Hi,
this *feels* like a silly question and I may have missed something
pretty obvious, but... I've tried to use the "source" keyword and
it doesn't work. HAProxy does not use the specified IP address when
connecting to the server.
Is this keyword supposed to work on FreeBSD or are there any known
caveats?
Below is my HAProxy config. I've tried both, adding the keyword on the
"server" line and just adding it to a backend section, either way it
does not work. The config currently contains both variants for
demonstration purposes.
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group
proxy mode 775 level admin expose-fd listeners
nbproc 1
nbthread2
tune.ssl.default-dh-param 1024
spread-checks 2
tune.chksize16384
tune.bufsize16384
tune.lua.maxmem 0
log /var/run/log local0
defaults
log global
option redispatch -1
timeout client 3
timeout connect 3
timeout server 3
retries 3
frontend galera_frontend
bind db.example.com:3306 name db.example.com:3306
mode tcp
default_backend galera_backend
maxconn 2000
timeout client 8h
option log-separate-errors
option tcplog
backend galera_backend
option log-health-checks
option httpchk GET / HTTP/1.0
http-check expect string "is synced"
mode tcp
balance source
timeout connect 3m
timeout check 2m
timeout server 12h
retries 10
source 192.168.77.20
server db1_active db1.example.com:3306 check inter 1 port 9200
source 192.168.77.20
server db2_backup db2.example.com:3306 check inter 1 port 9200
backup source 192.168.77.20
# uname -omv
FreeBSD FreeBSD 11.2-RELEASE-p20-HBSD 07ef86ce9ca(stable/20.1) amd64
# haproxy -vv
HA-Proxy version 2.0.14 2020/04/02 - https://haproxy.org/
Build options :
TARGET = freebsd
CPU = generic
CC = cc
CFLAGS = -O2 -pipe -DHARDENEDBSD -fPIE -fPIC -fstack-protector-all
-fno-strict-aliasing -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv -Wno-address-of-packed-member -Wno-unused-label
-Wno-sign-compare -Wno-unused-parameter -Wno-ignored-qualifiers
-Wno-missing-field-initializers -Wno-implicit-fallthrough -Wtype-limits
-Wshift-negative-value -Wnull-dereference -DFREEBSD_PORTS
OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_REGPARM=1 USE_STATIC_PCRE=1
USE_GETADDRINFO=1 USE_OPENSSL=1 USE_LUA=1 USE_ACCEPT4=1 USE_ZLIB=1
USE_CPU_AFFINITY=1
Feature list : -EPOLL +KQUEUE -MY_EPOLL -MY_SPLICE -NETFILTER +PCRE
+PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD
-PTHREAD_PSHARED +REGPARM +STATIC_PCRE -STATIC_PCRE2 +TPROXY
-LINUX_TPROXY -LINUX_SPLICE +LIBCRYPT -CRYPT_H -VSYSCALL +GETADDRINFO
+OPENSSL +LUA -FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY -TFO
-NS -DL -RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER
-PRCTL -THREAD_DUMP -EVPORTS
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=4).
Built with OpenSSL version : OpenSSL 1.1.1f 31 Mar 2020
Running on OpenSSL version : OpenSSL 1.1.1g 21 Apr 2020
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with transparent proxy support using: IP_BINDANY IPV6_BINDANY
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.43 2019-02-23
Running on PCRE version : 8.43 2019-02-23
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Available polling systems :
kqueue : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use kqueue.
Available multiplexer protocols :
(protocols marked as cannot be specified using 'proto'
keyword)
h2 : mode=HTTP side=FEmux=H2
h2 : mode=HTXside=FE|BE mux=H2
: mode=HTXside=FE|BE mux=H1
: mode=TCP|HTTP side=FE|BE mux=PASS
Available services : none
Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
Regards
- Frank