On Sun, Jun 02, 2019 at 05:30:05PM +0800, Alec Liu wrote: > Hi Willy, > > Here is the full conf: (...) > listen HTTPS-20443 > bind 0.0.0.0:20443 > mode http > option tcp-check > server Apache2_Via_SocksProxy1_HTTP_SP 192.168.101.227:49980 > send-proxy verify none socks4 127.0.0.1:1080 check-send-proxy > check-via-socks4 check inter 30000 fastinter 1000
Even with this I can't get it to fail here using the SSH trick you sent me. I can send requests which are perfectly forwarded and get the response back. My config receives HTTP requests on port 20080 (TCP mode), forwards them to my ssh-based socks server (port 1080), with proxy-proto encapsulation inside. It then forwards that to a second instance on port 10080, which decapsulates the PP header, receives the HTTP requests, processes it, sends a redirect back. It gives me this (just relevant lines) : # curl connects to haproxy 1st stage: 11:50:41.844303 accept4(4, {sa_family=AF_INET, sin_port=htons(53894), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 9 # haproxy connects to socks server: 11:50:41.844406 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 10 11:50:41.844433 connect(10, {sa_family=AF_INET, sin_port=htons(1080), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 11:50:41.844496 sendto(10, "\4\1'`\177\0\0\1HAProxy\0", 16, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 16 11:50:41.844512 recvfrom(10, 0x7ffd7c330f68, 8, MSG_PEEK, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable) 11:50:41.844524 epoll_ctl(3, EPOLL_CTL_ADD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10, u64=10}}) = 0 # socks server connects to second stage: 11:50:41.844613 accept4(5, {sa_family=AF_INET, sin_port=htons(41026), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 11 11:50:41.844647 recvfrom(11, 0x19082b0, 16384, MSG_PEEK, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable) 11:50:41.844656 epoll_ctl(3, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLRDHUP, {u32=11, u64=11}}) = 0 # socks server responds with SOCKS4 header: 11:50:41.844691 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, MSG_PEEK, NULL, NULL) = 8 11:50:41.844700 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, 0, NULL, NULL) = 8 # haproxy sends the proxy protocol header: 11:50:41.844711 sendto(10, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n", 44, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 44 11:50:41.844726 recvfrom(10, 0x196f480, 16384, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable) 11:50:41.844736 epoll_ctl(3, EPOLL_CTL_MOD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10, u64=10}}) = 0 # SOCKS server forwards it to second layer: 11:50:41.844812 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n", 16384, MSG_PEEK, NULL, NULL) = 44 11:50:41.844822 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n", 44, 0, NULL, NULL) = 44 # curl sends its HTTP request to first stage: 11:50:41.844897 recvfrom(9, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: curl/7.57.0\r\nAccept: */*\r\n\r\n", 16384, 0, NULL, NULL) = 71 # haproxy forwards it to socks server: 11:50:41.844915 sendto(10, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: curl/7.57.0\r\nAccept: */*\r\n\r\n", 71, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 71 # which in turn forwards it to second stage: 11:50:41.844995 recvfrom(11, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: curl/7.57.0\r\nAccept: */*\r\n\r\n", 16328, 0, NULL, NULL) = 71 # second stage responds to socks server: 11:50:41.845091 sendto(11, "HTTP/1.1 302 Found\r\ncontent-length: 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 81, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 81 # socks server forwards the response to first stage: 11:50:41.845222 recvfrom(10, "HTTP/1.1 302 Found\r\ncontent-length: 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 16384, 0, NULL, NULL) = 81 # which sends it back to curl: 11:50:41.845241 sendto(9, "HTTP/1.1 302 Found\r\ncontent-length: 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 81, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 81 So at this point I can't reproduce the behaviour :-( Given that changing the code changes something for you it must be a race somewhere. Willy