Hi there,
Have a problem here with haproxy and ftp(s) which i do not understand.
listen FTPVIP
bind *:21 ssl crt /etc/haproxy/git-03.test.local.crt ssl-min-ver TLSv1.2
bind *:60000-65535 ssl crt /etc/haproxy/git-03.test.local.crt ssl-min-ver TLSv1.2
mode tcp
option tcplog
option tcpka
# balance leastconn
# stick on src
# stick-table type ip size 10240k expire 30m
# server WinFTPServer2016FTP1 172.16.34.63:2121 check port 2121 ssl verify none check send-proxy-v2
server WinFTPServer2016FTP1 172.16.34.63:2121 check port 2121 ssl verify none
A test with curl ftp fails because there is no communication.
curl -vv --user test:test --ftp-ssl --ftp-ssl-reqd --ftp-pasv ftp://git-03.test.local:21/upload/
But curl https at port 21 at least an ssl/tls key exchange takes place.
curl -vv --user test:Serr https://git-03.test.local:21
* Trying 172.16.34.63:21...
* Connected to git-03.feltengroup.local (172.16.34.63) port 21 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
similar problem with ftp unencrypted, no communication to port 21 is established. It seems that there is a general problem with the FTP protocol already with the listener.
Thanks for any help.
1 post - 1 participant