I have the following HaProxy configuration:
frontend smtp
bind :25 accept-proxy
default_backend smtp_backend
backend smtp_backend
mode tcp
timeout server 1m
timeout connect 5s
server srv1 127.0.0.1:2500 send-proxy check maxconn 500
That is being a Load Balancer (AWS). I need to know the IP of the Load Balancer.
Looking at the logs on HaProxy, I have the following lines:
Jul 1 16:00:03 ip-172-31-1-100 haproxy[10350]: Connect from 172.31.1.5:35040 to 172.31.1.100:25 (smtp/TCP)
So HaProxy get the proper source IP of the Load Balancer (I'm not looking for the client at that level).
But when showing the IP/Port on the destination server, I get the local IP : 127.0.0.1.
I suspect it's because of server srv1 127.0.0.1:2525 send-proxy check maxconn 500 line, but how can I get the IP of the Load Balancer on my end server?
Thank you in advance!
(note: Once the connection is established, AWS Target Group sends me a Proxy v2 command that allows me to get the client IP address, and this works, but I first need to get that 172.31.1.5 IP from the Load Balancer).
Unfortunately, Haproxy will only support ip forwarding in HTTP mode through some headers.
In your case, you need to use specially compiled HAproxy - TProxy.
Docs: https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
This will support forwarding client ip(AWS load balancer IP in your case) even in TCP mode.
Related
We have a simple HA Proxy (13.5) and an IIS Server behind it. The IIS Server itself requires parallel services on the same box, all of which require Windows Authentication. But, it appears that while on "server" and trying to route traffic to the HA Proxy, back to the same server doesn't pass authentication.
frontend VipTst-M-TCPMode
bind 10.5.30.128:80 name http
bind 10.5.30.128:443 name https
timeout client 180s
option tcplog
mode tcp
log global
default_backend M-TcpMode
####### TCP MODE
backend M-TcpMode
balance roundrobin
mode tcp
log global
timeout server 180s
timeout connect 3s
default-server inter 3s rise 2 fall 3
server ServerA 10.20.30.104 maxconn 1000 weight 10 check port 443 inter 5000
So, from ServerA->HAProxy->ServerA/someservice doesn't seem to work. Ironically, if I go from my desktop like this: Desktop-HAproxy->ServerA/someservice it works fine.
And if I just go ServerA/someservice the page also renders.
In ServerA-HAProxy->ServerA, I'm prompted for credentials.
So what did I miss?
Thanks,
Nick
I have a communication problem between Zabbix Proxy and Zabbix Server at port 10051. I’m using HAPROXY version 2.0.13. Look my Kubernetes scenario:
HAPROXY is working fine when I access my website zabbix.domain.com at port 80 and 443.
Zabbix-Proxy has a parameter “Server” that I set with ip address of worker-1 and the communication works fine, but this happen because the traffic don’t pass through HAPROXY server. When I try to set the Server parameter with my domain address zabbix.domain.com that go to my HAPROXY server, the communication dont work, give the impression that HAPROXY cant treat the request.
zabbix_proxy.conf: Work with Worker-1 ip addr, but dont work with domain name.
The domain name as I said, is pointing to HAPROXY server (10.0.0.110). I think the zabbix-proxy is trying to reach the port 10051 of HAPROXY server and the HAPROXY can’t deal with the requests to forward to my worker node.
This is my HAPROXY configuration, I test with frontend and backend, but now, I just rewrite with Listen parameter.
listen zabbix
mode tcp
bind :10051
option forwardfor
server worker-1 10.10.10.112:10051 check
server worker-1 10.10.10.113:10051 check
server worker-1 10.10.10.114:10051 check
Someone can help? There are some manner to point to my website zabbix.domain.com, the haproxy treat the request send to my worker-1 in port 10051? Please tell me If need more information.
I need an example HAProxy config to do the following:
Server1 = 192.168.0.177 ( I did not give the servers names - only IP's)
On Server1, I run HAproxy as well as Apache.
Apache on Server1 is setup to listen on port 8080 now, and has two Virtual Hosts correctly setup for two sub-domains - each serving its own website content.
Sub-domain 1 = s.mydomain.com
Sub-domain 2 = x.mydomain.com
I have a second server running on 192.168.0.233.
I want to setup HAProxy to listen to s.mydomain.com and then forward it to Apache on the same server ( 192.168.0.177), x.mydomain.com and forward it to Apache on the same server (192.168.0.177) and y.mydomain.com and forward traffic to the second server (192.168.0.233).
I do not need any load balancing at this point, just routing/forwarding as described above.
Here you go,
global
#debug
defaults
mode http
option httpclose
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
backend same_server
server same_server 127.0.0.1:8001
backend second_server
server second_server 192.168.0.233:80
frontend app *:80
acl sub_y hdr(host) -i y.mydomain.com
use_backend second_server if sub_y
default_backend same_server
I need an help about the configuration of our HAProxy.
this is our configuration:
HAProxy > Varnish servers > CMS servers
what I wish is that the HAProxy the HAProxy checks in the backend if the CMS Server is working properly and the use the varnish server as connection.
is it possible? if yes, how?
thank you very much
Nick
In your HAProxy backend you can use the server option and specify the addr and port options to define where the check actually goes. For example:
backend nodes
mode http
balance roundrobin
server varnish1 10.0.0.1:80 check addr 10.1.0.0 port 80
server varnish2 10.0.0.1:80 check addr 10.1.0.1 port 80
server varnish3 10.0.0.3:80 check addr 10.1.0.2 port 80
The 10.1.0.x addresses are for the CMS.
The documentation has all of the parameters that can be specified for the check option.
I set up and haproxy on a mesosphere cluster and set up three web servers using marathon. Now I am trying to load balance between them using this config
global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
defaults
log global
retries 3
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats
bind 127.0.0.1:9090
balance
mode http
listen apiserver
bind 0.0.0.0:80
mode tcp
balance leastconn
server apiserver-3 10.132.62.240:31000 check
server apiserver-2 10.132.62.243:31000 check
server apiserver-1 10.132.62.242:31000 check
Now if I am in the VPN I can connect to the server normally - however externally I am unable to do that.Other Services manage to use the ports without problems (both local and global) but haproxy can't seem to work. If I put haproxy in a docker container it works , however I don't want to do that