@tkrishnamurthy wrote:
I have configured haproxy after which I am able to launch my node application using the IP address.
However, if I use my domain instead on the URL, I get “Invalid Host Header” error.
Can someone assist, please?
Posts: 1
Participants: 1
@quanzhao wrote:
I had used h2spec tool to test http2 rfc7540 for haproxy, but some case is not right.
So how can I do if I want to enable h2 in the haproxy?
Haproxy tested is 1.8.3 and the generic test result is:Generic tests for HTTP/2 server 1. Starting HTTP/2 [send] Raw Data (0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a) [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) [recv] Error: read tcp 30.40.53.15:62726->106.14.125.167:9443: read: connection reset by peer × 1: Sends a client connection preface -> The endpoint MUST accept client connection preface. Expected: SETTINGS Frame (flags:0x00) Actual: Error: read tcp 30.40.53.15:62726->106.14.125.167:9443: read: connection reset by peer 2. Streams and Multiplexing [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a PRIORITY frame on idle stream Error: read tcp 30.40.53.15:62727->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a WINDOW_UPDATE frame on half-closed (remote) stream Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a PRIORITY frame on half-closed (remote) stream Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a RST_STREAM frame on half-closed (remote) stream Error: read tcp 30.40.53.15:62730->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: Sends a PRIORITY frame on closed stream Error: read tcp 30.40.53.15:62731->106.14.125.167:9443: read: connection reset by peer 3. Frame Definitions 3.1. DATA [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a DATA frame Error: read tcp 30.40.53.15:62732->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends multiple DATA frames Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a DATA frame with padding Error: EOF 3.2. HEADERS [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a HEADERS frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a HEADERS frame with padding Error: read tcp 30.40.53.15:62736->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a HEADERS frame with priority Error: EOF 3.3. PRIORITY [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a PRIORITY frame with priority 1 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a PRIORITY frame with priority 256 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a PRIORITY frame with stream dependency Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a PRIORITY frame with exclusive Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: Sends a PRIORITY frame for an idle stream, then send a HEADER frame for a lower stream ID Error: EOF 3.4. RST_STREAM [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a RST_STREAM frame Error: EOF 3.5. SETTINGS [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a SETTINGS frame Error: EOF 3.7. PING [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a PING frame Error: EOF 3.8. GOAWAY [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a GOAWAY frame Error: EOF 3.9. WINDOW_UPDATE [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a WINDOW_UPDATE frame with stream ID 0 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a WINDOW_UPDATE frame with stream ID 1 Error: read tcp 30.40.53.15:62748->106.14.125.167:9443: read: connection reset by peer 3.10. CONTINUATION [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a CONTINUATION frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends multiple CONTINUATION frames Error: EOF 4. HTTP Message Exchanges [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a GET request Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a HEAD request Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a POST request Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a POST request with trailers Error: EOF 5. HPACK [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a indexed header field representation Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a literal header field with incremental indexing - indexed name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a literal header field with incremental indexing - indexed name (with Huffman coding) Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a literal header field with incremental indexing - new name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: Sends a literal header field with incremental indexing - new name (with Huffman coding) Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 6: Sends a literal header field without indexing - indexed name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 7: Sends a literal header field without indexing - indexed name (with Huffman coding) Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 8: Sends a literal header field without indexing - new name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 9: Sends a literal header field without indexing - new name (huffman encoded) Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 10: Sends a literal header field never indexed - indexed name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 11: Sends a literal header field never indexed - indexed name (huffman encoded) Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 12: Sends a literal header field never indexed - new name Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 13: Sends a literal header field never indexed - new name (huffman encoded) Error: read tcp 30.40.53.15:62767->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 14: Sends a dynamic table size update Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 15: Sends multiple dynamic table size update Error: EOF Hypertext Transfer Protocol Version 2 (HTTP/2) 3. Starting HTTP/2 3.5. HTTP/2 Connection Preface [send] Raw Data (0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a) [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) [recv] Error: read tcp 30.40.53.15:62770->106.14.125.167:9443: read: connection reset by peer × 1: Sends client connection preface -> The server connection preface MUST be the first frame the server sends in the HTTP/2 connection. Expected: SETTINGS Frame (flags:0x00) Actual: Error: read tcp 30.40.53.15:62770->106.14.125.167:9443: read: connection reset by peer [send] Raw Data (0x494e56414c494420434f4e4e454354494f4e20505245464143450d0a0d0a) [recv] Connection closed ✔ 2: Sends invalid connection preface 4. HTTP Frames 4.1. Frame Format [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a frame with unknown type Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a frame with undefined flag Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a frame with reserved field bit Error: EOF 4.2. Frame Size [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a DATA frame with 2^14 octets in length Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a large size DATA frame that exceeds the SETTINGS_MAX_FRAME_SIZE Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a large size HEADERS frame that exceeds the SETTINGS_MAX_FRAME_SIZE Error: EOF 4.3. Header Compression and Decompression [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends invalid header block fragment Error: read tcp 30.40.53.15:62778->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a PRIORITY frame while sending the header blocks Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a HEADERS frame to another stream while sending the header blocks Error: EOF 5. Streams and Multiplexing 5.1. Stream States [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: idle: Sends a DATA frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: idle: Sends a RST_STREAM frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: idle: Sends a WINDOW_UPDATE frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: idle: Sends a CONTINUATION frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: half closed (remote): Sends a DATA frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 6: half closed (remote): Sends a HEADERS frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 7: half closed (remote): Sends a CONTINUATION frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 8: closed: Sends a DATA frame after sending RST_STREAM frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 9: closed: Sends a HEADERS frame after sending RST_STREAM frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 10: closed: Sends a CONTINUATION frame after sending RST_STREAM frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 11: closed: Sends a DATA frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 12: closed: Sends a HEADERS frame Error: read tcp 30.40.53.15:62792->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 13: closed: Sends a CONTINUATION frame Error: EOF 5.1.1. Stream Identifiers [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends even-numbered stream identifier Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends stream identifier that is numerically smaller than previous Error: EOF 5.1.2. Stream Concurrency [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends HEADERS frames that causes their advertised concurrent stream limit to be exceeded Error: EOF 5.3. Stream Priority 5.3.1. Stream Dependencies [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends HEADERS frame that depend on itself Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends PRIORITY frame that depend on itself Error: EOF 5.4. Error Handling 5.4.1. Connection Error Handling [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends an invalid PING frame for connection close Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends an invalid PING frame to receive GOAWAY frame Error: read tcp 30.40.53.15:62800->106.14.125.167:9443: read: connection reset by peer 5.5. Extending HTTP/2 [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends an unknown extension frame Error: read tcp 30.40.53.15:62801->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends an unknown extension frame in the middle of a header block Error: read tcp 30.40.53.15:62802->106.14.125.167:9443: read: connection reset by peer 6. Frame Definitions 6.1. DATA [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a DATA frame with 0x0 stream identifier Error: read tcp 30.40.53.15:62803->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a DATA frame on the stream that is not in "open" or "half-closed (local)" state Error: read tcp 30.40.53.15:62804->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a DATA frame with invalid pad length Error: EOF 6.2. HEADERS [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a HEADERS frame without the END_HEADERS flag, and a PRIORITY frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a HEADERS frame to another stream while sending a HEADERS frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a HEADERS frame with 0x0 stream identifier Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a HEADERS frame with invalid pad length Error: EOF 6.3. PRIORITY [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a PRIORITY frame with 0x0 stream identifier Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a PRIORITY frame with a length other than 5 octets Error: EOF 6.4. RST_STREAM [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a RST_STREAM frame with 0x0 stream identifier Error: read tcp 30.40.53.15:62812->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a RST_STREAM frame on a idle stream Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a RST_STREAM frame with a length other than 4 octets Error: EOF 6.5. SETTINGS [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a SETTINGS frame with ACK flag and payload Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a SETTINGS frame with a stream identifier other than 0x0 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a SETTINGS frame with a length other than a multiple of 6 octets Error: EOF 6.5.2. Defined SETTINGS Parameters [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: SETTINGS_ENABLE_PUSH (0x2): Sends the value other than 0 or 1 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: SETTINGS_INITIAL_WINDOW_SIZE (0x4): Sends the value above the maximum flow control window size Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: SETTINGS_MAX_FRAME_SIZE (0x5): Sends the value below the initial value Error: read tcp 30.40.53.15:62820->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: SETTINGS_MAX_FRAME_SIZE (0x5): Sends the value above the maximum allowed frame size Error: read tcp 30.40.53.15:62821->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: Sends a SETTINGS frame with unknown identifier Error: EOF 6.5.3. Settings Synchronization [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends multiple values of SETTINGS_INITIAL_WINDOW_SIZE Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a SETTINGS frame without ACK flag Error: read tcp 30.40.53.15:62825->106.14.125.167:9443: read: connection reset by peer 6.7. PING [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a PING frame Error: read tcp 30.40.53.15:62826->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a PING frame with ACK Error: read tcp 30.40.53.15:62827->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a PING frame with a stream identifier field value other than 0x0 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a PING frame with a length field value other than 8 Error: read tcp 30.40.53.15:62829->106.14.125.167:9443: read: connection reset by peer 6.8. GOAWAY [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a GOAWAY frame with a stream identifier other than 0x0 Error: EOF 6.9. WINDOW_UPDATE [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a WINDOW_UPDATE frame with a flow control window increment of 0 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a WINDOW_UPDATE frame with a flow control window increment of 0 on a stream Error: read tcp 30.40.53.15:62832->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a WINDOW_UPDATE frame with a length other than 4 octets Error: EOF 6.9.1. The Flow-Control Window [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends SETTINGS frame to set the initial window size to 1 and sends HEADERS frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends multiple WINDOW_UPDATE frames increasing the flow control window to above 2^31-1 Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends multiple WINDOW_UPDATE frames increasing the flow control window to above 2^31-1 on a stream Error: EOF 6.9.2. Initial Flow-Control Window Size [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Changes SETTINGS_INITIAL_WINDOW_SIZE after sending HEADERS frame Error: read tcp 30.40.53.15:62839->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a SETTINGS frame for window size to be negative Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a SETTINGS_INITIAL_WINDOW_SIZE settings with an exceeded maximum window size value Error: EOF 6.10. CONTINUATION [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends multiple CONTINUATION frames preceded by a HEADERS frame Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a CONTINUATION frame followed by any frame other than CONTINUATION Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 3: Sends a CONTINUATION frame with 0x0 stream identifier Error: EOF [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 4: Sends a CONTINUATION frame preceded by a HEADERS frame with END_HEADERS flag Error: read tcp 30.40.53.15:62846->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 5: Sends a CONTINUATION frame preceded by a CONTINUATION frame with END_HEADERS flag Error: read tcp 30.40.53.15:62847->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 6: Sends a CONTINUATION frame preceded by a DATA frame Error: EOF 7. Error Codes [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 1: Sends a GOAWAY frame with unknown error code Error: read tcp 30.40.53.15:62849->106.14.125.167:9443: read: connection reset by peer [send] SETTINGS Frame (length:6, flags:0x00, stream_id:0) × 2: Sends a RST_STREAM frame with unknown error code Error: EOF
Posts: 2
Participants: 1
@chashock wrote:
I’ve tried searching various forums and looked at the docs multiple times, but can’t seem to find anyone having this issue, and I’m wondering if I’m just missing something simple.
I have been running 1.4.x for a very long time, and the backend stats/status page has always been a useful troubleshooting tool. I am refreshing an environment and bit the bullet to rebuild my haproxy server from scratch with CentOS 7 and haproxy 1.8.3.
The proxy itself is working fine, but when I go to the backend stats page, I get a brief flash of the table, and then a blank page. Chrome console reports connection reset and nothing more. I don’t see anything in the haproxy log. I’m normally a decent troubleshooter, but this one is eluding me pretty craftily.
I’ve got the proper port open in iptables, and it gives me the same problem whether I’m in permissive or enforcing mode on SELINUX, so it’s not something as simple as that (I don’t think).
Any ideas on the next place to look?
Posts: 2
Participants: 2
@Lion wrote:
Hello,
I have 2 haproxy servers v1.5.4 with Keepalived on 2 nodes
They share VIP address represented with DNS name abc.domain.comThere are two backend servers with node1 and node2 runing some web servicess.
Service query tested at soapui
http://abc.domain.com:60004/be-business/ToolSuiteBEFacadeService return output which sometimes contain VIP address at response http://abc.domain.com:60004/be-business
and sometimes http://node2.domain.com:60004/be-businessDo you have an advice how to debug the issue and if haproxy release update can help on this?
Im not sure if problem is on haproxy nor WS layer
Thanks
Frantisek Lev
Posts: 1
Participants: 1
@shashik wrote:
Try to build and load haproxy module for selinux on Centos7, facing issue with make.
Version info: Using haproxy-1.7.0 version, centos7 - Linux localhost.localdomain 3.10.0-514.21.1.el7.x86_64)[vagrant@localhost selinux]$ make -f /usr/share/selinux/devel/Makefile
Compiling targeted haproxy module
/usr/bin/checkmodule: loading policy configuration from tmp/haproxy.tmp
haproxy.te:46:ERROR ‘syntax error’ at token ‘corenet_tcp_recvfrom_unlabeled’ on line 3860:
corenet_tcp_recvfrom_unlabeled(haproxy_t)/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/haproxy.mod] Error 1
so, went ahead and commented “corenet_tcp_recvfrom_unlabeled” in haproxy.te, and then ran the make, it works. However, when try to load the module, failed to load.
[vagrant@localhost selinux] sudo semodule -i haproxy.pp Re-declaration of type haproxy_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/rhcs/cil:123 semodule: Failed! [vagrant@localhost selinux]
any suggestions?
Posts: 5
Participants: 2
@KrisM wrote:
I am running a node.js cluster on a host. Multiple processes start, each listening on a different port. I would like to take advantage of dynamic configuration using SRV records but I seem to have HAProxy discovering only one backend per IP address. Is having multiple backends on an IP address a supported configuration?
Sample DNS Query
;; QUESTION SECTION:
;_http._tcp.mydomain.example.com. IN SRV;; ANSWER SECTION:
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8443 ip-10-0-32-101.ec2.internal.
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8444 ip-10-0-32-101.ec2.internal.
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8445 ip-10-0-32-101.ec2.internal.
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8443 ip-10-0-44-111.ec2.internal.
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8444 ip-10-0-44-111.ec2.internal.
_http._tcp.mydomain.example.com. 5 IN SRV 1 10 8445 ip-10-0-44-111.ec2.internal.;; Query time: 3 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Jan 31 00:06:14 2018
;; MSG SIZE rcvd: 193HAPROXY VERBOSE
~/haproxy-ss-20180126% ./haproxy -vv
HA-Proxy version 1.8.3-2dd90ea 2018/01/25
Copyright 2000-2017 Willy Tarreau willy@haproxy.orgBuild options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=yes USE_PCRE=1Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.21 2011-12-12
Running on PCRE version : 8.21 2011-12-12
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with network namespace support.Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] traceCONFIG (some items redacted with *******)
global
Traffic logs
log /dev/log local0
Event logs:
log /dev/log local1 notice
maxconn 32768
chroot /var/lib/haproxy
stats socket /var/run/haproxy/admin.sock mode 660 level admin
server-state-file /tmp/server_state
stats timeout 30s
user haproxy
group haproxy
tune.ssl.default-dh-param 2048
daemonFor more information, see ciphers(1SSL).
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:!LOW:!3DES:!MD5:!EXP:!PSK:!aNULL:!eNULL
defaults
mode http
log global
timeout connect 60s
timeout client 360s
timeout server 360s
timeout tunnel 3600s
backlog 32768
balance leastconnlisten stats
bind 0.0.0.0:9090
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth *:
stats refresh 5speers peers_section
peer *************** ***********frontend anon-fe
option http-no-delay
bind :443 ssl crt **************** no-sslv3
mode http
maxconn 32768
option httplog
option dontlognull
tcp-request inspect-delay 5s
use_backend anon_backend
default_backend anon_backendfrontend my_healthcheck
bind :8443 ssl crt ************ no-sslv3
mode http
option httplog
option forwardfor
acl dead nbsrv(anon_backend) lt 1
monitor-uri **********
monitor fail if dead
default_backend anon_backendbackend anon_backend
option http-no-delay
option httpchk POST *********
http-check disable-on-404
http-check expect status 200
timeout check 10s
balance url_param *********
hash-type consistent
server-template back-rr 4 _http._tcp.mydomain.example.com resolvers localresolv resolve-prefer ipv4 check >inter 1s downinter 60s fall 3 weight 1resolvers localresolv
nameserver dns1 10.0.0.2:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
hold obsolete 30s
accepted_payload_size 8192LOGS
[Thread debugging using libthread_db enabled]
Using host libthread_db library “/lib64/libthread_db.so.1”.
[WARNING] 030/010618 (27843) : parsing [/etc/haproxy/haproxy.cfg:71] : a ‘tcp-request’ rule placed after an ‘http-request’ rule will still be processed before.
[WARNING] 030/010618 (27843) : parsing [/etc/haproxy/haproxy.cfg:72] : a ‘tcp-request’ rule placed after an ‘http-request’ rule will still be processed before.
[WARNING] 030/010618 (27843) : parsing [/etc/haproxy/haproxy.cfg:73] : a ‘tcp-request’ rule placed after an ‘http-request’ rule will still be processed before.
[WARNING] 030/010618 (27843) : parsing [/etc/haproxy/haproxy.cfg:75] : a ‘tcp-request’ rule placed after an ‘http-request’ rule will still be processed before.
[WARNING] 030/010618 (27843) : parsing [/etc/haproxy/haproxy.cfg:76] : a ‘tcp-request’ rule placed after an ‘http-request’ rule will still be processed before.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 3 (2 usable), will use epoll.Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
Using epoll() as the polling mechanism.
[WARNING] 029/235609 (13803) : Server anon_backend/back-rr1 is DOWN, reason: Socket error, check duration: 0ms. 3 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 029/235609 (13803) : anon_backend/back-rr1 changed its IP from to 10.0.32.101 by localresolv/dns1.
[WARNING] 029/235609 (13803) : Server anon_backend/back-rr2 is going DOWN for maintenance (No IP for server ). 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 029/235609 (13803) : Server anon_backend/back-rr3 is going DOWN for maintenance (No IP for server ). 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Posts: 1
Participants: 1
@chown wrote:
I’m trying to simply get requests to my local ip address on port 80 to be directed to httpbin[dot]org. I’ve tried numerous configurations and all I’m getting from haproxy (version 1.5.19) are 503’s. Can someone tell me if this is possible? All I’m coming up with on my searches are how to force http to https using a redirect which is not what I want to do as I don’t want to put an SSL certificate on the frontend. I want haproxy to forward my http request and encrypt the request to the backend server. I’ve verified I can curl httpbin[dot]org from the same machine with no issue so it’s not a firewall problem and I can see haproxy attempting to make a connection on port 443 to that web server, just not sure what I’m missing.
haproxy.cfg:
global
log /dev/log local2
user haproxy
group haproxy
ssl-server-verify none
spread-checks 3defaults
maxconn 32
log global
mode http
option httplog
option dontlognull
retries 2
option redispatch
timeout connect 5000
timeout client 10000
timeout server 10000frontend test-in
bind *:80
default_backend test-outbackend test-out
http-request set-header Host httpbin.org
server test httpbin.org:443 ssl verify none no-sslv3
Posts: 2
Participants: 2
@afcelie wrote:
Hello,
I am trying to setup a HAProxy Server for multiple RDP Servers on 1 Ip-Adres.
I am using CENTOS 7.4.x (latest version and up to date).
I have 4 servers which needs to be accessed, but every time it connects to one of the server and not for instance the latest server I was connected on, my config file is listed below:haproxy.cfg
listen RDP
bind 0.0.0.0:3389
balance rdp-cookie
maxconn 256
mode tcp
balance roundrobin
stick store-request src
stick-table type ip size 200k expire 30m
balance leastconn
tcp-request inspect-delay 5s
tcp-request content accept if RDP_COOKIE
persist rdp-cookie
option tcpka
timeout connect 500000ms
timeout check 50000ms
timeout client 500000ms
timeout server 500000ms
grace 50000ms
stick-table type string size 204800 expire 10m
stick on rdp_cookie(mstshash)
default-server inter 3s rise 2 fall 3
server server-01 10.10.10.7:3389 check fall 3 rise 5 inter 2000 weight 10
server server-02 10.10.10.8:3389 check fall 3 rise 5 inter 2000 weight 10
server server-01 10.10.10.6:3389 check fall 3 rise 5 inter 2000 weight 10
server server-02 10.10.10.9:3389 check fall 3 rise 5 inter 2000 weight 10
option redispatchCan someone tell me what is wrong?
Posts: 1
Participants: 1
@mrquokka wrote:
When i connect to haproxy balancer and try execute every queries psql tell me:
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Succeeded.
I repeat this command and now it works, but why?
When i use them direct on current base it works without errors, and reserve server got itMy configuration:
Main server: 192.168.8.201
keepalived for 192.168.8.210
haproxy
patroni
etcd
postgresql look for *:5432Fail-over server: 192.168.8.202
keepalived for 192.168.8.210
haproxy
patroni
etcd(deep copy of previous, because onlye 2 machines, without changes on future)
postgresql look *:5432Haproxy config:
global
maxconn 100
defaults
log global
mode tcp
retries 2
timeout client 4s
timeout connect 4s
timeout server 4s
timeout check 5s
listen stats
mode http
bind *:7000
stats enable
stats uri /
listen batman
bind *:5000
option httpchk
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server postgresql_0 192.168.8.201:5432 maxconn 100 check port 8008
server postgresql_1 192.168.8.202:5433 maxconn 100 check port 8009
Posts: 2
Participants: 1
@AleksASB wrote:
Hello!
I need to use X-Forwarded-For header as sticking item for balancing, but cannot figure out how to do it correct.
My haproxy.conf:global log 127.0.0.1 local2 notice chroot /var/lib/haproxy stats socket /tmp/haproxy.sock mode 666 level admin stats timeout 2m user haproxy group haproxy daemon maxconn 100000 defaults log global option dontlognull retries 3 maxconn 100000 timeout connect 240s timeout client 900s timeout server 900s timeout check 20s #errorfile 400 /etc/haproxy/errors/400.http #errorfile 403 /etc/haproxy/errors/403.http #errorfile 408 /etc/haproxy/errors/408.http #errorfile 500 /etc/haproxy/errors/500.http #errorfile 502 /etc/haproxy/errors/502.http #errorfile 503 /etc/haproxy/errors/503.http #errorfile 504 /etc/haproxy/errors/504.http frontend app-frontend-test bind *:1234 mode http option httplog option httpclose option http-server-close option forwardfor except 127.0.0.1 if-none capture request header X-Forwarded-For len 50 default_backend test-server backend test-server mode http stick-table type string len 50 size 200k expire 8h stick on capture.req.hdr(0) balance roundrobin server test-app1 10.9.15.43:1234 check fullconn 100000 listen stats bind 10.9.127.80:8888 mode http stats enable stats uri /stats stats realm HAProxy Statistics stats auth user:password stats refresh 10sMy HAProxy version:
HA-Proxy version 1.5.18 2016/05/10 Copyright 2000-2016 Willy Tarreau <willy@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll.OS: CentOS 7
I see with tcpdump that HAProxy put X-Forwarded-For header, but stick-table is empty (I’ve check it with echo “show table test-server” | socat /tmp/haproxy.sock stdio)
Posts: 2
Participants: 2
@michep wrote:
Hi!
I have a Consul as service discovery tool and HAProxy as load balancer.
In Consul registered a service running on a number of servers, and this service can be scaled by adding and removing nodes and by moving nodes from one server to another.
Consul has DNS service which randomizes responses for services like that:
[bux] michep@bux:~$ dig +short mfm-monitor-opentsdb.service.mfmconsul 10.182.161.239 10.182.161.152 10.182.161.240 10.182.161.92 [bux] michep@bux:~$ dig +short mfm-monitor-opentsdb.service.mfmconsul 10.182.161.92 10.182.161.152 10.182.161.240 10.182.161.239In HAProxy 1.8.3 im using server-template configuration, like that:
resolvers dns nameserver dns1 ${HAPROXY_NAMESERVER} hold valid 2s backend tsdb_backend_query server-template tsdb_query 5 mfm-monitor-opentsdb.service.mfmconsul:4242 check resolvers dns inter 1000And in that case I get alot of warinings in haproxy log:
time="2018-02-02T15:44:32+03:00" level=info msg="[WARNING] 032/154432 (32983) : tsdb_backend_query/tsdb_query1 changed its IP from 10.182.161.240 to 10.182.161.239 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:44:42+03:00" level=info msg="[WARNING] 032/154442 (32983) : tsdb_backend_query/tsdb_query1 changed its IP from 10.182.161.239 to 10.182.161.240 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:44:46+03:00" level=info msg="[WARNING] 032/154446 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.152 to 10.182.161.239 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:44:50+03:00" level=info msg="[WARNING] 032/154450 (32983) : tsdb_backend_query/tsdb_query2 changed its IP from 10.182.161.92 to 10.182.161.152 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:44:52+03:00" level=info msg="[WARNING] 032/154452 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.239 to 10.182.161.92 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:44:56+03:00" level=info msg="[WARNING] 032/154456 (32983) : tsdb_backend_query/tsdb_query1 changed its IP from 10.182.161.240 to 10.182.161.239 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:00+03:00" level=info msg="[WARNING] 032/154500 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.92 to 10.182.161.240 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:02+03:00" level=info msg="[WARNING] 032/154502 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.240 to 10.182.161.92 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:04+03:00" level=info msg="[WARNING] 032/154504 (32983) : tsdb_backend_query/tsdb_query2 changed its IP from 10.182.161.152 to 10.182.161.240 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:06+03:00" level=info msg="[WARNING] 032/154506 (32983) : tsdb_backend_query/tsdb_query1 changed its IP from 10.182.161.239 to 10.182.161.152 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:10+03:00" level=info msg="[WARNING] 032/154510 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.92 to 10.182.161.239 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:18+03:00" level=info msg="[WARNING] 032/154518 (32983) : tsdb_backend_query/tsdb_query3 changed its IP from 10.182.161.239 to 10.182.161.92 by DNS cache." job=mfm-monitor-haproxy pid=32983 time="2018-02-02T15:45:20+03:00" level=info msg="[WARNING] 032/154520 (32983) : tsdb_backend_query/tsdb_query2 changed its IP from 10.182.161.240 to 10.182.161.239 by DNS cache." job=mfm-monitor-haproxy pid=32983This isn’t really break the service, but I think this is not quite normal.
Any advise on how to resolve this issue?
Posts: 1
Participants: 1
@gabbi wrote:
I would like to redirect url like
HA-Proxy version 1.6.3 2015/12/25http://www.domain.com/listing/school/s4093287-374-2750-55-street-nw
http://www.domain.com/listing/school/st/s4094083-208-9503-101-avenueto
http://www.domain.com/school/374-2750-55-street-nw--s4093287
http://www.domain.com/school/208-9503-101-avenue--s4094083Basically Group 3 2
I have this but its not working
acl school hdr(host) -i www.domain.com
reqrep /([A-Za-z]\d+)-(.+) /school/\2–\1 if schoolBut its not working
Posts: 1
Participants: 1
@ASBai wrote:
We are using things like “document.location.href = ‘/main.html’;” in our login page (login.html). And it’s ok if we only use the http/1.1.
But when we enabled the http/2 by upgrade the haproxy to 1.8.3 and add “alpn h2,http/1.1” to the config file, then the firefox (we’ve tested 49 and 58) will failed to jump to the new page (e.g.: the request to get the new page will never return). IE (7-11) and Chrome are all ok with this new configuration.
Is this a h2 compatibility issue between firefox and haproxy ?
Here is the screen shot: http://baiy.cn/tmp/firefox_h2.png
Posts: 5
Participants: 2
@badhonsoam wrote:
How i use ssl web server in the background
can anyone give me sample?
i already done in normal http but how Can i do https please guide me through process
Posts: 1
Participants: 1
@kingcdavid wrote:
Hello all
Does anyone know a way of using ssl-hello-chk with tls1+ it seems to only use ssv3 so my backend servers reject the request
Thanks
Dave
Posts: 1
Participants: 1
@Stickyhead wrote:
We are using haproxy for printing. the servers have 600 printers of various makes and models, they are all using generic PS drivers.
We have a lot of issues with printing causing high CPU and Memory usage. a lot of jobs are timing out and a lot are just staying in the print queue with a status of " Sent to Printer".
I manage the print servers but was not the one that setup the haproxy so I don’t yet have access to any configuration files or logs.
Has anyone had any issues similar or any advise what to look for?
Posts: 1
Participants: 1
@onetech-it wrote:
I am working through an issue where I can’t quite get HAProxy 1.7 to properly reverse proxy to a non-SSL connection to the backend server (Tomcat server on port 8090). The config line that fails is:
server <myhost.domain.com>:8090 maxconn 1000However, if I configure HAProxy to proxy to an SSL connection on the backend server (port 8443) using the following line, it proxies without issue:
server <myhost.domain.com>:8443 ssl verify none cookie s1 maxconn 1000Is there any downside to proxying a front end SSL (443) to a backend SSL connection (8443)?
Posts: 1
Participants: 1
@onetech-it wrote:
Trying to troubleshoot HAProxy connectivity, but can’t find any solid documentation on how to enable HAProxy to output dedicated logging to a dedicated HAProxy logfile such as /var/log/haproxy.log under CentOS 7.4.
Where might I find documentation that offers very explicit instructions for how to enable haproxy logging under CentOS 7.x?
Posts: 1
Participants: 1
@jkim711 wrote:
Hi
I set up HAproxy to do SSL Termination for the webserver in the backend, because the webserver doesn’t support SSL.
But just launching the HAproxy has the haproxy keep sending reset packets to the backend web server.
What could be the cause of this?1 0 172.17.0.7 172.17.0.5 TCP 74 45886 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294779355 TSecr=0 WS=128
2 0.000071 172.17.0.5 172.17.0.7 TCP 74 8052 > 45886 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294779355 TSecr=4294779355 WS=128
3 0.000118 172.17.0.7 172.17.0.5 TCP 66 45886 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294779355
4 2.004199 172.17.0.7 172.17.0.5 TCP 74 45888 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294781359 TSecr=0 WS=128
5 2.004264 172.17.0.5 172.17.0.7 TCP 74 8052 > 45888 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294781359 TSecr=4294781359 WS=128
6 2.004297 172.17.0.7 172.17.0.5 TCP 66 45888 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294781359
7 4.007935 172.17.0.7 172.17.0.5 TCP 74 45890 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294783363 TSecr=0 WS=128
8 4.008002 172.17.0.5 172.17.0.7 TCP 74 8052 > 45890 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294783363 TSecr=4294783363 WS=128
9 4.008035 172.17.0.7 172.17.0.5 TCP 66 45890 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294783363
10 6.017341 172.17.0.7 172.17.0.5 TCP 74 45906 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294785372 TSecr=0 WS=128
11 6.017404 172.17.0.5 172.17.0.7 TCP 74 8052 > 45906 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294785372 TSecr=4294785372 WS=128
12 6.017448 172.17.0.7 172.17.0.5 TCP 66 45906 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294785372
13 8.019894 172.17.0.7 172.17.0.5 TCP 74 45914 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294787375 TSecr=0 WS=128172.17.0.7 is the haproxy
172.17.0.5 is awx_webHere the haproxy.cfg I used.
global
maxconn 2048
tune.ssl.default-dh-param 2048
defaults
mode http
option forwardfor
option http-server-close
timeout connect 5000ms
timeout client 5000ms
timeout server 5000msfrontend www-https
bind *:443 ssl crt /root/key/mykey.pem
reqadd X-Forwarded-Proto:\ https
default_backend backend_app1_sslbackend backend_app1_ssl
http-reuse safe
redirect scheme http if { ssl_fc }
server www-1 172.17.0.5:8052 check
And the yaml file to launch the AWX and haproxy
========================================================
hosts: localhost
tasks:
name: 1. Activate postgres container
docker_container:
name: postgres
image: postgres:9.6
state: started
ports:
- "5432:5432"
env:
POSTGRES_DB: awx
POSTGRES_PASSWORD: awxpass
POSTGRES_USER: awx
volumes:
- “/tmp/pgdocker:/var/lib/postgresql/data”name: 2. Activate rabbitmq container
docker_container:
name: rabbitmq
state: started
image: rabbitmq:3
env:
RABBITMQ_DEFAULT_VHOST: “awx”name: 3. Activate memcached container
docker_container:
name: memcached
state: started
image: memcached:alpinename: Wait for postgres and rabbitmq to activate
pause:
seconds: 10name: Set properties with postgres for awx_web
set_fact:
pg_hostname_actual: postgres
awx_web_container_links:
- rabbitmq
- memcached
- postgresname: 4. Activate AWX Web Container
docker_container:
name: awx_web
state: started
image: awx_web:1.0.0.337
user: rootports:
- “80:8052”
links: "{{ awx_web_container_links|list }}" hostname: awxweb env: SECRET_KEY: aabbcc DATABASE_NAME: awx DATABASE_USER: awx DATABASE_PASSWORD: awxpass DATABASE_PORT: 5432 DATABASE_HOST: "{{ pg_hostname_actual }}" RABBITMQ_USER: guest RABBITMQ_PASSWORD: guest RABBITMQ_HOST: rabbitmq RABBITMQ_PORT: 5672 RABBITMQ_VHOST: awx MEMCACHED_HOST: memcached MEMCACHED_PORT: 11211 - name: Set properties with postgres for awx_task set_fact: pg_hostname_actual: postgres awx_task_container_links: - rabbitmq - memcached - awx_web - postgres - name: 5. Activate AWX Task Container docker_container: name: awx_task state: started image: awx_task:1.0.0.337 links: "{{ awx_task_container_links|list }}" user: root hostname: awx env: SECRET_KEY: aabbcc DATABASE_NAME: awx DATABASE_USER: awx DATABASE_PASSWORD: awxpass DATABASE_HOST: "{{ pg_hostname_actual }}" DATABASE_PORT: 5432 RABBITMQ_USER: guest RABBITMQ_PASSWORD: guest RABBITMQ_HOST: rabbitmq RABBITMQ_PORT: 5672 RABBITMQ_VHOST: awx MEMCACHED_HOST: memcached MEMCACHED_PORT: 11211 - name: 6. Activate HAProxy Container docker_container: name: myhaproxy state: started image: haproxy:latest #links: awx_web ports: - "443:443" volumes: - "/usr/local/etc/haproxy/:/usr/local/etc/haproxy/" - "/root/key/:/root/key/"
Posts: 2
Participants: 2
@genseb wrote:
Hi,
I encounter an issue using Haproxy (1.5.18) with Tomcat
Here a basic description of my test infra:
(server1)10.0.1.238:443 ==> Haproxy ==> 192.168.0.10:10080(/server1) >>>(server2) Tomcat listening on 192.168.0.10:10080 (/server2)
On my server1, an iptables is used as NAT, routing and firewall.
HAproxy returns a 503 Service Unavailable.
Things I’ve already checked/tried
-Redirect port 10080 of my server1 to port 10080 of my server2 ==> it works so my app is running and OK
-Wget from server1 to server2 (bypassing haproxy) ==> it works so no firewall issue
-Install an Apache on server2 listining on port 10080 ==> it works so Haproxy conf seems to be OK
-using TCPDump on both server==> see packet on my server1 but nothing on my server2 so it seems that HAproxy don’t redirect the flowI have the feeling that Haproxy consider server2 dead and don’t redirect packet.
Do you have any idea of what happens?
Thanks.
Posts: 3
Participants: 2