I use HAproxy for the first time. This is my HAproxy conf. file and everything works right without FTP connection.
Also, Installed pure-ftp on other guest servers, do I have to make a change in guest machines?
I can not access the servers via FTP.
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
#debug
#quiet
stats socket /var/lib/haproxy/stats
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen stats
bind *:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth hello:world
stats admin if TRUE
frontend MAIN
bind *:21
bind *:80
bind *:143
bind *:443
bind *:993
mode http
acl server1_URL hdr_dom(host) -i domain1.com
acl server2_URL hdr_dom(host) -i domain2.com
use_backend server1 if server1_URL
use_backend server2 if server2_URL
backend server1
mode http
server web-first 192.168.1.2:80
backend server2
mode http
server web-first 192.168.1.3:80
I tried this: it did not work
listen FTP :21,:10000-10250
mode tcp
server ftp01 192.168.1.2 check port 21
server ftp01 192.168.1.3 check port 21
What should I do for it?
Thank you.
You'll need to set the ForcePassiveIP setting in the pure-ftpd configuration file. It should be set to the ip of the frontend proxy. Also, make sure the PassivePortRange setting matches what you have in your HAproxy configuration.
The FTP protocol is not straightforward to proxy as it makes multiple connections, though doing it at the tcp layer ought to be okay.
Related
i want to make one website(lets say blocked.com) that is not accessible from my country to be accessible for my clients throue the custom url like notblocked.com using haproxy.
i have my haproxy box configured on the vps outside of the country. the main problem is,that website sending url redirection on the response body using javascript function and my clients getting redirected to the original web address.
how can i intersept the response body and change the domain name in the java scrip to my domain (notblocked.com) .
haproxy configuration
global
log 127.0.0.1 local0
maxconn 4000
maxsslconn 256
tune.ssl.default-dh-param 2048
daemon
uid 99
gid 99
defaults
log global
mode http
option httplog
option dontlognull
timeout server 5s
timeout connect 5s
timeout client 5s
stats enable
stats refresh 10s
stats uri /stats
frontend https_frontend
bind *:443 ssl crt /etc/ssl/certs/kstore.pem
no option http-server-close
mode http
default_backend web_server
http-request set-header Host blocked.com
backend web_server
mode http
balance roundrobin
server srv01 1.2.3.4:443 weight 1 maxconn 100 check ssl verify none
thanks
The Haproxy documentation (http://cbonte.github.io/haproxy-dconv/1.7/intro.html#3.3.2) lists as a basic feature:
authentication with the backend server lets the backend server it's really the expected haproxy node that is connecting to it
I have been attempting to do just that and have been unable to. So here's the question:
How do I send a request off to a backend with self signed certificates for authentication. The front-end request that uses this backend, is just http.
Here's my haproxy.cfg file:
global
maxconn 4096
daemon
log 127.0.0.1 local0
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
frontend public
bind *:8213
use_backend api if { path_beg /api/ }
default_backend web
backend web
mode http
server blogweb1 127.0.0.1:4000
backend api
mode tcp
acl clienthello req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
server blogapi 127.0.0.1:8780
I eventually got this to start working. I believe what was throwing me off was the fact that after doing a haproxy -f <configFile> -st it didn't actually close the process like I thought it would. So, none of my changes/updates took. I kill -9 the tens of haproxy service and reran the command (haproxy -f ) and now it's working.
Now, this is a hypothesis, albeit one I am very confident in. I will still present my final configuration just in case someone will glean something from here. I used https://www.haproxy.com/doc/aloha/7.0/deployment_guides/tls_layouts.html. That link answers the question I had of "how do you authenticate to the backend using ssl" like the docs say you can.
global
maxconn 4096
daemon
log 127.0.0.1 local0
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
frontend public
bind *:443
mode http
use_backend api if { path_beg /api/ }
backend api
mode http
option httplog
server blogapi 127.0.0.1:4430 ssl ca-file <caFile.Pem> crt <clientCert.pem> verify required
Am using HAProxy version haproxy-1.4.24 on a SLES 11 SP3 server. I need to load balance (using least connections or round robin) between 3 servers which talk only SSL. A session from client to server starts with client/server handshake followed by a series of "chatty" messages and then close of session.
I do not want to use stick src directive since it needs a time limit argument, making my load balancing ineffective.
Below is the configuration file am using. Can someone let me know how to achieve per session stickiness (one client sticks to one server until the SSL session ends)?
global
log /dev/log local0
log /dev/log local1 notice
#chroot /var/lib/haproxy
#stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
#user haproxy
#group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend localnodes
bind *:80
bind *:443
mode tcp
default_backend nodes
backend nodes
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
server s1 s1.mydomain.com:443 check
server s2 s2.mydomain.com:443 check
server s3 s3.mydomain.com:443 check
I set up and haproxy on a mesosphere cluster and set up three web servers using marathon. Now I am trying to load balance between them using this config
global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
defaults
log global
retries 3
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats
bind 127.0.0.1:9090
balance
mode http
listen apiserver
bind 0.0.0.0:80
mode tcp
balance leastconn
server apiserver-3 10.132.62.240:31000 check
server apiserver-2 10.132.62.243:31000 check
server apiserver-1 10.132.62.242:31000 check
Now if I am in the VPN I can connect to the server normally - however externally I am unable to do that.Other Services manage to use the ports without problems (both local and global) but haproxy can't seem to work. If I put haproxy in a docker container it works , however I don't want to do that
My HAProxy box is sending a 301 and redirecting my http traffic directly to the configured backend. I do not have it configured to do so. Here is the config. Any ideas on what could possibly be wrong?
Thanks
Greg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
retries 3
timeout connect 10s
timeout client 1m
timeout server 1m
maxconn 3000
frontend input_8081
bind 192.168.119.111:8081
default_backend out_8081
frontend input_8082
bind 192.168.119.111:8082 ssl crt /etc/haproxy/proxy_server.pem
default_backend out_8082
backend out_8081
server ad-video 192.168.115.1:8081
backend out_8082
server ad-video 192.168.115.1:8082
Greg,
Your server must be generating the 301.
Sharing the logs generated by HAProxy may confirm this.
Baptiste
Turns out the server I am trying to proxy requires a full URL from the proxy to it's index.html page or it returns a 301 error (Moved Permanently).
Thanks to everyone for giving this a look.
Greg