Hi Willy,
Here is the full conf:
----
global
log /dev/log local0
log /dev/log local1 notice
stats timeout 30s
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
listen HTTPS-20443
bind 0.0.0.0:20443
mode http
option tcp-check
server Apache2_Via_SocksProxy1_HTTP_SP 192.168.101.227:49980
send-proxy verify none socks4 127.0.0.1:1080 check-send-proxy
check-via-socks4 check inter 30000 fastinter 1000
# HAProxy web ui
listen stats
bind 0.0.0.0:20936
mode http
log global
maxconn 10
timeout client 100s
timeout server 100s
timeout connect 100s
timeout queue 100s
stats enable
stats uri /haproxy?stats
stats realm HAProxy\ Statistics
stats admin if TRUE
stats show-node
-----
Regards,
Alexander Liu
On Sun, Jun 2, 2019 at 5:26 PM Willy Tarreau <[email protected]> wrote:
>
> On Sun, Jun 02, 2019 at 04:37:25PM +0800, Alec Liu wrote:
> > Hi Willy,
> >
> > The test case which I used was on purpose, to combine proxy protocol
> > with socks4.
> > Due to I am not doing any special checking, it should be fine without
> > check-send-proxy.
>
> It's just that your check is inconsistent then : if your server is
> configured to receive the proxy protocol, you're sending half a handshake.
> Well, I'm well aware that the PP doesn't return a response but if the server
> receives something invalid (e.g. HTTP) it will immediately close, making
> the handshake appear as failed. I don't have access to the rest of your
> config so I don't know what else is configured. If by "not doing any special
> checking" you mean there's no http-checks, then it should not affect it.
>
> > Actually the check part should be fine with my testing configuration,
> > at least it shows as up in the HAProxy.
> > I will do some more testing with check-send-proxy added too, let you
> > know in short.
> >
> > btw: for SOCKS server you can just use the "ssh -D 1080 ...".
>
> Ah good to know, thanks.
>
> Willy
