Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Yaroslav Pogrebnyak
@yyyar
If you need to select always certain backend for the client, you can use balance = "iphash" or "iphash1"
Mark Davidson
@MDavidson01
Tried iphash still same issue will try iphash1 tomorrow with users and see if they complain
David W Purser
@dwpurser
I am trying to setup static routes and my connections via HTTPS 443 are working correctly, however for HTTP 80 I am getting "No matching sni [] found" however I know I am matching file below for mpm088.

[servers]

[servers.default]
protocol = "tcp"

bind = "0.0.0.0:3000"

bind = "0.0.0.0:443"

[servers.default.discovery]
kind = "static"
static_list = [
"192.168.198.10:8060 sni=sx10.mydomain.tld",
"192.168.198.11:443 sni=es011.mydomain.tld",
"192.168.198.17:1880 sni=nodered.mydomain.tld",
"192.168.198.17:18084 sni=emqx.mydomain.tld",
"192.168.198.28:443 sni=se8000.mydomain.tld",
"192.168.198.85:443 sni=as085.mydomain.tld",
"192.168.198.86:443 sni=as086.mydomain.tld",
"192.168.198.87:443 sni=as087.mydomain.tld",
"192.168.198.88:443 sni=j8000.mydomain.tld"
]

[servers.default2]
protocol = "tcp"
bind = "0.0.0.0:80"

[servers.default2.discovery]
kind = "static"
static_list = [
"192.168.198.79:80 sni=basrtp.mydomain.tld",
"192.168.198.88:80 sni=mpm088.mydomain.tld"
]

so # is interpreted as bold, funny.
Illarion Kovalchuk
@illarion
Sni depends on "hostname" field, being sent by TLS client, during TLS handshake
cleints connecting to HTTP 80 are obvously not using TLS, so that there's no room for SNI
David W Purser
@dwpurser
so how do you purpose best config to direct traffic to the 2 servers listed above for HTTP?
image.png
Yaroslav Pogrebnyak
@yyyar
@dwpurser Just remove "sni=" tag in discovery that is used in your HTTP proxy server:
[servers.default2]
protocol = "tcp"
bind = "0.0.0.0:80"

[servers.default2.discovery]
kind = "static"
static_list = [
"192.168.198.79:80",
"192.168.198.88:80"
]
David W Purser
@dwpurser
These are completely different devices, how can I configure to proxy the one I want to access? Should I setup Acme Configuration to accept the connection with SNI and proxy appropriate HTTP connection to backend server?
sedov-e
@sedov-e
Hello! Is it possible to send info about request ip address through gobetween to backend service? I saw discussion about implementation adding header in request (X-Forwarded-For). It was in experimental branch. Has it been merged in master?
hazemkmammu
@hazemkmammu
@yyyar What really is the difference between iphash and iphash1? My basic understanding is that iphash tries to route all requests from a specific client IP to the same backend. The docs say iphash1 is "same as iphash but backend removal consistent (clients remain connecting to the same backend, even if some other backends down)". Why should iphash worry about other backends going down, as long as the backend mapped to the client IP is up, it can keep connecting to the same backend, can't it?
pratheek bangera
@pratb_gitlab
Hi, I am new to goBetween. I wanted to check if I can create 2 pools in goBetween. Basically aim is to forward all packets without loadbalancing in one of the pool and for the second pool i would need to loadbalance. Is something like this possible ?
Yaroslav Pogrebnyak
@yyyar
@hazemkmammu it's because current iphash implementations are not really "sticky". I.e it's stateless: it computes hash of client IP address and then selects the corresponding backend each time request comes in. When backend list changes, that selection may fall on different backend. Example: hash(IP) = 5, and there are 3 backends. We route it to 5 % 3 = 2nd backend. If count of backends changes, for example, we now have 4 backends. So now for hash(IP) = 5 we have 5 % 4 = 1, so we route to 1st backend, that is different from previous situation.
"Sticky" iphash still needs to be implemented (yyyar/gobetween#191)
@pratb_gitlab hi, not sure what do you mean under "pool". You can use multiple separate "servers" configurations in gobetween and configure them independently.
hazemkmammu
@hazemkmammu
@yyyar That explains the unexpected behaviour we have been experiencing when the backends go down. Thank you for explaining.
Illarion Kovalchuk
@illarion
@hazemkmammu please see http://gobetween.io/documentation.html#Balancing , description of iphash1 balancing
Target backend will be calculated using hash function of client ip address in a way that if some backend goes down, only clients of the affected backend will be proxied to another backends. When affected backend gets restored, only its clients will be rebalanced back to it.
@hazemkmammu balancing is executed only when new connection is initiated, so that, if tcp connection is established, it will remain on the same backend

Why should iphash worry about other backends going down, as long as the backend mapped to the client IP is up

There's no mapping, that's why ;)

Illarion Kovalchuk
@illarion
it's stateless
pratheek bangera
@pratb_gitlab
@yyyar Thank you. I will try it out. Can we horizontally scale goBetween ?
Shantanu Gadgil
@shantanugadgil
@pratb_gitlab you should be able to launch multiple GB instances which point to the same backends as long as the backends can tolerate this.(adequately stateless backends)
LordBurrito
@LordBurrito

Hi guys, first thanks for your fantastic work, I'm actually using your LB to forward system log to elasticsearch. I've seen there was a question about keeping the source IP.

Sure, right now we have a syslog stream which is forwarded by two nginx nodes to two logstash nodes. If we dont have the nginx option mentioned before, elastic will think that the syslog is commin from the nginx node. By issuing the option above it keeps the source IP when its forwarded and lets elastic find out the real source IP of the syslog

has this been implemented? I couldn't find anything in your documentation. that would be very useful to me.
pratheek bangera
@pratb_gitlab
@shantanugadgil Thank you.
pratheek bangera
@pratb_gitlab
@yyyar for the previous question on pools, I could not proceed with creating a new server configuration as I receive the information only one port. To explain my situation a little better. I receive the traffic on port x and I need to load balance the traffic across device 1 and device 2 and in addition I need to send/ replicate the complete information to device 3 (not load balanced). Is something like this doable ?
yossi1983
@yossi1983
hi. maybe here could anybody assist me please.
I have gobetween up and running and it is working perfectly.
However, I need to get the original source IP for security reasons.
I can manipulate the back end server to recieve the proxy protocol.
But I also must have TLS which proxy protocol doesn't work with.
Any idea what can be done?
thank you very much
Illarion Kovalchuk
@illarion
Hi
So gobetween doesn't complain and forwards connections, is that right?
xUrko
@xUrko
Hello. Is it possible to configure GoBetween to just forward incoming TCP requests to Server 1 or Server 2? e.g. So If a user enters localhost:3000 it's forwarded to localhost:3001
pratheek bangera
@pratb_gitlab
@xUrko I think it must be doable. Basically you would have only one host in your server list
pratheek bangera
@pratb_gitlab
Can someone please help me with this question ?
I receive the traffic on port x and I need to load balance the traffic across device 1 and device 2 and in addition I need to send/ replicate the complete information to device 3 (not load balanced). Is something like this doable ?
pratheek bangera
@pratb_gitlab
Is anyone aware if we can increase the queue size for UDP sessions ? MAX_PACKETS_QUEUE value is set to 10k by default.
linuxdin
@linuxdin

Hi all. I'm trying to set up a reverse proxy udp load balancer for syslog. I've found the following documentation.

transparent = false # (optional) [NOTE: does not work for Windows] if true - work in transparent mode, when forwarded udp packets have client source address (requires additional host configuration) (since 0.8.0)

Would anyone know where the "additional host configuration" documentation would be?

I have version 0.8.0+snapshot
Mark Davidson
@MDavidson01
Hi everyone just a quick question, can GoBetween handle Mutual Authentication or mtls
Yaroslav Pogrebnyak
@yyyar

v0.8.0 released: https://github.com/yyyar/gobetween/releases/tag/0.8.0

Just want to remind for those who have questions, maintainers are more active in telegram channel: https://t.me/joinchat/GdlUlg_gRfchk1BORU82PA sorry for being unresponsive sometimes.

dulaneygroup
@dulaneygroup
Hello, I'm totally new to gobetween and have no experience this stuff, I'm a network guy so don't hold that against me. Is there an easy to follow guide for setting up gobetween and getting it up and running. Again I'm totally green to this so thank you for your understanding.
Yaroslav Pogrebnyak
@yyyar
hi @dulaneygroup it really depends on what do you want to accomplish. :-) Maybe you could describe it? Basic installation steps are listed here: http://gobetween.io/documentation.html#Installation
Drew
@foxler2010
Hello, two questions. First off, I do not know what the bind property means in the config file. I assume it means the host and port the service will be binding to but there are many different lines of bind and I do not know if there is special stuff to put in there. I have it set to localhost and did not change default port. Second question, I do not know how to set up TLS connection. I do not want backend TLS as I would have to expose my backend to the web to get a cert, and then unexpose it after getting the cert signed. I want Gobetween to use HTTPS and then use HTTP to connect to backend. There is an ACME config and TLS config in the config file but I am not sure how it works. Is there an ACME client included with Gobetween? I am used to using Certbot to get certificates and this is new since the client is running using config instead of me supplying the info during the run. Also, with the TLS config it is asking for a cert path but I want it to get the cert during the run, I do not have it right now. I hope that gives you guys an idea of what I need. TLS is confusing
Drew
@foxler2010
update i changed bind address to the ip of my machine, i couldnt access it from my pc
okay think i got the hang of the bind thing. i changed it again to 0.0.0.0
Raj V
@rajv09_twitter
is it possible to open a port in runtim and listen to incoming traffic for UDP ?
Starbeamrainbowlabs
@sbrl
Hey there! Does gobetween have a feature like Nginx's auth_request?
It would be very handy in combination with Authelia. I'm considering switching from Fabio, which does not support this feature.
jhallam3
@jhallam3
hey, I want to set a port that doesnt stick to the end server, I want to to flip flow between all nodes.
is that possible?
Joel Fankam
@joekrom
hi i would like to set wildcard certificates with gobetween, help is welcome
tejasdevadkar
@devadkar123

does gobetween support session affinity ? I am thinking to implement gobetween to LB my Spotfire Servers.

my requirements are like below.

If you choose to use a load balancer, it must support session affinity; this means that after a session has been established, the load balancer continues to route all requests from a particular client to a particular server. To be able to analyze streaming data in web clients, the load balancer must support WebSockets from the web client to the Spotfire Servers.

https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/clustered_server_deployments.html