@hans0r wrote:
Hey Guys,
latest worked version: 1.9.3-1~bpo9+1
version that not worked: 1.9.4-1~bpo9+1maybe a bug… or a configuration “error” that worked in 1.9.3. Service ist started in the new master-worker mode with support for mastercli. Attached you can find errors and config.
haproxy in debug-mode exited with this error:
Current worker #1 (17207) exited with code 139 (Segmentation fault)Version:
HA-Proxy version 1.9.4-1~bpo9+1 2019/02/07 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fdebug-prefix-map=/build/haproxy-1.9.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_NS=1Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.1.0f 25 May 2017 Running on OpenSSL version : OpenSSL 1.1.0j 20 Nov 2018 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 Built with Lua version : Lua 5.3.3 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE2 version : 10.22 2016-07-29 PCRE2 library supports JIT : yes Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE h2 : mode=HTTP side=FE <default> : mode=HTX side=FE|BE <default> : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] traceFrontend:
frontend https bind *:443 ssl crt /etc/ssl/private/cert.pem crt /etc/ssl/private/cert2.pem crt #alpn h2,http/1.1 bind *:35301 ssl crt /etc/ssl/private/cert.pem bind *:9000 ssl crt /etc/ssl/private/cert.pem # declare capture request len 48 # declare capture request len 256 # declare capture request len 400000 capture request header User-Agent len 128 capture request header Host len 48 declare capture request len 1024 # option accept-invalid-http-request tcp-request content track-sc0 src # capture for POST header logging # declare capture request len 4000000 # http-request capture req.hdr(Host) id 0 # http-request capture req.hdr(User-Agent) id 1 http-request capture req.body id 2 # Block POST abuser for shop for longer time, definition is in stick-table on backend POST_BLOCKER_SHOP_http_BE # with this config all requests from IP in stick-table with GPC0 counter greater then 0 are blocked! http-request deny deny_status 429 if { src_get_gpc0(abuser_http_BE) gt 0 } #http-request redirect location %[req.hdr(host),lower,map(/etc/haproxy/redirects.map)] code 302 if { req.hdr(host),lower,map(/etc/haproxy/redirects.map) -m found } # declare all my.rr in a whitelist so that nothing is blocked from there acl is_myrr src -f /etc/haproxy/myrr.lst #tcp-request content track-sc0 src # bot detection and deny bots acl is_robot hdr_reg(User-Agent) -i -f /etc/haproxy/bots.lst http-request deny if is_robot stick-table type ip size 500k expire 5m store gpc0,conn_cur,conn_rate(3s),http_req_rate(7s),http_err_rate(10s),gpc0_rate(10s) http-request tarpit if { src_conn_cur ge 200 } !is_myrr # http-request tarpit if { src_conn_rate ge 2500 } !is_myrr # http-request tarpit if { sc0_http_err_rate() gt 40 } !is_myrr http-request tarpit if { sc0_http_req_rate() gt 10000 } !is_myrr http-request redirect code 301 location https://www.%[hdr(host)]%[capture.req.uri] if !{ hdr_beg(host) -i www } { ssl_fc_sni -i domain.com } reqadd X-Forwarded-Proto:\https rspdel Server: rspadd Server:\ xyz\ webserver acl is_35301 dst_port 35301 acl is_9000 dst_port 9000 acl is_static path_end -i .jpg .gif .png .css .ico .ttf .woff .woff2 .htm .html #.js acl is_static_data path_end -i .jpg .gif .png .ico .ttf .woff .woff2 acl is_default_bot_login path_beg -i /wp-login.php /typo3 # Shop POST limiter for too many POSTs. # acl is_content_present req.hdr_val(content-lenght) ge 1 acl is_shop path_dir shop acl is_rr ssl_fc_sni -i domain.com -i www.domain.com -i web.domain.com acl is_POST_abuser src_gpc0_rate gt 10 use_backend abuser_http_BE if is_POST_abuser METH_POST is_rr is_shop !is_myrr or is_default_bot_login !is_myrr use_backend events_BE_static if { ssl_fc_sni -i events.domain.com } is_static !is_35301 use_backend events_BE if { ssl_fc_sni -i events.domain.com } !is_35301Backend that is used when this error appears:
backend events_BE mode http timeout server 300s timeout connect 2s timeout http-keep-alive 1s option http-server-close filter compression timeout check 2s balance roundrobin compression algo gzip compression type text/html text/plain text/xml text/json text/css text/javascript application/javascript cookie ROUTEID insert indirect nocache no option redispatch # option httpchk GET / HTTP/1.1\r\nHost:\ events.domain.com server s1-104-8080 10.10.10.104:8080 check weight 100 maxconn 75 cookie s1events inter 1s fall 3 server s2-104-8081 10.10.10.104:8081 check weight 100 maxconn 75 cookie s2events server s3-102-8081 10.10.10.102:8081 check maxconn 75 backup inter 1s fall 3 backend events_BE_static mode http timeout server 300s timeout connect 2s timeout http-keep-alive 1s option http-server-close timeout check 2s http-request del-header Cache-Control http-request del-header Pragma # http-request del-header Cookie balance roundrobin cookie ROUTEID insert indirect nocache http-request cache-use events http-response cache-store events server s1-104-8080 10.10.10.104:8080 check weight 100 maxconn 75 cookie s1events inter 1s fall 3 server s2-104-8081 10.10.10.104:8081 check weight 100 maxconn 75 cookie s2events inter 1s fall 3 server s3-102-8081 10.10.10.102:8081 check maxconn 75 backup inter 1s fall 3 cache events total-max-size 100 max-age 3600Can someone help me?
Thanks
Posts: 2
Participants: 1