Re: Configuring HAProxy

[Aleksandar Lazic]

Dear Akshay Mangla.

On 10.02.20 06:00, Akshay Mangla wrote:

Hi Aleksandar,

I have made a few changes to the haproxy.cfg file and following are the outputs 
:-

HAPROXY.cfg
#-


[snipped]


frontend haproxy_inbound
         bind *:443 *[CHANGED PORT]*
         default_backend haproxy_httpd


Please read this blog post to setup ssl in haproxy.
https://www.haproxy.com/blog/haproxy-ssl-termination/


backend haproxy_httpd
         balance roundrobin
         mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
         option httpchk
         server lxapp14070.dc.corp.telstra.com 10.195.70.12:443 check * [Host 
and Port Changed]*
         server lxapp14071.dc.corp.telstra.com 10.195.70.13:443 check *[Host 
and Port Changed] *


try to add "ssl" to the server line.


1.*curl -v --max-time 30 127.0.0.1:5001*

[root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001 

* About to connect() to 127.0.0.1 port 5001 (#0)
*   Trying 127.0.0.1...
* Connection refused
* Failed connect to 127.0.0.1:5001; Connection refused
* Closing connection 0
curl: (7) Failed connect to 127.0.0.1:5001; Connection refused


Does anything listen on that port?
https://en.wikipedia.org/wiki/Localhost


2. *curl -v --max-time 30 10.195.70.12:443*


to test https with curl you should add 'https://' before the URL

[snipped]


Also now when I run the command haproxy -db -f /etc/haproxy/haproxy.cfg i 
getting the following alert :-

*[root@lxapp14012 haproxy]# haproxy -db -f /etc/haproxy/haproxy.cfg
[ALERT] 040/155059 (20285) : Starting frontend haproxy_inbound: cannot bind 
socket [0.0.0.0:443]*

Is it something that should be taken care of or it can be ignored??


This isn't a serious question isn't it?
https://www.startpage.com/do/search?lui=english=english=web=could+not+bind+socket

Please check if there isn't another process running on this port.


Also when I try to check the status of haproxy i see many failed or disabled 
instances and the haproxy instance is not able to start properly:-

[root@lxapp14012 haproxy]# *service haproxy status -l*

Redirecting to /bin/systemctl status  -l haproxy.service
haproxy.service - HAProxy Load Balancer
    Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor 
preset: disabled)
    Active: failed (Result: exit-code) since Thu 2020-02-06 23:04:08 AEDT; 3 
days ago
   Process: 15069 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, 
status=0/SUCCESS)
   Process: 26084 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f 
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS (code=exited, 
status=1/FAILURE)
  Main PID: 26084 (code=exited, status=1/FAILURE)

Feb 06 23:04:08 lxapp14012 systemd[1]: Starting HAProxy Load Balancer...
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]: 
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f 
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]: [ALERT] 036/230408 (26086) 
: Starting frontend haproxy_inbound: cannot bind socket [0.0.0.0:443 
]
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]: 
haproxy-systemd-wrapper: exit, haproxy RC=1
Feb 06 23:04:08 lxapp14012 systemd[1]: haproxy.service: main process exited, 
code=exited, status=1/FAILURE
Feb 06 23:04:08 lxapp14012 systemd[1]: Unit haproxy.service entered failed 
state.
Feb 06 23:04:08 lxapp14012 systemd[1]: haproxy.service failed.
Feb 06 23:04:24 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded 
because it is inactive.
Feb 06 23:07:29 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded 
because it is inactive.
Feb 06 23:14:40 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded 
because it is inactive.

Can you please look into this and help us in finding the solution??


I would suggest to get some Linux courses to understand what these messages 
means, something like this, as you use a RHEL bases system.
https://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i


Also if you are available is it possible to connect sometime and resolve these 
issue in one go??


Well it looks to me that you don't want to pay some support I don't think that 
I will connect to your machines.
If you are willing to pay for support I suggest to contact 
https://www.haproxy.com/ for a offer.


Regards,
Akshay


Regards
Aleks


On Sun, Feb 9, 2020 at 10:54 PM Aleksandar Lazic mailto:al-hapr...@none.at>> wrote:

Hi.

please keep the mailinglist in the loop.

On 06.02.20 10:23, Akshay Mangla wrote:
 > Hi Aleksandar,
 >
 > Apologies for sending in the screenshot.

No probs just a hint.

 > I got the following output when I ran the above commands :-
 >
 > *1.curl -v --max-time 30 http://127.0.0.1:5001/*
 >
 > [root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001 
 
 > * About to 

Re: Configuring HAProxy

[Akshay Mangla]

Hi Aleksandar,

Also find the following file outputs which might be of some use to you .

*[root@lxapp14012 haproxy]# more /usr/lib/systemd/system/haproxy.service*
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
EnvironmentFile=/etc/sysconfig/haproxy
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p
/run/haproxy.pid $OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed

[Install]
WantedBy=multi-user.target

*[root@lxapp14012 ~]# more /run/haproxy.pid*
12552

Also we are using *Oracle Web Tier as Web Servers* in the current scenario.

Regards,
Akshay

On Mon, Feb 10, 2020 at 10:30 AM Akshay Mangla 
wrote:

> Hi Aleksandar,
>
> I have made a few changes to the haproxy.cfg file and following are the
> outputs :-
>
> HAPROXY.cfg
> #-
> # Example configuration for a possible web application.  See the
> # full configuration options online.
> #
> #   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
> #
> #-
>
> #-
> # Global settings
> #-
> global
> # to have these messages end up in /var/log/haproxy.log you will
> # need to:
> #
> # 1) configure syslog to accept network log events.  This is done
> #by adding the '-r' option to the SYSLOGD_OPTIONS in
> #/etc/sysconfig/syslog
> #
> # 2) configure local2 events to go to the /var/log/haproxy.log
> #   file. A line like the following can be added to
> #   /etc/sysconfig/syslog
> #
> #local2.*   /var/log/haproxy.log
> #
> log 127.0.0.1 local2
>
> chroot  /var/lib/haproxy
> pidfile /var/run/haproxy.pid
> maxconn 4000
> userhaproxy
> group   haproxy
> daemon
>
> # turn on stats unix socket
> stats socket /var/lib/haproxy/stats
>
> #-
> # common defaults that all the 'listen' and 'backend' sections will
> # use if not designated in their block
> #-
> defaults
> modehttp
> log global
> option  httplog
> option  dontlognull
> option http-server-close
> option forwardfor   except 127.0.0.0/8
> option  redispatch
> retries 3
> timeout http-request10s
> timeout queue   1m
> timeout connect 10s
> timeout client  1m
> timeout server  1m
> timeout http-keep-alive 10s
> timeout check   10s
> maxconn 3000
>
> #-
> # main frontend which proxys to the backends
> #-
> frontend  main *:5000
> acl url_static   path_beg   -i /static /images /javascript
> /stylesheets
> acl url_static   path_end   -i .jpg .gif .png .css .js
>
> use_backend static  if url_static
> default_backend app
>
> #-
> # static backend for serving up images, stylesheets and such
> #-
> backend static
> balance roundrobin
> server  static 127.0.0.1:4331 check
>
> #-
> # round robin balancing between the various backends
> #-
> backend app
> balance roundrobin
> server  app1 127.0.0.1:5001 check
> server  app2 127.0.0.1:5002 check
> server  app3 127.0.0.1:5003 check
> server  app4 127.0.0.1:5004 check
>
> frontend haproxy_inbound
> bind *:443 *[CHANGED PORT]*
> default_backend haproxy_httpd
>
> backend haproxy_httpd
> balance roundrobin
> mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
> option httpchk
> server lxapp14070.dc.corp.telstra.com 10.195.70.12:443 check  * [Host
> and Port Changed]*
> server lxapp14071.dc.corp.telstra.com 10.195.70.13:443 check   *[Host
> and Port Changed] *
>
> 1.*curl -v --max-time 30 127.0.0.1:5001 *
>
> [root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001
> * About to connect() to 127.0.0.1 port 5001 (#0)
> *   Trying 127.0.0.1...
> * Connection refused
> * Failed connect to 127.0.0.1:5001; Connection refused
> * Closing connection 0
> curl: (7) Failed connect to 127.0.0.1:5001; Connection refused
>
> 2. *curl -v --max-time 30 

Re: Configuring HAProxy

[Akshay Mangla]

Hi Aleksandar,

I have made a few changes to the haproxy.cfg file and following are the
outputs :-

HAPROXY.cfg
#-
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#-

#-
# Global settings
#-
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.  This is done
#by adding the '-r' option to the SYSLOGD_OPTIONS in
#/etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
#   file. A line like the following can be added to
#   /etc/sysconfig/syslog
#
#local2.*   /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot  /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
userhaproxy
group   haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#-
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#-
defaults
modehttp
log global
option  httplog
option  dontlognull
option http-server-close
option forwardfor   except 127.0.0.0/8
option  redispatch
retries 3
timeout http-request10s
timeout queue   1m
timeout connect 10s
timeout client  1m
timeout server  1m
timeout http-keep-alive 10s
timeout check   10s
maxconn 3000

#-
# main frontend which proxys to the backends
#-
frontend  main *:5000
acl url_static   path_beg   -i /static /images /javascript
/stylesheets
acl url_static   path_end   -i .jpg .gif .png .css .js

use_backend static  if url_static
default_backend app

#-
# static backend for serving up images, stylesheets and such
#-
backend static
balance roundrobin
server  static 127.0.0.1:4331 check

#-
# round robin balancing between the various backends
#-
backend app
balance roundrobin
server  app1 127.0.0.1:5001 check
server  app2 127.0.0.1:5002 check
server  app3 127.0.0.1:5003 check
server  app4 127.0.0.1:5004 check

frontend haproxy_inbound
bind *:443 *[CHANGED PORT]*
default_backend haproxy_httpd

backend haproxy_httpd
balance roundrobin
mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
option httpchk
server lxapp14070.dc.corp.telstra.com 10.195.70.12:443 check  * [Host
and Port Changed]*
server lxapp14071.dc.corp.telstra.com 10.195.70.13:443 check   *[Host
and Port Changed] *

1.*curl -v --max-time 30 127.0.0.1:5001 *

[root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001
* About to connect() to 127.0.0.1 port 5001 (#0)
*   Trying 127.0.0.1...
* Connection refused
* Failed connect to 127.0.0.1:5001; Connection refused
* Closing connection 0
curl: (7) Failed connect to 127.0.0.1:5001; Connection refused

2. *curl -v --max-time 30 10.195.70.12:443 *

[root@lxapp14012 haproxy]# curl -v --max-time 30 10.195.70.12:443
* About to connect() to 10.195.70.12 port 443 (#0)
*   Trying 10.195.70.12...
* Connected to 10.195.70.12 (10.195.70.12) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 10.195.70.12:443
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 10.195.70.12 left intact
curl: (52) Empty reply from server

3.*curl -v --max-time 30 10.195.70.13:443 *

[root@lxapp14012 haproxy]# curl -v --max-time 30 10.195.70.13:443* About to
connect() to 10.195.70.13 port 443 (#0)
*   Trying 10.195.70.13...
* Connected to 10.195.70.13 (10.195.70.13) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 10.195.70.13:443
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 10.195.70.13 left intact
curl: (52) Empty reply from server

Re: Configuring HAProxy

[Aleksandar Lazic]

Hi.

please keep the mailinglist in the loop.

On 06.02.20 10:23, Akshay Mangla wrote:

Hi Aleksandar,

Apologies for sending in the screenshot.


No probs just a hint.


I got the following output when I ran the above commands :-

*1.curl -v --max-time 30 http://127.0.0.1:5001/*

[root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001 

* About to connect() to 127.0.0.1 port 5001 (#0)
*   Trying 127.0.0.1...
* Connection refused
* Failed connect to 127.0.0.1:5001 ; Connection refused
* Closing connection 0
curl: (7) Failed connect to 127.0.0.1:5001 ; Connection 
refused


Okay you should remove the "backend app" it looks like you don't need it.


*2. curl -v --max-time 30 http://10.195.77.21:7068*
*
*
* About to connect() to 10.195.77.21 port 7068 (#0)
*   Trying 10.195.77.21...
* Connected to 10.195.77.21 (10.195.77.21) port 7068 (#0)
 > GET / HTTP/1.1
 > User-Agent: curl/7.29.0
 > Host: 10.195.77.21:7068 
 > Accept: */*
 >
* Connection #0 to host 10.195.77.21 left intact*
*

*3.curl -v --max-time 30 http://10.195.77.22:7068*
*
*
* About to connect() to 10.195.77.22 port 7068 (#0)
*   Trying 10.195.77.22...
* Connected to 10.195.77.22 (10.195.77.22) port 7068 (#0)
 > GET / HTTP/1.1
 > User-Agent: curl/7.29.0
 > Host: 10.195.77.22:7068 
 > Accept: */*
 >
* Connection #0 to host 10.195.77.22 left intact*
*

*Following is the version of HAProxy*



[root@lxapp14012 ~]# haproxy -vv
HA-Proxy version 1.5.18 2016/05/10


[snipp]

Thanks. you sholuld consider to update it to the latest version.


*Also the outputs of the screenshot sent earlier is as below :-*

[root@lxapp14012 ~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

[root@lxapp14012 ~]# haproxy -db -f /etc/haproxy/haproxy.cfg
[WARNING] 036/201733 (14778) : Server static/static is DOWN, reason: Layer4 connection 
problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup 
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 036/201733 (14778) : backend 'static' has no server available!
[WARNING] 036/201733 (14778) : Server app/app1 is DOWN, reason: Layer4 connection 
problem, info: "Connection refused", check duration: 0ms. 3 active and 0 backup 
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 036/201734 (14778) : Server app/app2 is DOWN, reason: Layer4 connection 
problem, info: "Connection refused", check duration: 0ms. 2 active and 0 backup 
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 036/201734 (14778) : Server app/app3 is DOWN, reason: Layer4 connection 
problem, info: "Connection refused", check duration: 0ms. 1 active and 0 backup 
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 036/201734 (14778) : Server app/app4 is DOWN, reason: Layer4 connection 
problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup 
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 036/201734 (14778) : backend 'app' has no server available!


Yes clear there are no servers on the localhost.


[WARNING] 036/201734 (14778) : Server haproxy_httpd/lxapp14058.dc.corp.telstra.com 
 is DOWN, reason: Layer7 invalid response, info: 
"<15><03><03>", check duration: 1ms. 1 active and 0 backup servers left. 0 sessions 
active, 0 requeued, 0 remaining in queue.
[WARNING] 036/201735 (14778) : Server haproxy_httpd/lxapp14059.dc.corp.telstra.com 
 is DOWN, reason: Layer7 invalid response, info: 
"<15><03><03>", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions 
active, 0 requeued, 0 remaining in queue.
[ALERT] 036/201735 (14778) : backend 'haproxy_httpd' has no server available!


Looks like the backend expect https or tcp.

Which protocol expect the servers lxapp*.dc.corp.telstra.com ?


Regards,
Akshay


Regards
Aleks


On Thu, Feb 6, 2020 at 1:43 PM Aleksandar Lazic mailto:al-hapr...@none.at>> wrote:

Hi.

On 06.02.20 07:08, Akshay Mangla wrote:
 > Hi HAProxy Team,
 >
 > I have been trying to install HAProxy on my vm machine and facing some 
difficulties in doing so.
 >
 > Following is the HAProxy config file that we have currently.
 >
 > #-
 > # Example configuration for a possible web application.  See the
 > # full configuration options online.
 > #
 > # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
 > #
 > #-
 >
 > #-
 > # Global settings
 > #-
 > global
 >      # to have these messages end up in 

Re: Configuring HAProxy

[Aleksandar Lazic]

Hi.

On 06.02.20 07:08, Akshay Mangla wrote:

Hi HAProxy Team,

I have been trying to install HAProxy on my vm machine and facing some 
difficulties in doing so.

Following is the HAProxy config file that we have currently.

#-
# Example configuration for a possible web application.  See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#-

#-
# Global settings
#-
global
     # to have these messages end up in /var/log/haproxy.log you will
     # need to:
     #
     # 1) configure syslog to accept network log events.  This is done
     #    by adding the '-r' option to the SYSLOGD_OPTIONS in
     #    /etc/sysconfig/syslog
     #
     # 2) configure local2 events to go to the /var/log/haproxy.log
     #   file. A line like the following can be added to
     #   /etc/sysconfig/syslog
     #
     #    local2.*                       /var/log/haproxy.log
     #
     log         127.0.0.1 local2

     chroot      /var/lib/haproxy
     pidfile     /var/run/haproxy.pid
     maxconn     4000
     user        haproxy
     group       haproxy
     daemon

     # turn on stats unix socket
     stats socket /var/lib/haproxy/stats

#-
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#-
defaults
     mode                    http
     log                     global
     option                  httplog
     option                  dontlognull
     option http-server-close
     option forwardfor       except 127.0.0.0/8
     option                  redispatch
     retries                 3
     timeout http-request    10s
     timeout queue           1m
     timeout connect         10s
     timeout client          1m
     timeout server          1m
     timeout http-keep-alive 10s
     timeout check           10s
     maxconn                 3000

#-
# main frontend which proxys to the backends
#-
frontend  main *:5000
     acl url_static       path_beg       -i /static /images /javascript 
/stylesheets
     acl url_static       path_end       -i .jpg .gif .png .css .js

     use_backend static          if url_static
     default_backend             app

#-
# static backend for serving up images, stylesheets and such
#-
backend static
     balance     roundrobin
     server      static 127.0.0.1:4331 check

#-
# round robin balancing between the various backends
#-
backend app
     balance     roundrobin
     server  app1 127.0.0.1:5001 check
     server  app2 127.0.0.1:5002 check
     server  app3 127.0.0.1:5003 check
     server  app4 127.0.0.1:5004 check

frontend haproxy_inbound
         bind *:7068
         default_backend haproxy_httpd

backend haproxy_httpd
         balance roundrobin
         mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
         option httpchk
         server lxapp14058.dc.corp.telstra.com 10.195.77.21:7068 check
         server lxapp14059.dc.corp.telstra.com 10.195.77.22:7068 check


I have added the lines at the end which are colored and ran the command ---> 
*/haproxy -c -f /etc/haproxy/haproxy.cfg/* which gave me an output that 
/*configuration file is valid*/.

When i tried to start it manually (in foreground, to test) with ---> */haproxy 
-db -f /etc/haproxy/haproxy.cfg/* it started giving me an error
image.png


I love screenshots, it's so easy to copy some text out of them ;-).
My suggestion would be to copy the text from the console to the mail
instead the screenshot.


Can you help me resolve this issue as I am stuck on this. Any suggestions would 
be appreciated.


I would assume that the backend is not a http backend as the httpchk fails.
What do you get when you execute the follwoing command from haproxy maschine?

curl -v --max-time 30 127.0.0.1:5001
curl -v --max-time 30 http://10.195.77.21:7068
curl -v --max-time 30 http://10.195.77.22:7068


Do let me know if you need any further information on this.


Which haproxy version do you use?
haproxy -vv



Regards,
Akshay


Regards
Aleks

Configuring HAProxy

[Akshay Mangla]

Hi HAProxy Team,

I have been trying to install HAProxy on my vm machine and facing some
difficulties in doing so.

Following is the HAProxy config file that we have currently.

#-
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#-

#-
# Global settings
#-
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.  This is done
#by adding the '-r' option to the SYSLOGD_OPTIONS in
#/etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
#   file. A line like the following can be added to
#   /etc/sysconfig/syslog
#
#local2.*   /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot  /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
userhaproxy
group   haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#-
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#-
defaults
modehttp
log global
option  httplog
option  dontlognull
option http-server-close
option forwardfor   except 127.0.0.0/8
option  redispatch
retries 3
timeout http-request10s
timeout queue   1m
timeout connect 10s
timeout client  1m
timeout server  1m
timeout http-keep-alive 10s
timeout check   10s
maxconn 3000

#-
# main frontend which proxys to the backends
#-
frontend  main *:5000
acl url_static   path_beg   -i /static /images /javascript
/stylesheets
acl url_static   path_end   -i .jpg .gif .png .css .js

use_backend static  if url_static
default_backend app

#-
# static backend for serving up images, stylesheets and such
#-
backend static
balance roundrobin
server  static 127.0.0.1:4331 check

#-
# round robin balancing between the various backends
#-
backend app
balance roundrobin
server  app1 127.0.0.1:5001 check
server  app2 127.0.0.1:5002 check
server  app3 127.0.0.1:5003 check
server  app4 127.0.0.1:5004 check

frontend haproxy_inbound
bind *:7068
default_backend haproxy_httpd

backend haproxy_httpd
balance roundrobin
mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
option httpchk
server lxapp14058.dc.corp.telstra.com 10.195.77.21:7068 check
server lxapp14059.dc.corp.telstra.com 10.195.77.22:7068 check


I have added the lines at the end which are colored and ran the command
--->  *haproxy -c -f /etc/haproxy/haproxy.cfg* which gave me an output
that *configuration
file is valid*.

When i tried to start it manually (in foreground, to test) with ---> *haproxy
-db -f /etc/haproxy/haproxy.cfg* it started giving me an error
[image: image.png]

Can you help me resolve this issue as I am stuck on this. Any suggestions
would be appreciated.

Do let me know if you need any further information on this.

Regards,
Akshay

Re: Configuring HAProxy session limits

[Àbéjídé Àyodélé]

Thanks for your response! It clarified alot.

Re: Configuring HAProxy session limits

[Moemen MHEDHBI]

Hi Àbéjídé,


On 24/07/2018 17:59, Àbéjídé Àyodélé wrote:
> Hi Friends,
>
> I am trying to bump session limits via the maxconn in the global
> section as
> below:
>
> cat /etc/haproxy/redacted-haproxy.cfg
> global
>   maxconn 1
>   stats socket /var/run/redacted-haproxy-stats.sock user haproxy group
> haproxy
> mode 660 level operator expose-fd listeners
>
> frontend redacted-frontend
>   mode tcp
>   bind :2004
>   default_backend redacted-backend
>
> backend redacted-backend
>   mode tcp
>   balance leastconn
>   hash-type consistent
>
>   server redacted_0 redacted01.qa:8443 
> check agent-check agent-port 8080 weight 100
> send-proxy
>   server redacted-684994ccd-6rn9q 192.168.39.223:8443
>  check port 8443 weight 100
> send-proxy
>   server redacted-684994ccd-c88d9 192.168.46.66:8443
>  check port 8443 weight 100
> send-proxy
>   server redacted-canary-58ccdb7cf4-47f4m 192.168.53.47:8443
>  check port 8443
> weight 100 send-proxy
>
> NOTE: I removed some portion of the config for conciseness sake.
>
> However this did not seem to have any impact on HAProxy after a reload
> as seen
> below:
>
> echo "show stat" | socat
> unix-connect:/var/run/redacted-haproxy-stats.sock stdio
> | cut -d"," -f7
> slim
> 2000
>
>
>
>
> 200

When slim is used in a Frontend line (in your case: redacted-frontend)
it refers to the maxconn of the frontend.
By default, when maxconn is not specified it is equal to 2000:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-maxconn

When slim is used in a Backend line (in your case: redacted-backend) it
refers to the fullconn param because backends does not have maxconns.
The fullconn param is a little bit more complicated to understand than
maxconn. You can find more information about it in the doc:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-fullconn
or if you search the mailing list history but most of the time you don't
need to use it.
To understand the 200 value, you need to consider the following
statement from the doc :
> Since it's hard to get this value right, haproxy automatically sets it
to 10% of the sum of the maxconns of all frontends that may branch to
this backend
So 10% of 2000 = 200

++
- Moemen.
>
> I do not know where 2000 and 200 are coming from as I did not at any point
> configure that, the maxconn was previously 4096.
>
> A more detailed stats output is below:
>
> echo "show stat" | socat
> unix-connect:/var/run/redacted-haproxy-stats.sock stdio
> #
> pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,agent_status,agent_code,agent_duration,check_desc,agent_desc,check_rise,check_fall,check_health,agent_rise,agent_fall,agent_health,addr,cookie,mode,algo,conn_rate,conn_rate_max,conn_tot,intercepted,dcon,dses,
> redacted-frontend,FRONTEND,,,0,2,2000,3694,0,0,0,0,0,OPEN,1,2,00,3,0,9,,,0,0,0,,,0,0,0,0,tcp,,3,9,3694,,0,0,
> redacted-backend,redacted_0,0,0,0,1,,2,0,0,,0,,0,0,0,0,UP,94,1,0,0,0,1582,0,,1,3,1,,2,,2,0,,1,L4OK,,0,,,0,0,683,,via
> agent : up,0,0,0,0,L7OK,0,50,Layer4 check passed,Layer7 check
> passed,2,3,4,1,1,1,10.185.57.54:8443
> ,,tcp
> redacted-backend,redacted-684994ccd-6rn9q,0,0,0,1,,46,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,2,,46,,2,0,,1,L4OK,,0,,,0,0,6,,,0,0,0,1Layer4
> check passed,,2,3,4192.168.39.223:8443
> ,,tcp
> redacted-backend,redacted-684994ccd-c88d9,0,0,0,1,,45,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,3,,45,,2,0,,1,L4OK,,0,,,0,0,12,,,0,0,0,0Layer4
> check passed,,2,3,4192.168.46.66:8443
> ,,tcp
> redacted-backend,redacted-canary-58ccdb7cf4-47f4m,0,0,0,1,,45,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,4,,45,,2,0,,1,L4OK,,0,,,0,0,10,,,0,0,0,1Layer4
> check passed,,2,3,4192.168.53.47:8443
> ,,tcp
> redacted-backend,BACKEND,0,0,0,2,200,3694,0,0,0,0,,0,0,0,0,UP,394,4,0,,0,1582,0,,1,3,0,,138,,1,3,,9,,0,0,0,0,0,0,6,,,0,0,0,1,,tcp,leastconn,,,
>
> I need guidance on what I need to do to configure session limits
> correctly and
> also make it reflect in the exported metrics.
>
> Thanks!
>
> Abejide Ayodele
> It always seems impossible until it's done. --Nelson Mandela

Configuring HAProxy session limits

[Àbéjídé Àyodélé]

Hi Friends,

I am trying to bump session limits via the maxconn in the global section as
below:

cat /etc/haproxy/redacted-haproxy.cfg
global
  maxconn 1
  stats socket /var/run/redacted-haproxy-stats.sock user haproxy group
haproxy
mode 660 level operator expose-fd listeners

frontend redacted-frontend
  mode tcp
  bind :2004
  default_backend redacted-backend

backend redacted-backend
  mode tcp
  balance leastconn
  hash-type consistent

  server redacted_0 redacted01.qa:8443 check agent-check agent-port 8080
weight 100
send-proxy
  server redacted-684994ccd-6rn9q 192.168.39.223:8443 check port 8443
weight 100
send-proxy
  server redacted-684994ccd-c88d9 192.168.46.66:8443 check port 8443 weight
100
send-proxy
  server redacted-canary-58ccdb7cf4-47f4m 192.168.53.47:8443 check port 8443
weight 100 send-proxy

NOTE: I removed some portion of the config for conciseness sake.

However this did not seem to have any impact on HAProxy after a reload as
seen
below:

echo "show stat" | socat unix-connect:/var/run/redacted-haproxy-stats.sock
stdio
| cut -d"," -f7
slim
2000




200

I do not know where 2000 and 200 are coming from as I did not at any point
configure that, the maxconn was previously 4096.

A more detailed stats output is below:

echo "show stat" | socat unix-connect:/var/run/redacted-haproxy-stats.sock
stdio
#
pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,agent_status,agent_code,agent_duration,check_desc,agent_desc,check_rise,check_fall,check_health,agent_rise,agent_fall,agent_health,addr,cookie,mode,algo,conn_rate,conn_rate_max,conn_tot,intercepted,dcon,dses,
redacted-frontend,FRONTEND,,,0,2,2000,3694,0,0,0,0,0,OPEN,1,2,00,3,0,9,,,0,0,0,,,0,0,0,0,tcp,,3,9,3694,,0,0,
redacted-backend,redacted_0,0,0,0,1,,2,0,0,,0,,0,0,0,0,UP,94,1,0,0,0,1582,0,,1,3,1,,2,,2,0,,1,L4OK,,0,,,0,0,683,,via
agent : up,0,0,0,0,L7OK,0,50,Layer4 check passed,Layer7 check
passed,2,3,4,1,1,1,10.185.57.54:8443,,tcp
redacted-backend,redacted-684994ccd-6rn9q,0,0,0,1,,46,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,2,,46,,2,0,,1,L4OK,,0,,,0,0,6,,,0,0,0,1Layer4
check passed,,2,3,4192.168.39.223:8443,,tcp
redacted-backend,redacted-684994ccd-c88d9,0,0,0,1,,45,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,3,,45,,2,0,,1,L4OK,,0,,,0,0,12,,,0,0,0,0Layer4
check passed,,2,3,4192.168.46.66:8443,,tcp
redacted-backend,redacted-canary-58ccdb7cf4-47f4m,0,0,0,1,,45,0,0,,0,,0,0,0,0,UP,100,1,0,0,0,1582,0,,1,3,4,,45,,2,0,,1,L4OK,,0,,,0,0,10,,,0,0,0,1Layer4
check passed,,2,3,4192.168.53.47:8443,,tcp
redacted-backend,BACKEND,0,0,0,2,200,3694,0,0,0,0,,0,0,0,0,UP,394,4,0,,0,1582,0,,1,3,0,,138,,1,3,,9,,0,0,0,0,0,0,6,,,0,0,0,1,,tcp,leastconn,,,

I need guidance on what I need to do to configure session limits correctly
and
also make it reflect in the exported metrics.

Thanks!

Abejide Ayodele
It always seems impossible until it's done. --Nelson Mandela

Re: Configuring HAproxy to Mbed tls implementation of TLS

[Lukas Tribus]

Hello,


On 1 February 2018 at 03:13, Mariam Abboush  wrote:
> Hello dear HAproxy stuff
>
>
> How can I configure HAproxy to a specific implementation of TLS, I mean for
> example " Mbed TLS" which is a security library dedicated to the embedded
> systems.

You can't.

Haproxy supports OpenSSL, and we try to make it work with OpenSSL
forks like LibreSSL and boringssl, but a different library is not
supported.



Lukas

Configuring HAproxy to Mbed tls implementation of TLS

[Mariam Abboush]

Hello dear HAproxy stuff


How can I configure HAproxy to a specific implementation of TLS, I mean for
example " Mbed TLS" which is a security library dedicated to the embedded
systems.

Thanks in advance


Mariam Abboush

Configuring HAProxy to send X_FORWARDED_FOR and X_REAL_IP at the same time.

[Daniel Todorov]

Hello,

I'm working for company which have software based on both headers, and if
one of them is missing, the software is not working properly. I find a way
to configure HAProxy to send each of them but separated. I need to find
solution which will make HAProxy to send both. Can I use reqadd or
http-request add-header/set-header to set a the second header?

Best Regards,
Daniel Todorov

Re: Configuring HAProxy to send X_FORWARDED_FOR and X_REAL_IP at the same time.

[Baptiste]

On Mon, May 26, 2014 at 10:03 AM, Daniel Todorov leinad...@gmail.com wrote:
 Hello,

 I'm working for company which have software based on both headers, and if
 one of them is missing, the software is not working properly. I find a way
 to configure HAProxy to send each of them but separated. I need to find
 solution which will make HAProxy to send both. Can I use reqadd or
 http-request add-header/set-header to set a the second header?

 Best Regards,
 Daniel Todorov

Hi Daniel

Yes, you can use http-request add-header to add headers. You can
extract source IP address using the acl 'src'.

Baptiste

Re: Configuring HAProxy to send X_FORWARDED_FOR and X_REAL_IP at the same time.

[Thomas Heil]

Hi,
On 26.05.2014 12:16, Daniel Todorov wrote:
 Hello Baptiste,

 can i extract the info from other header, because we using cloudflare
 infront of HAProxy?

You can also do things like,
--
http-request add-header X-Orig-IP %[req.hdr(X-Forwarded-For)]
--

this would add header X-Orig-IP with the values from X-Forwarded-For


 Best Regards,


 On Mon, May 26, 2014 at 12:15 PM, Baptiste bed...@gmail.com
 mailto:bed...@gmail.com wrote:

 On Mon, May 26, 2014 at 10:03 AM, Daniel Todorov
 leinad...@gmail.com mailto:leinad...@gmail.com wrote:
  Hello,
 
  I'm working for company which have software based on both
 headers, and if
  one of them is missing, the software is not working properly. I
 find a way
  to configure HAProxy to send each of them but separated. I need
 to find
  solution which will make HAProxy to send both. Can I use reqadd or
  http-request add-header/set-header to set a the second header?
 
  Best Regards,
  Daniel Todorov

 Hi Daniel

 Yes, you can use http-request add-header to add headers. You can
 extract source IP address using the acl 'src'.

 Baptiste