@gloffreda wrote:
Hi there
Just setting up my first Rancher farm and struggling with TCP forward for MQTT service.
I have images running VerneMQ on the back and a LB on front, set up the port as:
On my log file I have:
[WARNING] 008/193755 (206) : config : ‘option forwardfor’ ignored for frontend ‘1883’ as it requires HTTP mode.
And can’t publish or subscribe on my MQTT, it just drop the connection after some seconds with weird messages as : Connection error: Connection Refused: bad user name or password.
Here is my HAProxy conf file auto generated by Rancher:
global chroot /var/lib/haproxy daemon group haproxy maxconn 4096 maxpipes 1024 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA ssl-default-bind-options no-sslv3 no-tlsv10 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m user haproxy defaults errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http maxconn 4096 mode tcp option forwardfor option http-server-close option redispatch retries 3 timeout client 50000 timeout connect 5000 timeout server 50000 resolvers rancher nameserver dnsmasq 169.254.169.250:53 listen default bind *:42 frontend 1883 bind *:1883 mode tcp default_backend 1883_ backend 1883_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto mode tcp server b607cfb03c061fa915f3b4cb74b761a1c479dfcd 10.42.185.68:1883 server 7bfce2298da800f4da61c5424f05067261e4496c 10.42.134.94:1883 server 82de085c23669466f0d35ec8febe291a196b73bb 10.42.117.251:1883Any help in how I can setup rancher / haproxy to work with MQTT protocols or any other protocol than HTTP / HTTPS ?
Thanks
Posts: 1
Participants: 1