I have made the following ha-proxy configuration and have recieved the following error while HAProxy restart:
HAproxy Config
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
retries 3
timeout client 3h
timeout server 3h
timeout connect 5000
frontend fe_websockets
bind 0.0.0.0:443 ssl crt /home/test/Documents/test3.pem
mode tcp
log global
option tcplog
timeout client 3600s
backlog 4096
maxconn 50000
default_backend be_nywebsockets
backend be_nywebsockets
mode tcp
option log-health-checks
option redispatch
option tcplog
balance roundrobin
server web1 localhost:8443 check
# server web2 localhost:8081 check
timeout connect 1s
timeout queue 5s
timeout server 3600s
Why does HAProxy doesnt allow to bind 443 to some server port?
I have followed the configuration specified in the following link:
https://gist.github.com/allanparsons/6076098
[ALERT] 101/231920 (8356) : Starting frontend fe_websockets: cannot bind socket [0.0.0.0:443]
Most likely, port 443 is already in use by another process. Check using netstat if you have existing processes in the haproxy box already bound to it.
Related
I have Haproxy which load balance the traffic to two apache servers.
When I benchmark with apache benchmark tool I have no errors and everything works as expected.
But when I activate the proxy protocol communication between HAProxy and apaches I start having issues.
There are two scenarios
1- Load testing with less then 500 request/second everything works well.
2- Load testing with concurrent requests > 600. I start having SSL handshake failed (5) issues.
Here is my HAproxy configuration:
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local0 debug
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 3000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
log global
option tcplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# Servers sections
#---------------------------------------------------------------------
frontend XXXX:443
bind XXX:443
mode tcp
use_backend https_front
backend https_front
balance roundrobin
server XXX XXX check send-proxy
My apache vhost conf:
<VirtualHost *:443>
...
ServerName XXXX
RemoteIPProxyProtocol On
My benchmark command:
> ab -c 1020 -n 9000 https://XXXX
...
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL read failed (1) - closing connection
139921183344512:error:140E0197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2094:
...
I can not find any logs neither in haproxy nor in the apache logs. Did someone face the same issue before ?
Thanks in advance
If I send SSL traffic to the backend server, I can see the client/source IP in the application logs.
ssl://host_name:8883
Problem: If I place haproxy before the backend server, I get haproxy IP as the source IP. SSL termination happens at the backend server.
haproxy.cfg:
defaults
maxconn 64000
option http-server-close
option httplog
option forwardfor
option contstats
timeout connect 5000ms
timeout client 30000ms
timeout server 30000ms
timeout tunnel 3600000ms
timeout http-keep-alive 1000ms
timeout http-request 30000ms
timeout queue 30000ms
errorfile 504 /var/504.http
frontend tcp-frontend-mqtt-tls
mode tcp
bind :8883 accept-proxy
log global
log-format %ci\ %fi:%fp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
tcp-request connection reject if { src -f /var/ip_blist.lst }
default_backend tcp-backend-mqtt-tls
backend tcp-backend-mqtt-tls
mode tcp
log global
balance leastconn
source 0.0.0.0 usesrc clientip
server mqtt-node-0 hostname:61008 resolvers my-dns check inter 1000
I've tried adding send-proxyv-v2 and send-proxy
server mqtt-node-0 hostname:61008 resolvers my-dns check inter 1000 send-proxy-v2
server mqtt-node-0 hostname:61008 resolvers my-dns check inter 1000 send-proxy
but that doesn't help as the SSL termination happens on the backend. am I missing something?
send-proxy is a good way to do it but your backend server/application needs to be able to parse the PROXY protocol to receive the IP information.
I am fairly new to haproxy setup. I was able to successfully setup to route frontend requests to specific port on backend. But now I have got a request to route requests to same server but different ports. The backend port to where the request needs to be routed is same as the incoming port. I tried below config among many options but nothing seems to work
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
timeout connect 10s
timeout client 1m
timeout server 1m
frontend haproxynode_https
bind 0.0.0.0:6443
bind 0.0.0.0:10111
bind 0.0.0.0:10121
bind 0.0.0.0:10131
bind 0.0.0.0:10141
bind 0.0.0.0:10181
bind 0.0.0.0:10191
bind 0.0.0.0:10011
bind 0.0.0.0:10021
bind 0.0.0.0:10041
bind 0.0.0.0:10051
bind 0.0.0.0:10061
bind 0.0.0.0:10071
bind 0.0.0.0:10091
bind 0.0.0.0:10241
mode tcp
option tcplog
timeout client 1h
default_backend backendnodes_https
backend backendnodes_https
mode tcp
timeout server 1h
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server master XX.XXX.XX.XX weight 1 port 80 maxconn 512 check
server master-1 XX.XXX.XX.XXX weight 1 port 80 maxconn 512 check
server master-2 XX.XXX.XX.XX weight 1 port 80 maxconn 512 check
Any pointers is highly appreciated
run first
haproxy -f /etc/haproxy/haproxy.cfg -c
Is all ok with the conf file ?
add at the end :
listen stats
bind :20000
mode http
stats enable
stats uri /stats
stats hide-version
stats refresh 60
stats realm Haproxy-Statistics
stats auth admin:password
stats admin if TRUE
Check the stats page : connect with a browser to
http://ip:20000/stats
send more info please
new to linux world.
I have setup two apache webserver , one haproxy and one testpc.
I am able to curl web server with index.html contents on port 80.
but when i try to curl haproxy on any port or port 80 i am getting curl:
(7) Failed connect to 35.229.60.183:80; Connection refused
firewall is turned off on all the servers, restarted the haproxy.
haproxy config file :
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 100s
maxconn 3000
frontend myserver
bind *:80
default_backend mybackendserver
mybackendserver
balance roundrobin
mode http
server webserver 35.185.18.206:80 check
server webserver1 35.231.241.247:80 check
when I try to curl them in my test machine i am getting curl:
(7) Failed connect to 35.229.60.183:80; Connection refused
35.229.60.183 is the ip of my haproxy server.
If I recall correctly, you should enable the port :80 or whatever you use, directly from the Google Cloud dashboard.
Check this out.
I am looking for a haproxy (HAProxy version 1.5.18) configuration which will allow websocket loadbalancing as well as RabbitMQ load balancing. I have tried many options but none seem to work, below is my haproxy config file:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 15s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
timeout tunnel 3600s
frontend http_web *:80
mode http
default_backend rgw
backend rgw
balance roundrobin
server rgw1 173.36.22.49:8080 maxconn 10000 weight 10 cookie rgw1 check
server rgw2 10.42.139.69:8080 maxconn 10000 weight 10 cookie rgw2 check
listen stats :9000
mode http
stats enable
stats realm Haproxy\ Statistics
stats uri /haproxy_stats # Stats URI
stats auth websocketadmin:websocketadmin
listen ampq
bind *:61613
mode tcp
option clitcpka
server rabbit1 10.42.6.112:61613 check inter 1s rise 3 fall 1
server rabbit2 10.42.6.113:61613 check inter 1s rise 3 fall 1
server rabbit3 10.42.6.114:61613 check inter 1s rise 3 fall 1
server rabbit4 10.42.6.115:61613 check inter 1s rise 3 fall 1
Haproxy doesn't give any error, it prints the below message, but it doesn't work, i cannot connect to websocket or connect to Rabbitmq. But as soon as i remove "listen ampq", everything starts working fine.
Sep 8 21:00:40 localhost haproxy[3184]: Proxy http_web started.
Sep 8 21:00:40 localhost haproxy[3184]: Proxy rgw started.
Sep 8 21:00:40 localhost haproxy[3184]: Proxy stats started.
The problem was the port 61613, which was already taken by another process. So i had to change to a new port and add it in the firewall rules and it is working now.