SV: Traffic from HAproxy get error 401 and 500

[Henning Svane]

Hi
I have tried haproxy -d and here I saw 401 and 500.
But I have also seen this, but I have and Error I do not how to fix:
odin@haproxy01:~$ sudo haproxy -d -f /home/odin/haproxy07e.cfg
Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result FAILED
Total: 3 (2 usable), will use epoll.

Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[COMP] compression
[TRACE] trace
Using epoll() as the polling mechanism.

But to your question
I have attached the file debug.txt which are the output from haproxy -d whenI 
try to open Outlook.
There are some errors but I do not what they mean.

Regards
Henning


Fra: Baptiste 
Sendt: 1. juni 2022 07:57
Til: Henning Svane 
Cc: haproxy@formilux.org
Emne: Re: Traffic from HAproxy get error 401 and 500



On Mon, May 30, 2022 at 11:58 PM Henning Svane 
mailto:h...@energy.dk>> wrote:
Hi
I have a strange problem.

I have a HAProxy with 2 NICs
NIC 1 VLAN 110 HAProxy have IP 10.40.152.10/28
NIC 2 VLAN 120 HAProxy have IP 10.40.252.10/28 is also 
the VLAN for Exchange server IP 10.40.252.11/28

I have a outlook client in VLAN 100 10.40.2.1/24
I have 2 cases for testing:
Case 1: VLAN 100 <-> FW <-> (NIC 1VLAN 110) HAProxy ( NIC 2 Exchange VLAN 120) 
<-> Exchange Server
Autodiscover.domain.com 10.40.152.10
Mail.doamin.com 10.40.152.10
Frontend:
acl XMail hdr(host) -i mail. domain.com autodiscover. 
domain.com domain.com
acl XMail_Autodiscover url_beg -i /Autodiscover
use_backend HA_DAG_XMail_Autodiscoverif XMail 
XMail_Autodiscover

Backend HA_DAG_XMail_Autodiscover:
server XMailDB01 XMailDB01.domain.com:443  
maxconn 100 ssl ca-file /etc/haproxy/crt/mail_domain_com.pem

Case 2: VLAN 100 <-> FW <-> VLAN 120 Exchange Server
Autodiscover.domain.com 10.40.252.11
Mail.doamin.com 10.40.252.11

Case 1 gives HTTP Error 401 and 500
Case 2 works as it should

Case 1
I have tried with fiddler to find out what goes on but have not found out why I 
get Error 401 and 500
I am capturing traffic from both NIC 1 and NIC 2 but I cannot relay find out 
what is going on and how to see what is the problem.

Hope somebody have an idear how to fix this.

Regards
Henning


Hi Henning,

You can start HAProxyin debug mode and check what happens and also share 
generated log lines, they may contain useful information such as termination 
status code for the session.

Baptiste
odin@haproxy01:~$ sudo haproxy -d -f /home/odin/haproxy07e.cfg
Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result FAILED
Total: 3 (2 usable), will use epoll.

Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[COMP] compression
[TRACE] trace
Using epoll() as the polling mechanism.
:FrontEnd_Xmail_L7_IPv4.accept(000b)=003e from [10.1.0.2:52410] 
ALPN=
:FrontEnd_Xmail_L7_IPv4.clireq[003e:]: POST 
/mapi/emsmdb/?MailboxId=2d28b5f2-df74-459e-a4f3-263c284e8...@domain.com HTTP/1.1
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: cache-control: no-cache
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: pragma: no-cache
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: content-type: 
application/mapi-http
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: accept: 
application/mapi-http
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: authorization: Bearer
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: user-agent: Microsoft 
Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.15225; Pro)
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: 
x-ms-cookieuri-requested: t
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-featureversion: 1
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: accept-auth: 
badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: client-request-id: 
{53DB4F87-2EE4-4650-8423-A40E36CA8623}
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-user-identity: 
administra...@domain.com
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-ms-account-type: 
Organization
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-accept: 
application/json
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-clientapplication: 
Outlook/16.0.15225.20070
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-clientinfo: 
{E234690D-749A-4C38-B229-3AA1D0638647}:86800015
:FrontEnd_Xmail_L7_IPv4.clihdr[003e:]: x-requestid: 
{BE3BB845-ED81-41AB-A692-14C9BF5A5042}:1

[PATCH] CLEANUP: Re-apply xalloc_size.cocci (2)

[Tim Duesterhus]

This reapplies the xalloc_size.cocci patch across the whole `src/` tree.

see 16cc16dd8235e7eb6c38b7abd210bd1e1d96b1d9
see 63ee0e4c01b94aee5fc6c6dd98cfc4480ae5ea46
---
 src/ncbuf.c  | 2 +-
 src/proto_quic.c | 2 +-
 src/quic_sock.c  | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ncbuf.c b/src/ncbuf.c
index 1944cfe34..adb32b57a 100644
--- a/src/ncbuf.c
+++ b/src/ncbuf.c
@@ -726,7 +726,7 @@ struct rand_off {
 static struct rand_off *ncb_generate_rand_off(const struct ncbuf *buf)
 {
struct rand_off *roff;
-   roff = calloc(1, sizeof(struct rand_off));
+   roff = calloc(1, sizeof(*roff));
BUG_ON(!roff);
 
roff->off = rand() % (ncb_size(buf));
diff --git a/src/proto_quic.c b/src/proto_quic.c
index 55aa4b50f..ab1bef18f 100644
--- a/src/proto_quic.c
+++ b/src/proto_quic.c
@@ -703,7 +703,7 @@ static int quic_alloc_dghdlrs(void)
 {
int i;
 
-   quic_dghdlrs = calloc(global.nbthread, sizeof(struct quic_dghdlr));
+   quic_dghdlrs = calloc(global.nbthread, sizeof(*quic_dghdlrs));
if (!quic_dghdlrs) {
ha_alert("Failed to allocate the quic datagram handlers.\n");
return 0;
diff --git a/src/quic_sock.c b/src/quic_sock.c
index 6207af703..a391006af 100644
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@@ -466,7 +466,8 @@ static int quic_alloc_accept_queues(void)
 {
int i;
 
-   quic_accept_queues = calloc(global.nbthread, sizeof(struct 
quic_accept_queue));
+   quic_accept_queues = calloc(global.nbthread,
+   sizeof(*quic_accept_queues));
if (!quic_accept_queues) {
ha_alert("Failed to allocate the quic accept queues.\n");
return 0;
-- 
2.36.1

Re: grooming IUS haproxy packages

[Илья Шипицин]

ср, 1 июн. 2022 г. в 18:17, William Lallemand :

> On Wed, Jun 01, 2022 at 09:50:20AM +0500, Илья Шипицин wrote:
> > Hello,
> >
> > I created couple of PRs
> >
> > HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20
> > (github.com) 
> > HAProxy 2.2.24 by chipitsine · Pull Request #21 · iusrepo/haproxy22
> > (github.com) 
> >
> > 2.0 and 2.2 are updated to their latest versions.
> > while I'm working on 2.4, 2.6, I would like to ask you to review current
> > packages
> >
>
> Thanks Ilya!
>
> > 1) which USE_XXX to add/remove
>
> Some of the flags could be removed since they are already in the
> linux-glibc target: USE_CRYPT_H, USE_GETADDRINFO.
>
> Starting with 2.4 we can do some changes:
>
> - don't use EXTRA_OBJS for the prometheus exporter, but USE_PROMEX=1
> - use USE_SLZ=1 instead of USE_ZLIB=1
>
> A possible update could be lua-5.4, but that's not a requirement.
>
>
> > 2) improving build process
>
> No idea for now.
>
> > 3) so on
> >
>
> I'm still confused about something, it looks like it only provides
> packages for RHEL/CentOS 7 or am I missing the other versions somewhere?
>


spec files work under centos 8 as well, but IUS currently builds only
centos 7, I haven't figured out how to add centous 8 yet


>
>
> > also, some of IUS packages do have READMEs in github, I'm looking for
> ideas
> > what to put to README.
> >
> I have no clue, that's probably not important.
>
> --
> William Lallemand
>

Re: grooming IUS haproxy packages

[William Lallemand]

On Wed, Jun 01, 2022 at 09:50:20AM +0500, Илья Шипицин wrote:
> Hello,
> 
> I created couple of PRs
> 
> HAProxy 2.0.29 by chipitsine · Pull Request #18 · iusrepo/haproxy20
> (github.com) 
> HAProxy 2.2.24 by chipitsine · Pull Request #21 · iusrepo/haproxy22
> (github.com) 
> 
> 2.0 and 2.2 are updated to their latest versions.
> while I'm working on 2.4, 2.6, I would like to ask you to review current
> packages
> 

Thanks Ilya! 

> 1) which USE_XXX to add/remove

Some of the flags could be removed since they are already in the
linux-glibc target: USE_CRYPT_H, USE_GETADDRINFO.

Starting with 2.4 we can do some changes:

- don't use EXTRA_OBJS for the prometheus exporter, but USE_PROMEX=1
- use USE_SLZ=1 instead of USE_ZLIB=1 

A possible update could be lua-5.4, but that's not a requirement.


> 2) improving build process

No idea for now.

> 3) so on
>

I'm still confused about something, it looks like it only provides
packages for RHEL/CentOS 7 or am I missing the other versions somewhere?


> also, some of IUS packages do have READMEs in github, I'm looking for ideas
> what to put to README.
>
I have no clue, that's probably not important.

-- 
William Lallemand

Re: What does HAProxy do?

[Илья Шипицин]

Hello,

is it publicly available? or some private document ?
I'm not sure what BOM list is.

as for HAProxy, you can find more information here

https://www.haproxy.org (community edition)
https://www.haproxy.com (enterprise edition)

ср, 25 мая 2022 г. в 18:16, Turritopsis Dohrnii Teo En Ming <
tdtemc...@gmail.com>:

> Dear Ilya,
>
> We have a Software BOM list.
>
> HAProxy is among many commercial and open source software in the list.
>
> Regards,
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
>
> On Wed, 25 May 2022 at 01:40, Илья Шипицин  wrote:
> >
> > Hello, Turritopsis!
> >
> > Please tell us how you found that your organization is using HAProxy.
> >
> > Ilya
> >
> > вт, 24 мая 2022 г. в 18:04, Turritopsis Dohrnii Teo En Ming <
> tdtemc...@gmail.com>:
> >>
> >> Subject: What does HAProxy do?
> >>
> >> Good day from Singapore,
> >>
> >> I notice that my company/organization uses HAProxy. What does it do?
> >>
> >> How do I setup and configure it? Are there excellent and well written
> >> guides on doing so?
> >>
> >> Just being curious.
> >>
> >> Thank you.
> >>
> >> Regards,
> >>
> >> Mr. Turritopsis Dohrnii Teo En Ming
> >> Targeted Individual in Singapore
> >> 24 May 2022 Tuesday
> >>
>