Re: Is it possible for a http frontend using a tcp backend?

2020-08-27 Thread Hongyi Zhao
On Thu, Aug 27, 2020 at 9:51 AM Willy Tarreau  wrote:
>
> Hi,
>
> On Mon, Aug 17, 2020 at 10:09:36PM +0800, Hongyi Zhao wrote:
> > Hi,
> >
> > Is it possible for the following settings in haproxy:
> >
> > A http frontend listening on the localhost:18887 which uses a backend
> > consisting of several remote socks5 servers?
>
> Not exactly, however you can use a socks4 encapsulation when reaching a
> server. That doesn't change the http mode on the backend, it just inserts
> a socks4 "header" on the connection to the server.

Are there examples/tutorials for this case?

> We don't support socks5
> however, I seem to remember that it requires more than just a prefix in
> each direction.
>
> Hoping this helps,
> Willy



-- 
Hongyi Zhao 



Is it possible for a http frontend using a tcp backend?

2020-08-17 Thread Hongyi Zhao
Hi,

Is it possible for the following settings in haproxy:

A http frontend listening on the localhost:18887 which uses a backend
consisting of several remote socks5 servers?

Regards
-- 
Hongyi Zhao 



Stick to the same upstream socks5 server for the same tcp session.

2020-07-09 Thread Hongyi Zhao
Hi,

I config haproxy as a layer 4 socks5 load balancing gateway which use
several upstream socks5 servers and listening on 127.0.0.1:1. When
I use this aggregated local socks5 server for registering a user
account on wine forum here:  https://forum.winehq.org/, I always
failed in this job. Finally I find that it requires a fixed client
side IP address during the whole registration process.

So, it seems that if haproxy can stick to the same upstream socks5
server for the same tcp session, the above problem will be solved. How
should I config my haproxy for this purpose?

-- 
Hongyi Zhao 



Using tcp-check method for checking multiple local socks5 servers.

2019-06-21 Thread Hongyi Zhao
Hi all,

I've several socks5 servers running locally on the following ports:

127.0.0.1:1081
127.0.0.1:1082
127.0.0.1:1083
127.0.0.1:1084

All of them can be anonymous accessed locally, I want to balance the
using of them for offering one robust socks5 proxy on 127.0.0.1:8889.

So, I using the following config:

--
global
maxconn 4096
daemon
nbproc 3

defaults
 mode tcp
 retries 3
 option redispatch
 timeout connect 3000
 timeout server 5000
 timeout client 5000

listen socks5-balance
   bind0.0.0.0:8889
   balance roundrobin

server socks5-1 127.0.0.1:1081 check
server socks5-2 127.0.0.1:1082 check
server socks5-3 127.0.0.1:1083 check
server socks5-4 127.0.0.1:1084 check
---

The above configuration can work smoothly, but I want to do further
health checking based on the the following google's website:

http://client3.google.com/generate_204

I know that the tcp-check option for the server line in the haproxy
can do this job for me.

Basically, I want to let the haproxy simulate the following actions
for health-checking on these socks servers:

curl --socks5 127.0.0.1:1081 http://client3.google.com/generate_204
curl --socks5 127.0.0.1:1082 http://client3.google.com/generate_204
curl --socks5 127.0.0.1:1083 http://client3.google.com/generate_204
curl --socks5 127.0.0.1:1084 http://client3.google.com/generate_204

Based on the instructions given here:

https://blog.yuanbin.me/posts/2018-06/2018-06-30_21-26-14/

I changed my config into the following

-
global
maxconn 4096
daemon
nbproc 3

defaults
 mode tcp
 retries 3
 option redispatch
 timeout connect 3000
 timeout server 5000
 timeout client 5000

listen socks5-balance
   bind0.0.0.0:8889
   balance roundrobin
option tcp-check
tcp-check connect
tcp-check send-binary 05020001
tcp-check expect binary 0500
tcp-check send-binary 0501000312636c69656e74332e676f6f676c652e636f6d0050
tcp-check expect binary 050106b5
tcp-check send GET\ /generate_204\ HTTP/1.1\r\n
tcp-check send Host:\ client3.google.com\r\n
tcp-check send User-Agent:\ curl/7.54.0\r\n
tcp-check send Accept:\ */*\r\n
tcp-check send \r\n
tcp-check expect rstring ^HTTP/1.1\ 204
hash-type consistent # optional

server socks5-1 127.0.0.1:1081 check
server socks5-2 127.0.0.1:1082 check
server socks5-3 127.0.0.1:1083 check
server socks5-4 127.0.0.1:1084 check
-

But, this time, when I starting the haproxy with the above config, I
meet the following errors:


$ sudo haproxy -db -f haproxy.cfg.test
[WARNING] 172/103332 (31229) : Server socks5-balance/socks5-4 is DOWN,
reason: Layer7 invalid response, info: "TCPCHK did not match content
'<05>' at step 5", check duration: 382ms. 3 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 172/103332 (31229) : Server socks5-balance/socks5-1 is DOWN,
reason: Layer7 timeout, info: " at step 5 of tcp-check (expect string
'<05>')", check duration: 2000ms. 2 active and 0 backup servers left.
0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 172/10 (31229) : Server socks5-balance/socks5-2 is DOWN,
reason: Layer7 timeout, info: " at step 5 of tcp-check (expect string
'<05>')", check duration: 2001ms. 1 active and 0 backup servers left.
0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 172/10 (31229) : Server socks5-balance/socks5-3 is DOWN,
reason: Layer7 timeout, info: " at step 5 of tcp-check (expect string
'<05>')", check duration: 2000ms. 0 active and 0 backup servers left.
0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 172/10 (31229) : proxy 'socks5-balance' has no server available!


How to solve this issue, thanks for your time.

Regards
-- 
Hongsheng Zhao 
Institute of Semiconductors, Chinese Academy of Sciences
GnuPG DSA: 0xD108493



Re: Health check for backend constituted with multiple socks proxies.

2015-04-06 Thread Hongyi Zhao
On Fri, 03 Apr 2015 11:10:31 +0200, Baptiste wrote:

 I mean what happens if you point your browser directly to one of the Ip
 address?
 Cause, what you're doing with your HAProxy configuration currently, is
 only forwarding the TCP connection from a browser client to a socks5
 server.
 If your browser client don't know how to speak to the socks5 server,
 HAProxy won't do it on behalf of it.
 So please confirm first the browser can use any of the listed IP without
 using HAProxy.

Because these all are * free * socks5 proxy servers found on the 
internet, the stability cann't be ensured.  Some of them can be used to 
let my browser directly access the internet, some may not; or if do the 
test in different time, the one cann't becomes good, and vice versa.  
Based on the above fact, I want to use all of them in one group of the 
backend of haproxy to get the redundancy and the loadbalance capability.  
The only issue for my case it that I want let haproxy to determine the 
correspoing server are up or down at the specific port and then direct me 
the up ones at the testing time done by haproxy.

Regards  

 
 Then we'll dig into your issue...
 
 Baptiste





-- 
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.




Re: Health check for backend constituted with multiple socks proxies.

2015-04-02 Thread Hongyi Zhao
On Thu, 02 Apr 2015 15:04:09 +0200, Baptiste wrote:

 Hi Hongyi,
 
 What happens if you brows directly one of the IP address???

These are socks5 proxies servers address, not websites.

What do you mean by saying that 'brows directly one of the IP address' 
for my case?

Regards
 
 Baptiste





-- 
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.




Health check for backend constituted with multiple socks proxies.

2015-04-02 Thread Hongyi Zhao
Hi all,

My haproxy.cfg is as follows:

-
global
maxconn 4096
daemon 
nbproc 3
defaults
 mode tcp   
 timeout connect 5000ms 
 timeout client 5ms
 timeout server 5ms 
frontend socks5
bind0.0.0.0:
default_backend socks5-balance
backend socks5-balance
balance roundrobin 

server socks5-1 104.220.35.112:48178 check
server socks5-2 104.236.196.208:1234 check
server socks5-3 113.61.111.196:60088 check
server socks5-4 114.94.131.120:8118 check
server socks5-5 115.119.233.36:2235 check
server socks5-6 115.29.49.52: check
server socks5-7 117.247.65.204:1080 check
server socks5-8 118.26.201.224:1080 check
server socks5-9 118.26.228.8:1080 check
...
server socks5-3194.23.80.193:60088 check
server socks5-3295.163.65.88:49389 check
-

I found that the the health-check results given by haproxy are not 
consistent with the real statues/availabilities of these servers listed 
in the backend section.

For example, when I use the -db mode to see the message on stdout, I can 
found that even haproxy reported there are serveral backend servers are 
available, I still cann't use 127.0.0.1: as proxy to access websites/
urls.

Any hints on how to let haproxy give a more precise/reliable/correctness 
health-check for this case? 

Thanks in advance.

Regards
-- 
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.