Re: need help with sftp and http config on a single config file

2018-10-19 Thread Imam Toufique 
Aah.., I see , it’s been awhile I have this, I seem to vaguely remember
about this now.

Yes I have sshd running on port 22, let me try a higher port for the
proxy.  But I can keep the 22 port number for my backend sftp servers,
correct?

Thanks Jarno, I appreciate your help very much!

—imam

On Fri, Oct 19, 2018 at 12:02 AM Jarno Huuskonen 
wrote:

> Hi,
>
> On Thu, Oct 18, Imam Toufique wrote:
> > *[root@crsplabnet2 examples]# haproxy -c -V -f /etc/haproxy/haproxy.cfg*
> > *Configuration file is valid*
> >
> > *when trying to start HA proxy, i see the following:*
> >
> > *[root@crsplabnet2 examples]# haproxy -D -f /etc/haproxy/haproxy.cfg -p
> > /var/run/haproxy.pid*
> > *[ALERT] 290/234618 (5889) : Starting frontend www-ssh-proxy: cannot bind
> > socket [0.0.0.0:22 ]*
>
> Do you have sshd already running on the haproxy server ?
> (Use netstat -tunapl / ss (something like ss -tlnp '( dport = :ssh or
> sport = :ssh )')
> to see if sshd is already listening on port 22).
>
> If you've sshd running on port 22 then you have to use different port or
> ipaddress for sshd / haproxy(www-ssh-proxy)
>
> -Jarno
>
> --
> Jarno Huuskonen
>
-- 
Regards,
*Imam Toufique*
*213-700-5485*

Re: need help with sftp and http config on a single config file

2018-10-19 Thread Jarno Huuskonen 
Hi,

On Thu, Oct 18, Imam Toufique wrote:
> *[root@crsplabnet2 examples]# haproxy -c -V -f /etc/haproxy/haproxy.cfg*
> *Configuration file is valid*
> 
> *when trying to start HA proxy, i see the following:*
> 
> *[root@crsplabnet2 examples]# haproxy -D -f /etc/haproxy/haproxy.cfg -p
> /var/run/haproxy.pid*
> *[ALERT] 290/234618 (5889) : Starting frontend www-ssh-proxy: cannot bind
> socket [0.0.0.0:22 ]*

Do you have sshd already running on the haproxy server ?
(Use netstat -tunapl / ss (something like ss -tlnp '( dport = :ssh or sport = 
:ssh )')
to see if sshd is already listening on port 22).

If you've sshd running on port 22 then you have to use different port or
ipaddress for sshd / haproxy(www-ssh-proxy)

-Jarno

-- 
Jarno Huuskonen

need help with sftp and http config on a single config file

2018-10-19 Thread Imam Toufique 
Hi,

I am working on a setup where I can host sftp and http from the same HA
proxy frontend, as I am having trouble with it.

here is my config file:
-

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

defaults
   log global
   mode http
   option tcplog
   option dontlognull
   timeout connect 5000
   timeout client 5
   timeout server 5

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back
   mode http
   option forwardfor   # forward IP
   http-request set-header X-Forwarded-Port %[dst_port]
   http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend http_back
   balance roundrobin # roundrobin is rotate customers into backend server
   server  web1 10.1.100.156:80 check inter 2000 cookie w1
   server  web2 10.1.100.160:80 check inter 2000 cookie w1
   timeout connect 90
   timeout server 90

frontend www-ssh-proxy
  bind *:22
  mode tcp
  default_backend www-ssh-proxy-backend

backend www-ssh-proxy-backend
   mode tcp
   balance roundrobin
   stick-table type ip size 200k expire 30m
   stick on src
   default-server inter 1s
   server web1 10.1.100.156:22 check id 1
   server web2 10.1.100.160:22 check id 2

I would like SFTP and HTTP to live happily in the same HA proxy config.
When I run the configuration check, everything seems to be fine.

*[root@crsplabnet2 examples]# haproxy -c -V -f /etc/haproxy/haproxy.cfg*
*Configuration file is valid*

*when trying to start HA proxy, i see the following:*

*[root@crsplabnet2 examples]# haproxy -D -f /etc/haproxy/haproxy.cfg -p
/var/run/haproxy.pid*
*[ALERT] 290/234618 (5889) : Starting frontend www-ssh-proxy: cannot bind
socket [0.0.0.0:22 ]*

*I am not sure what I am doing wrong here.  I have not setup sftp and
http in one system before.*

*Can you please give me a hand with this? *

*thanks a lot!*



-- 
Regards,
*Imam Toufique*
*213-700-5485*