El 11/05/17 a las 15:06, Aleksandar Lazic escribió:
> .../
> How about to activate the 'option tcp-check' as mentioned in the
> Warning?
> In the config below is it's commented, any reason why?
>
> It's also active in the doc which you maybe know.
>
> https://www.haproxy.com/doc/aloha/7.0/deployment_guides/microsoft_remote_desktop_services.html
>
> Does this changes anything?
ok cleaing up a liter I try:
frontend RDP
mode tcp
bind *:3389
timeout client 1h
tcp-request inspect-delay 5s
tcp-request content accept if RDP_COOKIE
default_backend bk_rdp
#############################################################
backend bk_rdp
mode tcp
balance leastconn
#balance rdp_coockie
timeout server 1h
timeout connect 4s
log global
option tcplog
stick-table type string len 32 size 10k expire 1h peers pares
stick on rdp_cookie(msthash)
# persist rdp-cookie
option tcp-check
# option ssl-hello-chk
# option tcpka
tcp-check connect port 3389 ssl
# server gr43sterminal01 10.104.22.142:3389 weight 1 check verify
none inter 2000 rise 2 fall 3
# server gr43sterminal02 10.104.23.141:3389 weight 1 check verify
none inter 2000 rise 2 fall 3
#
default-server inter 3s rise 2 fall 3
server gr43sterminal01 10.104.22.142:3389 weight 1 check
server gr43sterminal02 10.104.23.141:3389 weight 1 check
And I got:
[ALERT] 131/100222 (8564) : Proxy 'bk_rdp', server 'gr43sterminal01'
[/etc/haproxy/haproxy.cfg:189] verify is enabled by default but no CA
file specified. If you're running on a LAN where you're certain to trust
the server's certificate, please set an explicit 'verify none' statement
on the 'server' line, or use 'ssl-server-verify none' in the global
section to disable server-side verifications by default.
[ALERT] 131/100222 (8564) : Proxy 'bk_rdp', server 'gr43sterminal02'
[/etc/haproxy/haproxy.cfg:190] verify is enabled by default but no CA
file specified. If you're running on a LAN where you're certain to trust
the server's certificate, please set an explicit 'verify none' statement
on the 'server' line, or use 'ssl-server-verify none' in the global
section to disable server-side verifications by default.
[ALERT] 131/100222 (8564) : Fatal errors found in configuration.
So I try adding verify none in server line
and haproxy see both server up (but one is down).
I try withou ssl:
tcp-check connect port 3389
server gr43sterminal01 10.104.22.142:3389 weight 1 check
server gr43sterminal02 10.104.23.141:3389 weight 1 check
but the result is the same haproxy see both server up (but one is down)
only if I leve only option tcp-check (or none) it seem work
#################
# persist rdp-cookie
option tcp-check
# option ssl-hello-chk
# option tcpka
# tcp-check connect port 3389 ssl
# tcp-check connect port 3389
# server gr43sterminal01 10.104.22.142:3389 weight 1 check verify
none inter 2000 rise 2 fall 3
# server gr43sterminal02 10.104.23.141:3389 weight 1 check verify
none inter 2000 rise 2 fall 3
#
default-server inter 3s rise 2 fall 3
server gr43sterminal01 10.104.22.142:3389 weight 1 check
server gr43sterminal02 10.104.23.141:3389 weight 1 check
##################
output:
[WARNING] 131/102105 (8773) : Server bk_rdp/gr43sterminal01 is DOWN,
reason: Layer4 timeout, info: " at initial connection step of
tcp-check", check duration: 3001ms. 1 active and 0 backup servers left.
0 sessions active, 0 requeued, 0 remaining in queue.
--
*Antonio Trujillo Carmona*
*Técnico de redes y sistemas.*
*Subdirección de Tecnologías de la Información y Comunicaciones*
Servicio Andaluz de Salud. Consejería de Salud de la Junta de Andalucía
[email protected]_
Tel. +34 670947670 747670)
