Re: Question about httplog and backend prot

[Aleksandar Lazic]

Am 24.05.2019 um 16:30 schrieb Moemen MHEDHBI:
> 
> On 19/05/2019 00:28, Aleksandar Lazic wrote:
>> Hi.
>>
>> I have the following setup

[snipp]

>> What variable can I use for the log to see which protocol is used for the
>> backend, as with htx the frontend can have different http proto then the 
>> backend?
>>
>> I haven't seen any variable in the custom log fields which reflects the 
>> backend
>> protocol.
>> https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#8.2.4
>>
>> Best regards
>> Aleks
> 
> Hey Aleksandar,
> 
> Is "bc_http_major" what you are looking for?
> https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.3-bc_http_major
> 
> But in this case it will be always http1 since there is no alpn
> directive in the server line.
> 
> Unless you're looking for the http protocol in the frontend side and
> this can be fetched with fc_http_major.
> 
> Anyway you can use the following log-line to see both:
> 
>     log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC
> %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r
> proto_frontend:%[fc_http_major] proto_backend:%[bc_http_major]"

Thanks I have overseen it.

Regards
Aleks

Re: Question about httplog and backend prot

[Moemen MHEDHBI]

On 19/05/2019 00:28, Aleksandar Lazic wrote:
> Hi.
>
> I have the following setup
>
> ```
> frontend public_ssl
>
> bind :::443 v4v6
>
> option tcplog
>
> tcp-request inspect-delay 5s
> tcp-request content capture req.ssl_sni len 25
> tcp-request content accept if { req.ssl_hello_type 1 }
>   
> # https://www.haproxy.com/blog/introduction-to-haproxy-maps/
> use_backend
> %[req.ssl_sni,lower,map(/usr/local/etc/haproxy/tcp-domain2backend-map.txt)]
>
> default_backend be_sni
>
> backend be_sni
>   server fe_sni 127.0.0.1:10444 weight 10 send-proxy-v2-ssl-cn
>
> frontend https-in
>
> # terminate ssl
> bind 127.0.0.1:10444 accept-proxy ssl strict-sni alpn h2,http/1.1 crt
> /usr/local/etc/haproxy-certs
>
> mode http
> option forwardfor
> option httplog
> option http-use-htx
> option http-ignore-probes
>
> # https://www.haproxy.com/blog/introduction-to-haproxy-maps/
> use_backend
> %[req.hdr(host),lower,map(/usr/local/etc/haproxy/http-domain2backend-map.txt)]
>
> #-
> #  backends
> #-
>
> backend nextcloud-backend
> mode http
> option http-use-htx
> option httpchk GET / HTTP/1.1\r\nHost:\ cloud.Domain.com
> server short-cloud 127.0.0.1:81 check
> ```
>
> I know that the backend can't handle h2.
> The log line looks like this.
>
> ```
> :::Client-IP:4552 [18/May/2019:18:21:33.886] https-in~
> nextcloud-backend/short-cloud 0/0/0/53/53 200 691 - -  21/3/0/0/0 0/0 "GET
> /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0"
> ```
>
> What variable can I use for the log to see which protocol is used for the
> backend, as with htx the frontend can have different http proto then the 
> backend?
>
> I haven't seen any variable in the custom log fields which reflects the 
> backend
> protocol.
> https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#8.2.4
>
> Best regards
> Aleks

Hey Aleksandar,

Is "bc_http_major" what you are looking for?
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.3-bc_http_major

But in this case it will be always http1 since there is no alpn
directive in the server line.

Unless you're looking for the http protocol in the frontend side and
this can be fetched with fc_http_major.

Anyway you can use the following log-line to see both:

    log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC
%CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r
proto_frontend:%[fc_http_major] proto_backend:%[bc_http_major]"

-- 
Moemen 

Question about httplog and backend prot

[Aleksandar Lazic]

Hi.

I have the following setup

```
frontend public_ssl

bind :::443 v4v6

option tcplog

tcp-request inspect-delay 5s
tcp-request content capture req.ssl_sni len 25
tcp-request content accept if { req.ssl_hello_type 1 }

# https://www.haproxy.com/blog/introduction-to-haproxy-maps/
use_backend
%[req.ssl_sni,lower,map(/usr/local/etc/haproxy/tcp-domain2backend-map.txt)]

default_backend be_sni

backend be_sni
  server fe_sni 127.0.0.1:10444 weight 10 send-proxy-v2-ssl-cn

frontend https-in

# terminate ssl
bind 127.0.0.1:10444 accept-proxy ssl strict-sni alpn h2,http/1.1 crt
/usr/local/etc/haproxy-certs

mode http
option forwardfor
option httplog
option http-use-htx
option http-ignore-probes

# https://www.haproxy.com/blog/introduction-to-haproxy-maps/
use_backend
%[req.hdr(host),lower,map(/usr/local/etc/haproxy/http-domain2backend-map.txt)]

#-
#  backends
#-

backend nextcloud-backend
mode http
option http-use-htx
option httpchk GET / HTTP/1.1\r\nHost:\ cloud.Domain.com
server short-cloud 127.0.0.1:81 check
```

I know that the backend can't handle h2.
The log line looks like this.

```
:::Client-IP:4552 [18/May/2019:18:21:33.886] https-in~
nextcloud-backend/short-cloud 0/0/0/53/53 200 691 - -  21/3/0/0/0 0/0 "GET
/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0"
```

What variable can I use for the log to see which protocol is used for the
backend, as with htx the frontend can have different http proto then the 
backend?

I haven't seen any variable in the custom log fields which reflects the backend
protocol.
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#8.2.4

Best regards
Aleks