Hi.

Today I have tried to debug haproxy as in the old days ;-), I was not able to see the communication on stderr.

I'm sure I have something missed in the past on the list to be able to see the output.

My steps.

curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz
tar xfvz haproxy-1.6.2.tar.gz
cd haproxy-1.6.2/
make TARGET=linux2628 DEBUG=-DDEBUG_FULL USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 all
cd ../

export MONITOR_BIND_PORT=7991
export HTTP_BIND_PORT=7992
export HTTPS_BIND_PORT=7993

#############
haproxy-1.6.2/haproxy -f haproxy.conf -d -V
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
Sharing capture with vars
Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
[NO MORE OUTPUT AFTER CURL CALL]
#############

I connected from another Terminal to this haproxy with curl.

##############
LANG=C curl -vk http://xx.xx.xx.xx:7992/
*   Trying xx.xx.xx.xx...
* Connected to xx.xx.xx.xx5 (xx.xx.xx.xx) port 7992 (#0)
GET / HTTP/1.1
Host: xx.xx.xx.xx:7992
User-Agent: curl/7.45.0
Accept: */*

* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
#############

Please can anyone tell me what I have missed, thanks.

#################

haproxy-1.6.2/haproxy -vv
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
HA-Proxy version 1.6.2 2015/11/03
Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_TFO=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.

cat haproxy.conf
#############
# please read the manual
# http://www.haproxy.org/#docs

global


  debug
  # no daemon!
  # don't use gid, uid, group or user on openshift

  ca-base .
  crt-base .

  # in docker or openshift?
  # log

  # Name of the POD or Service or ...
  # log-send-hostname
  # log-tag
  # node

  # it's magic ;-)
ssl-default-bind-ciphers EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH

  ssl-default-bind-options no-sslv3

ssl-default-server-ciphers EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH

  ssl-default-server-options no-sslv3

  # this file is created at build time!
  # openssl dhparam -out /usr/local/etc/haproxy/ssl/dh-param_4096 4096
  ssl-dh-param-file dh-param_4096

  # ssl-server-verify default is required

  # perf tun
# I think this values should be carefully changed, in case you need to change it!

  maxconn 100
  # maxconnrate
  # maxpipes
  # maxsessrate
  # maxsslconn
  # maxsslrate

  # defaults to 20000
  # tune.ssl.cachesize

  # default defaults to 300 (5 min)
  # tune.ssl.lifetime

  # greater than  1024 bits are not supported
  # by Java 7 and earlier clients
  # tune.ssl.default-dh-param 4096

# peers !!
# peers ssl-sessions
#   Service disovering for the other haproxies in the cloud
#   peer <peername> <ip>:<port>

listen haproxy-monitor
  bind *:${MONITOR_BIND_PORT}
  mode health
  option httpchk

defaults
  timeout connect 5s
  timeout client 30s
  timeout server 30s

  # Long timeout for WebSocket connections.
  timeout tunnel 1h

  # balance ?
  # rate-limit sessions
  option forwardfor
  option http-ignore-probes
  option splice-auto
  option log-separate-errors
  option ssl-hello-chk

frontend http-in
  bind *:${HTTP_BIND_PORT} accept-proxy tfo
  mode http

  tcp-request inspect-delay 5s
  tcp-request content accept if HTTP

  use_backend test01

frontend https-in
  mode http
bind *:${HTTPS_BIND_PORT} accept-proxy ssl ca-file ca-bundle crt cert_key.pem tfo

  use_backend OSEManager

backend OSEManager
  mode http
  server OSEManager DestServer:443 ssl verify none

backend test01
  mode http
  server DESTNAME Destserver
####################

lsb_release -a

########
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise
###########

BR Aleks

Reply via email to