Hello, after updating HAProxy from 2.1.13 to 2.1.14 the TCP check with my dovecot setup doesn't work anymore. Nothing changed except the update.
In dovecot I get the following errors: > Apr 03 00:21:28 srv1 dovecot[1378]: submission-login: Error: > haproxy(v2): Client disconnected: Invalid TLV: get_tlv(0) > failed:Truncated data (cmd=00, rip=<my ipv6>) > Apr 03 00:21:28 srv1 dovecot[1378]: managesieve-login: Error: > haproxy(v2): Client disconnected: Invalid TLV: get_tlv(0) > failed:Truncated data (cmd=00, rip=<my ipv6>) > Apr 03 00:21:28 srv1 dovecot[1378]: imap-login: Error: haproxy(v2): > Client disconnected: Invalid TLV: get_tlv(0) failed:Truncated data > (cmd=00, rip=<my ipv6>) HAProxy log: > Apr 03 00:13:10 srv1 haproxy[3774]: [ALERT] 093/001310 (3777) : proxy > 'msa1-smtps' has no server available! > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Backup Server msa1-smtps/msa1-2 is DOWN, reason: Socket error, info: > "SSL handshake failure (Connection reset by peer) at step 1 of tcp- > check (conn > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Server msa1-smtps/msa1-1 is DOWN, reason: Socket error, info: "SSL > handshake failure (Connection reset by peer) at step 1 of tcp-check > (connect por > Apr 03 00:13:10 srv1 haproxy[3774]: [ALERT] 093/001310 (3777) : proxy > 'mda1-managesieve' has no server available! > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Backup Server mda1-managesieve/mda1-2 is DOWN, reason: Socket error, > info: "SSL handshake failure (Connection reset by peer) at step 1 of > tcp-check > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Server mda1-managesieve/mda1-1 is DOWN, reason: Socket error, info: > "SSL handshake failure (Connection reset by peer) at step 1 of tcp- > check (conne > Apr 03 00:13:10 srv1 haproxy[3774]: [ALERT] 093/001310 (3777) : proxy > 'mda1-imaps' has no server available! > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Backup Server mda1-imaps/mda1-2 is DOWN, reason: Socket error, info: > "SSL handshake failure (Connection reset by peer) at step 1 of tcp- > check (conn > Apr 03 00:13:10 srv1 haproxy[3774]: [WARNING] 093/001310 (3777) : > Server mda1-imaps/mda1-1 is DOWN, reason: Socket error, info: "SSL > handshake failure (Connection reset by peer) at step 1 of tcp-check > (connect por > Apr 03 00:13:10 srv1 haproxy[3774]: [NOTICE] 093/001309 (3774) : New > worker #1 (3777) forked > Apr 03 00:13:09 srv1 systemd[1]: Started HAProxy Load Balancer. > Apr 03 00:13:09 srv1 systemd[1]: Starting HAProxy Load Balancer... Example HAProxy config for IMAP: > listen mda1-imaps bind <my ipv4>:993 bind <my ipv6>:993 > balance leastconn > option tcp-check tcp-check connect port 993 send-proxy > ssl tcp-check expect string * OK > option tcpka option tcplog > stick-table type ip size 200k expire 30m stick on src > server mda1-1 mda1-1.example.com:993 ca-file /etc/ssl/certs/ca- > certificates.crt check resolvers dns send-proxy-v2 server mda1-2 > mda1-2.example.com:993 ca-file /etc/ssl/certs/ca-certificates.crt > check resolvers dns send-proxy-v2 backup > timeout connect 5s > timeout client 30m > timeout server 30m When commenting out these lines it's up again: > option tcp-check > tcp-check connect port 993 send-proxy ssl > tcp-check expect string * OK Any ideas what's wrong? -- Greetings Hativ
