How to Configure Pfsense HAProxy HTTP HealthCheck Failover - web-services

I have two backend web servers, and i need to monitor them using httpcheck by checking the URL and looking for a string to be present in the response of the request. if the string is not available switch the backend to another server.
Status:
Server1 - Active
Server2 - Backup
Configuration Details:
Health Check Method : HTTP
HTTP Check Method : GET
Url used by http check requests: /jsonp/FreeForm&maxrecords=10&format=XML&ff=223
Http check version : HTTP/1.0\r\nAccept:\ XS01
Result of the http Request is
{"d":{"__type":"Response","Version":"4.5.23.1160","ResultCode":"XS01","ErrorString":"","Results":[{"__type":"Result",
so, I am expecting the string ResultCode":"XS01" in the response from the server, if the string found the server1 is up, if not bring the Server2 from the backup.
how can i achieve this in HAProxy Backend Health Check?

This can be done under Advanced Settings--> Backend Pass thru using the expect string,
http-check expect string XS01

Related

How can I use NiFi to Invoke a HTTP and send a RESTful web Service to another machines with IP address?

Current setup, there are 2 computer machine
First machine (IP of 192.168.4.1)
It contain the NiFi setup as show in the image below:
NiFi setup
Inside the NiFi setup, I get a file from a local directory and I invoke a HTTP POST to send over to the second machine which hit the Wildfly Restful Webservice endpoint. Below image show the configuration I have done inside the Invoke HTTP:
Invoke HTTP configuration
(Note: the Remote URL: http://192.168.3.1:8081/JaxRS-Nifi/restapi/multipart/upload)
Second machine (IP of 192.168.3.1)
It contain a Wildfly Restful Webservice which allow my first machine to hit the webservice endpoint.
Error that I am facing:
NiFi Error
I have a problem which the first machines doesn't send a HTTP POST over to the Second machines. I am currently looking for solutions on what are the different configurations should I do to make a NiFi HTTP over to hit the Restful Webservice endpoint?
Thanks. Appreciate if there is anyone who can help me.

can proxy server set cookie?

can the proxy server intercept my https request and set cookies before actually sending the request?
I'm going a GET on an url from chrome browser. In the development tools, under "Network", I noticed that the first request, the one that I made, has cookies set. but I did not set any cookies.
any thoughts?
No it can't. To proxy HTTPS requests your browser issues HTTP CONNECT command (https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT). Proxy then creates a tunnel between the browser and a target server.
A conventional proxy can neither view nor manipulate a TLS-encrypted data stream, so a CONNECT request simply asks the proxy to open a pipe between the client and server. The proxy here is just a facilitator - it blindly forwards data in both directions without knowing anything about the contents. The negotiation of the TLS connection happens over this pipe, and the subsequent flow of requests and responses are completely opaque to the proxy.
It cannot modify or see what is being transferred as it is protected by TLS encryption.
The only way to modify HTTPS conenctions on the fly is if you install some external CA certificates on your computer. This is known as MITM Attack.

SOAP request through JMeter with authentication

I'm having trouble sending a JMeter SOAP request through HTTP Request element -
Through SOAPUI I'm sending the request with the following properties:
Authentication via SOAP
But I cannot receive a valid response when I try to add these username password. I've tried to place it in HTTP Header Manager/ in HTTP Authorization Manager, but with no luck. I receive either error:
Response code: 404 Response message: Not Found
when placing this in the HTTP Authorization Manager and
HTTP Error 400. The request has an invalid header name
when placing the username and password in the header manager (with wss password type field, while in HTTP Authorization Manager there is not option like this).
What can I do to have a valid response from the server like I get in SOAPUI?
If you need to replicate SoapUI request I would suggest just to record the request from the SoapUI via JMeter HTTP(S) Test Script Recorder
In JMeter
File -> Template -> Recording -> Create
Workbench -> HTTP(S) Test Script Recorder -> Start
In SoapUI
File -> Preferences -> Proxy Settings
Host: localhost, Port: 8888
Enable proxy in SoapUI
Execute your request
Expand Thread Group -> Recording Controller in JMeter and observe the recorded request.
You may also need to correlate timestamps using __time() function check out Take the Pain out of Load Testing Secure Web Services for details on bypassing different web services security in JMeter tests.

ELB HAproxy and cookies

I'm using ELB in front of HA-Proxy. Stickiness is disable on ELB and I have this configuration in HA-Proxy:
backend endpoint
balance leastconn
cookie VALUE insert nocache maxidle 30
I'm using curl to query and I noticed that if I query directly HA-Proxy I get a cookie for each query. However with ELB, I would get a cookie at the first query but not with the next ones, I have to wait few minutes before it give me a cookie.
Any idea why?
HA-Proxy version 1.4.18 2011/09/16
Turned out that I needed to ask HA-Proxy to close the connection as soon as possible using option http-server-close or option forceclose.
More information about ELB keepalive can be found here
ELB's HTTP listeners present an HTTP 1.1 endpoint to clients, which means that:
HTTP Keepalive will be enabled by default for an HTTP 1.1 client
HTTP Keepalive will be disabled by default for an HTTP 1.0 client
In either case, the client can explicitly turn keepalive on or off by including the "Connection: keep-alive" or "Connection: close" headers, respectively, in the request.
Source: https://forums.aws.amazon.com/thread.jspa?messageID=200999&#200999

How to add persistent connection support to a load-balanced HTTP webservice

We are working on an HTTP webservice load-balanced using haproxy. The webservice is accessed via SSL. It is a RESTful HTTP service and simply accepts JSON, does some work, and returns JSON. There is no notion of a session.
We have redundant load-balancers set up in front of a pair of redundant webservice servers. Each server sits behind Apache, where Apache is used as a proxy in order to handle SSL and logging. If it matters, our webservice is a Clojure (java) application using compojure (jetty) to handle HTTP.
This is a brief diagram showing the path of a client request through our existing system.
client request -> haproxy (load balancing) -> apache (ssl, logging) -> webservice
We would like any connection to the load-balancer to establish a persistent connection and then be served by the same server for all subsequent requests sent through that persistent connection. In other words, we don't want a persistent connection to haproxy making requests to more than one webservice server.
How would you recommend that we get this working? How can we "pin" a given connection to the load-balancer to a specific webservice server? How could we prevent accidentally loading down a specific webservice server with multiple intensive requests?
Using balance source in the defaults block, along with removing option httpclose entries did the trick.
In our HAProxy configuration we do this at the backend level, using the cookie option. This is because he have a number of sites, some of which we do want persistance for - others we do not.
In those that we do the backend looks like this in haproxy.cfg:
backend examplesite
cookie STK insert indirect nocache maxidle 30m maxlife 8h
server server1 192.168.0.1:80 cookie n1
server server2 192.168.0.2:80 cookie n2
This will set a cookie with the name STK on the first request. Haproxy will automatically assign a value to this cookie that it will then use to send subsequent requests to the same node.
We decided to also add the n1 and n2 cookie prefixes... this means that the cookie value will be prefixed with either n1 if the requests are going to node 1 or n2 if they are going to node 2. This is very helpful when debugging.
Either way I'd suggest taking a look at the configuration documentation around cookie options.
You might also want to look at the appsession option. This allows HAProxy to use an existing cookie (such as ASPNetSessionId or PHPSESSIONID) for the same purpose.
I had problems with it before, but recently had an answer to a question of Server Fault which should resolve this. You could give it a go as it saves using an extra cookie in your requests. Can't get appsession setting in HAProxy to work.