HAProxy With Load Balancer

@rt516 wrote:

My HAProxy works fine with normal traffic, but when I try to use a traffic generator, captures show packets with the right source / destination / port (80) making it to the front end, but traffic is never sent out of the back end (it is with real / normal traffic). I am using T-Rex Traffic Generator.

I have tried to disable all checks as I’m sure the traffic generator would not pass them, but I can’t seem to figure out what haproxy doesn’t like about the generated traffic - can anyone help?

I have also tried to change mode from http to tcp but this did not make any difference.

ubuntu@ubuntu16:~$ cat /etc/haproxy/haproxy.cfg
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend localnodes
     bind 172.16.200.1:80
     mode http
     default_backend nodes


backend nodes
     mode http
     balance roundrobin
     option forwardfor
     http-request set-header X-Forwarded-Port %[dst_port]
     http-request add-header X-Forwarded-Proto https if { ssl_fc }
     #option httpchk HEAD / HTTP/1.1\r\nHost:localhost
     server trex 172.16.100.100:80 
     #server web01 172.16.100.101:80

listen stats 
     bind *:1936
     stats enable
     stats uri /
     stats hide-version
     stats auth ubuntu:antsle

Posts: 3

Participants: 2

Read full topic