request, and for web1
forward to
>>>>>> 192.168.1.101, for web2 to .102 etc.... Can pound do
this and if[...]
>>>> how
>>>>>> should it be configured and what is the configuration
file?
>>>>>> Is there a web GUI to configure pound?
>>>>>
>>>>> Yes, you want to use the 'HeadRequire' directive.  You
should[...]
>>>> the example on apsis.ch/pound under the section "VIRTUAL HOSTS
(IN
>>>> GENERAL)".  I believe that describes what you want.
>>>>>
>>>>> You get to choose your favorite text editor as the gui for
>>>> configuring pound.  :)
>>>>>
>>>>> Regards,
>>>>> --
>>>>> Dave Steinberg
>>>>> http://www.geekisp.com/
>>>>> http://www.steinbergcomputing.com/
>>>>> http://www.redterror.net/
>>>>>
>>>>> --
>>>>> To unsubscribe send an email with subject unsubscribe to
>>>> pound(at)apsis.ch.
>>>>> Please contact roseg(at)apsis.ch for questions.
>>>>
>>>> --
>>>> To unsubscribe send an email with subject unsubscribe to
>>>> pound(at)apsis.ch.
>>>> Please contact roseg(at)apsis.ch for questions.
>>>
>>> --
>>> To unsubscribe send an email with subject unsubscribe to[...]
>>> Please contact roseg(at)apsis.ch for questions.[...][...]

ok instaled it and configured the pound.cfg and also changed the
/etc/default/pound with startup=1

then I start pound and get
Starting reverse proxy and load balancer: poundstarting...
 failed!
in my syslog says
  Jan 7 18:25:01  cron 32544  (root) CMD
(/usr/share/vzctl/scripts/vpsnetclean) Jan 7 18:25:18  proxwww 32594  Starting
new child 32594 Jan 7 18:25:24  proxwww 32601  Starting new child 32601 Jan
7 18:26:21  proxwww 32681  Starting new child 32681 Jan 7 18:26:51  proxwww
32711  Starting new child 32711 Jan 7 18:27:24  proxwww 300  Starting new
child 300 Jan 7 18:27:34  proxwww 331  Starting new child 331 Jan 7
18:28:02  proxwww 331  update ticket Jan 7 18:28:21  proxwww 388  Starting
new child 388 Jan 7 18:29:47  proxwww 479  Starting new child 479 Jan 7
18:29:57  proxwww 493  Starting new child 493 Jan 7 18:30:01  cron 502  (root)
CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7 18:30:01  cron 503  (root)
CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7 18:30:01  cron 504  (root)
CMD (test -x /usr/lib/atsar/atsa1 && /usr/lib/atsar/atsa1) Jan 7
18:30:51
proxwww 592  Starting new child 592 Jan 7 18:31:01  proxwww 614  Starting
new child 614 Jan 7 18:31:43  proxwww 727  Starting new child 727 Jan 7
18:32:04  proxwww 772  Starting new child 772 Jan 7 18:32:49  proxwww
833  Starting
new child 833 Jan 7 18:33:28  proxwww 873  Starting new child 873 Jan 7
18:33:31  proxwww 877  Starting new child 877 Jan 7 18:34:31  proxwww
943  Starting
new child 943 Jan 7 18:35:01  cron 982  (root) CMD
(/usr/share/vzctl/scripts/vpsreboot) Jan 7 18:35:01  cron 983  (root) CMD
(/usr/share/vzctl/scripts/vpsnetclean) Jan 7 18:35:03  proxwww 1001  Starting
new child 1001 Jan 7 18:35:17  proxwww 1084  Starting new child 1084 Jan 7
18:36:01  proxwww 1149  Starting new child 1149 Jan 7 18:36:20  proxwww
1192  Starting new child 1192 Jan 7 18:36:51  pvedaemon 2604  worker 31947
finished Jan 7 18:36:51  pvedaemon 2604  starting 1 worker(s) Jan 7
18:36:51  pvedaemon 2604  worker 1225 started Jan 7 18:37:03  proxwww
1238  Starting
new child 1238 Jan 7 18:37:24  proxwww 1273  Starting new child 1273 Jan 7
18:38:05  pound   HTTP socket bind 127.0.0.1:80: Address already in use -
aborted Jan 7 18:38:06  pvedaemon 2604  worker 31976 finished Jan 7
18:38:06  pvedaemon 2604  starting 1 worker(s) Jan 7 18:38:06  pvedaemon
2604  worker 1341 started Jan 7 18:38:09  proxwww 1345  Starting new child
1345 Jan 7 18:38:19  proxwww 1356  Starting new child 1356 Jan 7 18:39:15
proxwww 1423  Starting new child 1423 Jan 7 18:39:22  proxwww 1431  Starting
new child 1431 Jan 7 18:39:33  proxwww 1423  update ticket Jan 7 18:40:01
cron 1461  (root) CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7 18:40:01
cron 1462  (root) CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7 18:40:01
cron 1463  (root) CMD (test -x /usr/lib/atsar/atsa1 &&
/usr/lib/atsar/atsa1) Jan
7 18:40:13  proxwww 1496  Starting new child 1496 Jan 7 18:40:46  pound   HTTP
socket bind 192.168.1.10:80: Address already in use - aborted Jan 7
18:40:46  proxwww 1553  Starting new child 1553 Jan 7 18:41:18  proxwww
1607  Starting new child 1607 Jan 7 18:41:53  proxwww 1640  Starting new
child 1640 Jan 7 18:42:00  proxwww 1648  Starting new child 1648 Jan 7
18:42:59  proxwww 1706  Starting new child 1706 Jan 7 18:43:14  proxwww
1728  Starting new child 1728 Jan 7 18:44:06  proxwww 1784  Starting new
child 1784 Jan 7 18:44:21  proxwww 1798  Starting new child 1798 Jan 7
18:45:01  cron 1842  (root) CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7
18:45:01  cron 1843  (root) CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7
18:45:12  ntpd 2797  synchronized to 216.93.242.10, stratum 2 Jan 7
18:45:12  ntpd 2797  kernel time sync status change 4001 Jan 7 18:45:13
proxwww 1877  Starting new child 1877 Jan 7 18:45:14  proxwww 1879  Starting
new child 1879 Jan 7 18:45:14  proxwww 1880  Starting new child 1880 Jan 7
18:46:21  proxwww 1962  Starting new child 1962 Jan 7 18:46:39  proxwww
2006  Starting new child 2006 Jan 7 18:47:10  proxwww 2038  Starting new
child 2038 Jan 7 18:48:00  proxwww 2086  Starting new child 2086 Jan 7
18:48:01  proxwww 2088  Starting new child 2088 Jan 7 18:48:01  proxwww
2087  Starting new child 2087 Jan 7 18:49:07  proxwww 2153  Starting new
child 2153 Jan 7 18:49:16  proxwww 2164  Starting new child 2164 Jan 7
18:50:01  cron 2211  (root) CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7
18:50:01  cron 2213  (root) CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7
18:50:01  cron 2212  (root) CMD (test -x /usr/lib/atsar/atsa1 &&
/usr/lib/atsar/atsa1) Jan 7 18:50:07  proxwww 2241  Starting new child 2241 Jan
7 18:50:28  proxwww 2262  Starting new child 2262 Jan 7 18:51:10  proxwww
2321  Starting new child 2321 Jan 7 18:51:53  proxwww 2388  Starting new
child 2388 Jan 7 18:52:26  proxwww 2427  Starting new child 2427 Jan 7
18:52:32  proxwww 2435  Starting new child 2435 Jan 7 18:53:32  proxwww
2492  Starting new child 2492 Jan 7 18:53:46  proxwww 2508  Starting new
child 2508 Jan 7 18:54:38  proxwww 2557  Starting new child 2557 Jan 7
18:54:41  proxwww 2560  Starting new child 2560 Jan 7 18:55:01  cron
2583  (root)
CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7 18:55:01  cron 2584  (root)
CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7 18:55:45  proxwww
2646  Starting
new child 2646 Jan 7 18:55:55  proxwww 2657  Starting new child 2657 Jan 7
18:56:51  proxwww 2868  Starting new child 2868 Jan 7 18:57:18  proxwww
2894  Starting new child 2894 Jan 7 18:57:57  proxwww 2933  Starting new
child 2933 Jan 7 18:58:30  proxwww 2976  Starting new child 2976 Jan 7
18:58:32  proxwww 2978  Starting new child 2978 Jan 7 18:58:49  pound   HTTP
socket bind 192.168.1.10:80: Address already in use - aborted Jan 7
18:59:36  proxwww 3050  Starting new child 3050 Jan 7 19:00:01  cron
3076  (root)
CMD (/usr/share/vzctl/scripts/vpsnetclean) Jan 7 19:00:01  cron 3077  (root)
CMD (test -x /usr/lib/atsar/atsa1 && /usr/lib/atsar/atsa1) Jan 7
19:00:01
cron 3078  (root) CMD (/usr/share/vzctl/scripts/vpsreboot) Jan 7 19:00:09
proxwww 3108  Starting new child 3108 Jan 7 19:00:10  proxwww 3109  Starting
new child 3109 Jan 7 19:00:10  proxwww 3110  Starting new child 3110

Jan  7 18:58:49 proxmox pound: HTTP socket bind 192.168.1.10:80: Address
already in use - aborted
Jan  7 18:59:36 proxmox proxwww[3050]: Starting new child 3050
Jan  7 19:00:09 proxmox proxwww[3108]: Starting new child 3108
Jan  7 19:00:10 proxmox proxwww[3109]: Starting new child 3109
Jan  7 19:00:10 proxmox proxwww[3110]: Starting new child 3110

It does not seem to work... I dont see any traffic comming in.

Yet:
proxmox:/etc/pound# /etc/init.d/pound status
pound is running.


On Fri, Jan 7, 2011 at 5:08 PM, Nelson Pereira <kitkat0981(at)gmail.com>
wrote:
[...]

Can anyone help me in setting up https ?

I really need help on this please.

How do I create a pem file and is my config bellow ok?


Thanks

On Jan 7, 2011, at 7:53 PM, Nelson Pereira wrote:
[...]

On 1/8/2011 6:05 PM, nelson pereira wrote:[...]

A pem format file is just:

$ cat server.key server.crt intermediate-certs > server.pem

If you have no intermediate certs, then obviously omit that.

Regarding the rest of your config, I believe you need a directive to 
tell pound to talk to the backends over https, assuming that's what you 
want.  I don't use that feature, so I'll have to refer you to the man 
page for the specifics.

Regards,[...]

but how do i create the server.key and server.crt?

thanks




On Jan 8, 2011, at 6:47 PM, Dave Steinberg wrote:
[...][...][...]

On Sat, 2011-01-08 at 19:59 -0500, nelson pereira wrote:[...]

http://www.google.com/search?q=how+do+i+create+the+server.key+and+server.crt

ok, so now that I have my server.pem file created and copied to /etc/pound
what does my pound.cfg file should look like to enable HTTPS ?




[...]

got it, just had to add the Cert "/etc/pound/server.pem"

Restarted pound and started ok. But when I go to my
https://web1.mydomain.com i get this
error in syslog:

Jan  9 22:06:20 pound pound: (b737fb70) e500 can't read header
Jan  9 22:06:20 pound pound: (b737fb70) e500 response error read from
192.168.1.10:443/GET / HTTP/1.1: Success (0.001 secs)




On Sun, Jan 9, 2011 at 5:02 PM, Nelson Pereira <kitkat0981(at)gmail.com>
wrote:
[...][...][...]

On 1/9/2011 5:02 PM, Nelson Pereira wrote:[...]

You're looking for the 'HTTPS Listener' section of the man page.  Roughly:

ListenHTTPS
         Address A.B.C.D
         Port 443
         Cert "/path/to/my/pem"
End

Put any service definitions you want in there, or just keep them global 
(my preference).

Regards,[...]

On 1/9/2011 5:07 PM, Nelson Pereira wrote:[...]

I'm not immediately familiar with this error, but let's see the full 
config where it is now.  My guess is that you need "HTTPS" specified in 
the backend definition, since normally pound talks to the backends over 
regular HTTP.

Regards,[...]

done that, and the service looks like this:

        Service
                HeadRequire "Host:.*proxmox.mydomain.com.*"
                BackEnd
                        Address 192.168.1.10
                        Port    443
                End
        End

Yet I keep getting the logs in syslog:
can't read header
e500 response error read from 192.168.1.10:443/GET / HTTP/1.1: Success
(0.001 secs)

and then i get a page cannot be displayed.


On Sun, Jan 9, 2011 at 5:16 PM, Dave Steinberg <dave(at)redterror.net>
wrote:
[...][...][...]

On 1/9/2011 5:25 PM, Nelson Pereira wrote:[...]

Try adding "HTTPS" to the backend directive.  I'm not 100% sure of the 
syntax there, I think its literally a bareword as in:

BackEnd
	Address 192...
	Port 443
	HTTPS
End

That will tell pound to talk https to the backend.  I don't use that 
myself so I can't advise precisely how it should look, but play around 
with it or maybe check the archives to see if there are examples.

Regards,[...]

adding HTTPS to the backend did not help.

When restarting, pound complains with :

unknown directive "			HTTPS" - aborted

has anyone gotten pound to handle https on the backend also?

This is specifically for webmin that is running on a server which i want
accessible using webmin.mydomain.com
I also have a proxmox server that only communicates with https, which i want
accessible using https://proxmox.mydomain.com








On Jan 9, 2011, at 5:33 PM, Dave Steinberg wrote:
[...][...][...]

does pound do https to https backend?

I think this is something proxmox does not actualy do.. am i wrong?

Nelson

On Jan 9, 2011, at 5:33 PM, Dave Steinberg wrote:
[...][...][...]

Support for HTTPS backends was added in Pound 2.5c.

You configure in a backend group by using the HTTPS Directive.  From the Pound
manual page:

BackEnd
       A back-end is a definition of a single back-end server Pound will use to
reply to incoming requests.  All configuration directives enclosed between
BackEnd and End
       are specific to a single service. The following directives are
available:

       Address address
              The address that Pound will connect to. This can be a numeric IP
address, or a symbolic host name that must be resolvable at run-time. If the
name cannot be
              resolved to a valid address, Pound will assume that it represents
the path for a Unix-domain socket. This is a mandatory parameter.

       Port port
              The port number that Pound will connect to. This is a mandatory
parameter for non Unix-domain back-ends.

       HTTPS [ "cert" ]
              The back-end is using HTTPS. If the optional parameter cert is
specified, Pound will present this certificate to the back-end.

       Priority val
              The  priority  of  this  back-end (between 1 and 9, 5 is
default). Higher priority back-ends will be used more often than lower priority
ones, so you should
              define higher priorities for more capable servers.

       TimeOut val
              Override the global TimeOut value.

       ConnTO val
              Override the global ConnTO value.

       HAport [ address ] port
              A port (and optional address) to be used for server function
checks. See below the "High Availability" section for a more detailed 
discussion.  By  default
              Pound  uses the same address as the back-end server, but you may
use a separate address if you wish. This directive applies only to non
Unix-domain servers.


Joe

[...]

My version is :

root(at)pound:~# pound -V
starting...
Version 2.4.5
  Configuration switches:
    --enable-cert1l


i installed using apt-get, how do I upgrade to 2.5c as apt-get does not have
that release?

NP

On Mon, Jan 10, 2011 at 11:03 AM, Joe Gooch <mrwizard(at)k12system.com>
wrote:
[...]

You would need to pull a pound 2.5 deb package (for instance from debian sid),
or compile pound yourself.  (Or at least compile pound and replace the pound
binary in /usr/sbin or wherever the package put it)

See http://www.apsis.ch/pound/index_html,
installation section.

Joe

[...]

(I was really hoping that encoding issue was gone... oh well.)

You would need to pull a pound 2.5 deb package (for instance from debian sid),
or compile pound yourself.  (Or at least compile pound and replace the pound
binary in /usr/sbin or wherever the package put it)

See http://www.apsis.ch/pound/index_html,
installation section.

Joe
[...]

It appears ubuntu maverick has a pound 2.5 package.

http://packages.ubuntu.com/source/maverick/pound

Joe
[...]

Hi,

Do you have a core file? If you build pound with debug symbols and have a
core file, then you can dbg the core file and see where it is segfaulting.
Once you get that information, post it and someone will be able to better
help you. 

What other libraries are you using? (pcre, tmalloc, etc.)

What platform are you building on? (intel/amd, bsd/centos/ubuntu, ssl
accelerator, etc.)

If you are using tmalloc, then first remove it and re-build. I've had very
little success with tmalloc in any version of pound that I've built from
source (on centos 4 and centos 5).
[...]

Even by upgrading to pound 2.5, it's still not working...

Jan 10 20:31:05 pound pound: (b72c2b70) e500 can't read header
Jan 10 20:31:05 pound pound: (b72c2b70) e500 response error read from
192.168.1.10:443/GET / HTTP/1.1: Success (0.002 secs)

root(at)pound:~# pound -V
starting...
Version 2.5
  Configuration switches:
    --enable-cert1l
Exiting...
root(at)pound:~#



On Mon, Jan 10, 2011 at 12:12 PM, Joe Gooch <mrwizard(at)k12system.com>
wrote:
[...]

Service
    HeadRequire "Host:.*proxmox.mydomain.com.*"
    BackEnd
        Address 192.168.1.10
        Port    443
        HTTPS
    End
End

If it already looks like that, post your config so we can look for other
problems.

Joe
[...]

BINGO !   You got it... I had taken the HTTPS statement out of the Service
section as it did not work for 2.4
I did not think of adding this once I upgraded to 2.5

Thanks for all the help... Now everything works like a charm !

You guys ROCK !

On Mon, Jan 10, 2011 at 3:48 PM, Joe Gooch <mrwizard(at)k12system.com>
wrote:
[...]

Glad you got it working!

Take care.

Joe
[...]

Since this patch is working very well, can someone tell me about the chances
this code will be adopted in the main trunk? And if so, will this be in the 2.6
release? And if so, what is the estimated month of the 2.6 release?
I ask these questions because we like the idea of stable and maintained code on
our production servers :)

Thanks!

Steven

-----Oorspronkelijk bericht-----
Van: Joe Gooch [mailto:mrwizard(at)k12system.com] 
Verzonden: woensdag 5 januari 2011 17:21
Aan: pound(at)apsis.ch
Onderwerp: RE: [Pound Mailing List] RE: Website stalls every 60 seconds

I wouldn't even consider it for anything other than UNIX domain sockets.  Even
so, I'm not sure adding another network based call-response protocol to every
request is going to solve any of our problems.  I would think local memory and
synchronization, even with locking, would be faster.  Then again, without
proper benchmarking I can't be sure. :)

Since my patch will allow creation of sessions even when the client doesn't
give one, you might want to rerun your benchmarking w/ ab.  

Joe
[...]

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

On Mon, 2011-01-03 at 20:18 +0000, Joe Gooch wrote:[...]

Many thanks for the path, Joe.

I had a look at it, and I have one small objection: if I understand
correctly the whole thing stops working if a client does not support
cookies (because of user settings in a browser, or because of some silly
API).

We are now working at making the session cleaning somewhat more granular
and efficient, so a bit of patience please...[...]

On Wed, 2011-01-12 at 15:22 +0000, Steven van der Vegt wrote:[...]

Please see my message about Joe Gooch's patch.

As to the final 2.6 - that really depends on the feedback we get on the
beta releases. Until now this has been "limited" - we need your help
with the testing.[...]

If Cookies aren't enabled, then the backend cookie feature wouldn't be any
different from the existing session handling.  (you can still configure a
session database based on URL/PARAM/IP...)  rand_backend would return a random
backend (as it always had) instead of finding an answer in a cookie.

Since I use cookie based session affinity, everything would fall apart without
cookies anyway.  I can't see any way this method of tracking would work for the
others (URL/PARAM) without rewriting request content, which isn't likely to
ever be a pound feature. :)


So if you aren't using cookies, this feature doesn't hurt anything.  If you are
using cookies, you can use Session Cookie, this feature, or both.

Joe
[...]

On 1/13/2011 12:57 PM, Robert Segall wrote:[...][...][...]

I've been running it for a little over a week.  No problems so far.

Regards,[...]

If Cookies aren't enabled, then the backend cookie feature wouldn't be any
different from the existing session handling.  (you can still configure a
session database based on URL/PARAM/IP...)  rand_backend would return a random
backend (as it always had) instead of finding an answer in a cookie.

Since I use cookie based session affinity, everything would fall apart without
cookies anyway.  I can't see any way this method of tracking would work for the
others (URL/PARAM) without rewriting request content, which isn't likely to
ever be a pound feature. :)


So if you aren't using cookies, this feature doesn't hurt anything.  If you are
using cookies, you can use Session Cookie, this feature, or both.

Joe
[...]

On 1/13/2011 1:09 PM, Dave Steinberg wrote:[...][...]
>>> Since this patch is working very well, can someone tell me about
the
>>> chances this code will be adopted in the main trunk? And if so,
will
>>> this be in the 2.6 release? And if so, what is the estimated month
of
>>> the 2.6 release?
>>> I ask these questions because we like the idea of stable and
>>> maintained code on our production servers :)
>>>
>>> Thanks!
>>>
>>> Steven[...][...]

Ok, maybe no problems except for my amnesia.  No problems other than 
what I already reported.  More coffee...

Regards,[...]

Guy's,

im moving my pound to a new VM and I re-installed pound 2.5
My SSL cert has a password and i  am trying to change it so it does not have a
passphrase.

I found a site on how to create my certificate, and followed it... yet when I
try to start pound i get this error message:

root(at)pound:~# /etc/init.d/pound start
 * Starting reverse proxy and load balancer pound
starting...
/etc/pound/pound.cfg line 45: SSL_CTX_use_PrivateKey_file failed - aborted
   ...fail!




On Jan 11, 2011, at 9:33 AM, Joe Gooch wrote:
[...][...]
>>> Service
>>>   HeadRequire "Host:.*proxmox.mydomain.com.*"
>>>   BackEnd
>>>       Address 192.168.1.10
>>>       Port    443
>>>       HTTPS
>>>   End
>>> End
>>> 
>>> If it already looks like that, post your config so we can look
for[...]
>>> problems.
>>> 
>>> Joe
>>> [...]

On 1/13/2011 10:05 PM, nelson pereira wrote:[...]

The password is on your private key.  Generate a new key, a new CSR, and 
have your cert authority re-issue the certificate.

Regards,[...]

My patch at https://users.k12system.com/mrwizard/pound/pound-2.5-03_IncludeDirDirective.patch.bz2
implements the ability to include multiple files from a directory.  You'd have
to compile your own pound to use it.

Or, you can modify your startup script to create a unified include file... for
instance:
/etc/pound/pound.cfg   Include "/etc/pound/vhosts.cfg"

In your startup script:
cat /etc/pound/vhosts.d/*.cfg > /etc/pound/vhosts.cfg
pound -f /etc/pound/pound.cfg

or similar.


Joe
[...]

Thanks for the reply Joe.  I'll take a look at your code.

I'm already using a unified include file as was pretty obvious in my 
snippet:

Include "/etc/pound/vhosts.cfg"


I needed some way to use "*.cfg" or something, since I would prefer to 
put vhost definitions on separate files.

- Romar




On Friday, 14 January, 2011 10:30 PM, Joe Gooch wrote:[...][...][...]

Hi Joe,

I can't seem to access your link. Could it by chance be broken?

Thanks.

- Romar


On Friday, 14 January, 2011 10:30 PM, Joe Gooch wrote:[...][...][...]

> -----Original Message-----[...]

Right, that's why the suggestion was to automatically assemble the unified file
when you start the daemon, from your individual files.

Joe

It should work... Try now?

Joe
[...]

On Monday, 17 January, 2011 11:04 PM, Joe Gooch wrote:[...]
Aaahh yes. Now I get what you mean. We actually have a plan for 
something similar but via a db.

Will retry your link.

Thanks again for the quick assist Joe :). Regards!


- Romar

[...]