0

We have 2 IIS servers with multiple websites on them. I want to check for each website if the are still running on each server. If i do a simple port check the IIS will reply even when 19 of the 20 sites are down. So this doesn't really help me.

I have this curl that does what i want but i have no idea how to place this in HAProxy and even if it's possible.

curl --connect-to 'website':443:'internalserverip':443 'https://website' -k

The curl commands works without the ''

tcp check is what i am using now but that sin't enough.

global
        log /dev/log   local0
        log 127.0.0.1   local1 notice
        maxconn 4096
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    tcp
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout     5000
        clitimeout     50000
        srvtimeout     50000

frontend 10_20_1_129_443
    bind 10.20.1.129:443
    option tcplog
    option logasap
    mode tcp
    default_backend 10_20_1_129_nodes_443

backend 10_20_1_129_nodes_443
    mode tcp
    balance roundrobin
    option log-health-checks
    server web01 10.20.1.50:443 check
    server web02 10.20.1.128:443 check

frontend 10_20_1_129_80
    bind 10.20.1.129:80
    option tcplog
    option logasap
    mode tcp
    default_backend 10_20_1_129_nodes_80

backend 10_20_1_129_nodes_80
    mode tcp
    balance roundrobin
    option log-health-checks
    server web01 10.20.1.50:80 check
    server web02 10.20.1.128:80 check
Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
Michael Boriau
  • 21
  • 1
  • 3
  • Did you bother reading the HAProxy documentation? – Tommiie Dec 13 '18 at 10:38
  • I have several hours into this issue yes, but havn't pinpointed the issue yet. I can get several health checks working but not this... – Michael Boriau Dec 13 '18 at 10:41
  • 1
    What have you come up with so far? Have you read https://serverfault.com/questions/757662/haproxy-check-does-not-check-content-on-iis? – Tommiie Dec 13 '18 at 10:41
  • Tom, /check.aspx isn't created on the IIS part. I just want to check if it can access the domainname on those specific servers without adding a health page. For now i'm using the simple tcp port check – Michael Boriau Dec 13 '18 at 10:48
  • I think this should get me where i want, just no idea how to impliment it. https://serverfault.com/questions/919914/haproxy-using-iis-on-same-port-with-different-host-headers/919935#919935 – Michael Boriau Dec 13 '18 at 11:15
  • If someone could help me on the way, would be apprciated. – Michael Boriau Dec 13 '18 at 13:05

1 Answers1

1

Colleague was able to pinpoint the issue. Solutions to the above was that i never used cert to decrypt the header http traffic. Once i installed the certs i was able to read the headers:

    defaults
    log     global
    mode    tcp
    option  dontlognull
    retries 3
    option redispatch
    maxconn 2000
    contimeout     5000
    clitimeout     50000
    srvtimeout     50000

    frontend 10_20_1_129_443
    bind *:443 ssl crt /etc/haproxy/wildcard.pem
    option tcplog
    option logasap
    mode http
    option http-server-close
    use_backend backend_site 1 if { hdr_beg(host) -i site 1 }
    use_backend backend_site 2 if { hdr_beg(host) -i site 2 }
    default_backend 10_20_1_129_nodes_443


    backend backend_site 2
    mode http
    balance roundrobin
    option log-health-checks
    server web01 10.20.1.50:443 check ssl verify none
    server web02 10.20.1.128:443 check ssl verify none

    backend backend_site 1
    mode http
    balance roundrobin
    option log-health-checks
    option httpchk HEAD / HTTP/1.1\r\nHost:\ site 1
    server web01 10.20.1.50:443 check ssl verify none
    server web02 10.20.1.128:443 check ssl verify none

    backend 10_20_1_129_nodes_443
    mode http
    balance roundrobin
    option log-health-checks
    server web01 10.20.1.50:443 check ssl verify none
    server web02 10.20.1.128:443 check ssl verify none
Michael Boriau
  • 21
  • 1
  • 3