Hi,
On 11/22/21 16:33, Ben Hart wrote:
Hey there! I’ve got a handful of Haproxy servers that are serving LDAPS
and HTTPS front/back ends. I am new to this, so I built these and
reused the config from the older Haproxy servers we had.
Anyway I mention that because I likely have little idea what I should be
done here. So far everything is working.. we are able to bind and
perform lookups successfully. What’s not working like I think it should
is logging. I have Firewalld setup that is blocking all traffic inbound
from the same internal subnet as the server, and allowing 0.0.0.0/0 in
from all other sources for ports 636 and 443.
Rsyslog is matching on program name ‘haproxy’ and the default UNIX
socket /dev/log and forwarding all info to /var/log/haproxy.log
Rsyslog is matching on program name ‘firewalld’ and sending all info to
/var/log/firewalld.log
If I tail both files, I see many inbound connections allowed to port
636, but no corresponding events in the haproxy.log file. So I’m hoping
Do you get any logs in haproxy.log ? (Any logs from "frontend
ecorp_https" ?)
that maybe I have something on the Haproxy side that’s not quite what it
should be. The thought is, Maybe the connection attempts are coming in,
but Haproxy is not fulfilling them for some reason. And I don’t have the
appropriate log options or formats setup to determine that.
Attached is my sanitized haproxy.cfg
> global
> log /dev/log local0
> log /dev/log local1 notice
> # log 127.0.0.1 local1
> chroot /var/lib/haproxy
You're using chroot, is rsyslog configured to listen to
/var/lib/haproxy/dev/log ? (And if this is centos/rhel based system
selinux allows rsyslog to create the socket and haproxy to connect to it).
Have you checked that haproxy sends logs for example with
enable logging to 127.0.0.1 and use tcpdump -nn -XX -i lo port 514 or
something similar ?
> frontend ecorp_https
> option tcplog
You probably don't want to use
tcplog(https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4-option%20tcplog)
with mode http. AFAIK it overrides your custom log-format.
-Jarno
--
Jarno Huuskonen