I have a communication problem between Zabbix Proxy and Zabbix Server at port 10051. I’m using HAPROXY version 2.0.13. Look my Kubernetes scenario:
HAPROXY is working fine when I access my website zabbix.domain.com at port 80 and 443.
Zabbix-Proxy has a parameter “Server” that I set with ip address of worker-1 and the communication works fine, but this happen because the traffic don’t pass through HAPROXY server. When I try to set the Server parameter with my domain address zabbix.domain.com that go to my HAPROXY server, the communication dont work, give the impression that HAPROXY cant treat the request.
zabbix_proxy.conf: Work with Worker-1 ip addr, but dont work with domain name.
The domain name as I said, is pointing to HAPROXY server (10.0.0.110). I think the zabbix-proxy is trying to reach the port 10051 of HAPROXY server and the HAPROXY can’t deal with the requests to forward to my worker node.
This is my HAPROXY configuration, I test with frontend and backend, but now, I just rewrite with Listen parameter.
listen zabbix
mode tcp
bind :10051
option forwardfor
server worker-1 10.10.10.112:10051 check
server worker-1 10.10.10.113:10051 check
server worker-1 10.10.10.114:10051 check
Someone can help? There are some manner to point to my website zabbix.domain.com, the haproxy treat the request send to my worker-1 in port 10051? Please tell me If need more information.
Related
I have the following HaProxy configuration:
frontend smtp
bind :25 accept-proxy
default_backend smtp_backend
backend smtp_backend
mode tcp
timeout server 1m
timeout connect 5s
server srv1 127.0.0.1:2500 send-proxy check maxconn 500
That is being a Load Balancer (AWS). I need to know the IP of the Load Balancer.
Looking at the logs on HaProxy, I have the following lines:
Jul 1 16:00:03 ip-172-31-1-100 haproxy[10350]: Connect from 172.31.1.5:35040 to 172.31.1.100:25 (smtp/TCP)
So HaProxy get the proper source IP of the Load Balancer (I'm not looking for the client at that level).
But when showing the IP/Port on the destination server, I get the local IP : 127.0.0.1.
I suspect it's because of server srv1 127.0.0.1:2525 send-proxy check maxconn 500 line, but how can I get the IP of the Load Balancer on my end server?
Thank you in advance!
(note: Once the connection is established, AWS Target Group sends me a Proxy v2 command that allows me to get the client IP address, and this works, but I first need to get that 172.31.1.5 IP from the Load Balancer).
Unfortunately, Haproxy will only support ip forwarding in HTTP mode through some headers.
In your case, you need to use specially compiled HAproxy - TProxy.
Docs: https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
This will support forwarding client ip(AWS load balancer IP in your case) even in TCP mode.
I need help port forwarding my webserver from my local ip to external ip.
I have already tried setting up rules in my router for port 8080 (this is the current port for local ip as well (http://localhost:8080)) (Image Attached)
I am using Huawei Router: HG8145V5
I cannot access the webpage from my external ip it shows site cant be reached took too long to respond.
I'm sure its something wrong or extra needed with the port forwarding but cannot find out why.
The webpage is running on apache2.
Port Forward Rules
Webpage Running on 192.168.1.13:8080
I just found out i needed to unable dmz in forwarding rules to enable networking port forwards.
Is there a way to run multiple docker containers on the same ports? For example, I have used the ports 80/443 (HTTP), 3306 (TCP/MySQL) and 22 (TCP/SSH) in my docker-compose file. Now I want to run this docker-compose for different hostnames on the same ip address on my machine.
- traffic from example1.com (default public ip) => container1
- traffic from example2.com (default public ip) => container2
I have already found a solution only for the HTTP traffic by using an additional nginx/haproxy as a proxy on my machine. But unfortunately, this can't handle other TCP ports.
This isn't possible in the general (non-HTTP) case.
At a lower level, if I connect to 10.20.30.40:3306, the Linux kernel selects a single process that's listening on that port and sends the request there. You're not allowed to bind(2) a second process to the same port. (This is also why you get an error if you try to docker run -p picking a host port that's already in use.)
In the case of HTTP, there's the further detail that the host-name part of the URL is also sent in an HTTP Host: header: the Web browser both does a DNS lookup for e.g. stackoverflow.com and connects to its IP address, and also sends a Host: stackoverflow.com HTTP header. That's the specific mechanism that lets you run a proxy on port 80, and then forward to some other backend service via a virtual-host setup.
That mechanism is very specific to HTTP, though, and doesn't work for other protocols that don't have support for it. I don't think either MySQL or ssh have similar mechanisms in their wire protocol.
(In the particular situation you describe this is probably relatively easy to handle. You wouldn't want to make either your internal database or an sshd visible publicly, so delete their ports: from your docker-compose.yml file, and then just worry about proxying the HTTP service. It's pretty unusual and a complex setup to run sshd in Docker so you also might remove that and simplify your stack a little.)
I need an help about the configuration of our HAProxy.
this is our configuration:
HAProxy > Varnish servers > CMS servers
what I wish is that the HAProxy the HAProxy checks in the backend if the CMS Server is working properly and the use the varnish server as connection.
is it possible? if yes, how?
thank you very much
Nick
In your HAProxy backend you can use the server option and specify the addr and port options to define where the check actually goes. For example:
backend nodes
mode http
balance roundrobin
server varnish1 10.0.0.1:80 check addr 10.1.0.0 port 80
server varnish2 10.0.0.1:80 check addr 10.1.0.1 port 80
server varnish3 10.0.0.3:80 check addr 10.1.0.2 port 80
The 10.1.0.x addresses are for the CMS.
The documentation has all of the parameters that can be specified for the check option.
Can you any help me with this issue. I have installed haproxy loadbalancer. it is working perfect, but the problem is other. When the application connect to the backend server direct without loadbalancer and the server is down, the application say "trying to reconnect" - this is good, because a user know that the server is down. But wenn application is connect to loadbalancer and server is down, the application staying open and don't say "trying to reconnect". This is because the app is connect direct to haproxy and the app think, that everything is ok with connection. Do you have any ideas how to make haproxy to be disable or service to be shutdown when all backend servers are down and of course when some of the servers are up, haproxy to be up also
I think you're asking the same question as How can I make HAProxy reject TCP connections when all backend servers are down
You want to explicitly reject the connection if backend servers are down:
acl site_dead nbsrv lt 1
tcp-request reject if site_dead
Or acl site_dead nbsrv(backend_name) lt 1 where backend_name is the name of a different backend.
nbsrv documentation
acl documentation
tcp-reject documentation