haproxy cofiguration getting error - haproxy

service haproxy start
* Starting haproxy haproxy
[ALERT] 299/163851 (6382) : Starting proxy 50.112.164.38:80: cannot bind socket
[ALERT] 299/163851 (6382) : Starting proxy 50.112.164.38:443: cannot bind socket

The issue is that there is no listen port in the configuration. use "listen" or "bind" and then restart it. It should work. If you still having trouble show the code over here and I will look into it
Safi

Related

haproxy direct syslog data flow with log-forward

I’ve been working on creating a new syslog setup and have run into an issue, that i cannot find a solution for, so i thought maybe someone here could help me out.
I have a setup with 2 syslog servers and 2 haproxy nodes(in HA with keepalived). i have 2 endpoints on configured on the haproxy nodes: “endpoint_X” and “endpoint_Y” for different types of logs. I would like to control the flow of syslog messages, so that when syslog is send to “endpoint_X”:514 its send to syslog01 and when “endpoint_Y”:514 its send to syslog02. this is normally done with the use of ACL’s for normal frontends. But for syslog I use HAproxy’s “log-forward” function, where ACL’s is not supported for.
Below is an example of my config:
ring syslog01
description " "
format rfc3164
maxlen 1200
size 357913941
server syslog01 XXXXX_01:514 source YYYYY check
timeout client 90s
timeout connect 10s
timeout server 90s
timeout check 10s
ring syslog02
description " "
format rfc3164
maxlen 1200
size 357913941
server syslog02 XXXXX_02:514 source YYYYYY check
timeout client 90s
timeout connect 10s
timeout server 90s
timeout check 10s
log-forward syslog
bind 0.0.0.0:514
bind [::]:514
dgram-bind 0.0.0.0:514
dgram-bind [::]:514
log ring#syslog01 local0
log ring#syslog02 local0
does anyone have an idea if there is something i can do to get around this issue , so i can control the data flow in log-forward, other than using differen ports? I use haproxy version 2.6
i have tried some like the following, but as stated ACL does not work with log-forward:
acl acl_endpoint_X hdr(host) -i endpoint_X
acl acl_endpoint_X hdr(host) -i endpoint_Y
log ring#syslog01 local0 if endpoint_X hdr(host)
log ring#syslog02 local0 if endpoint_Y hdr(host)

Sendmail Error : opendaemonsocket: daemon TLSMTA: cannot bind: Address already in use

I am installing sendmail/dovecot on my mail sever.
I edited file /etc/mail/sendmail.mc
and add the below lines to make sure the domain name is used in sending mail
#add for domain email by deo malamo
define(`confDOMAIN_NAME', `desaonline.co.tz')dnl
FEATURE(`relay_entire_domain')dnl
#end add domail based email by deo malamo
i installed and Used tls/ssl from Let's Encrypt
#add for Let's Encrypt ssl by deo malamo
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`CERT_DIR', `/etc/letsencrypt/live/mail.desaonline.co.tz/')dnl
define(`confCACERT', `CERT_DIR/chain.pem')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/privkey.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/privkey.pem')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
#DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
#DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
#end add Let's Encrypt ssl by dmalamo
MY PROBLEM is the ports 25,465 and 587 are coming up and then shutdown because of port already in use ,Can any one assist me to fix this problem?
When i save the config (/etc/mail/sendmail.mc) and restart sendmail ,port 465 seems to be used and shutdown the whole outgoing ports 25,465 and 587.
logs file have the below entries
daemon TLSMTA: problem creating SMTP socket
Feb 9 13:26:43 mail sm-mta[20646]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: cannot bind: Address already in use
NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: cannot bind: Address already in use
daemon TLSMTA: problem creating SMTP socket
NOQUEUE: SYSERR(root): opendaemonsocket: daemon TLSMTA: server SMTP socket wedged: exiting
MY PROBLEM is the ports 25,465 and 587 are coming up and then shutdown because of port already in use ,Can any one assist me to fix this problem?
Short list to check...
1st) have You compiled sendmail.mc into sendmail.cf ?
2nd) TLSMTA: cannot bind: Address already in use... means that one process already use this port (smtps: 465),
- check who is using port (e.g. "netstat -lntp|grep 465")
- and stop this, sometimes port can be in use by connection, maybe instead restart You should: stop, wait few sec./minutes and then start sendmail
- "netstat -lntp|grep sendmail" can be usefull to see sendmail's listening ports
- before start be sure that ports are not occupied (not in use)
- problem may also be in SELINUX (investigate how to allow program to use ports)
Regards
K.

Configure HAProxy 2.2 with HA PostgreSQL Cluster with Docker (Zalando Spilo)

I was successfully using Spilo (HA PostgreSQL Cluster with Docker) in Docker Swarm behind HAProxy. I used one of the HAProxy configuration posted by one of the users.
It was working fine for HAProxy 2.1. I updated HAProxy to 2.2 and suddenly it doesn't work anymore. In the announce of HAProxy 2.2 I found that there was some changes for the Health Checks.
This is my backend section of the master that was working before:
backend backend_master
option httpchk OPTIONS /master
server dbnode1 spilo1:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
server dbnode2 spilo2:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
server dbnode3 spilo3:5432 maxconn 100 check port 8008 resolvers docker_resolver resolve-prefer ipv4
After reading HAProxy 2.2 documentation I'm not sure why the current configuration doesn't work anymore.
This is the message from the logs:
Server be-postgres-master/dbnode1 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 5ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server be-postgres-master/dbnode2 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 4ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server be-postgres-master/dbnode3 is DOWN, reason: Layer7 invalid response, info: "TCPCHK got an empty response at step 1", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 235/144508 (6) : backend 'be-postgres-master' has no server available!
I downgraded HAProxy to 2.1 and it works again but how to make it work with 2.2 ?
Don't know whether you're still struggling with the issue or not, but changing the request method from OPTIONS to GET in the httpchk section helped me.

Bettercap: bind: address already in use

Whatever port I try to use I keep getting the error:
listen tcp 0.0.0.0:PORT_NUMBER: bind: address already in use
Environment
I also installed this using Brew if you need to know that
Bettercap 2.11.1
Mac OS High-Sierra
golang 1.11.4
Command line code used:
sudo bettercap -eval "set net.probe off; set arp.spoof.targets 0.0.0.0" -caplet beef-active.cap
beef-active.cap:
set http.proxy.script beef-inject.js
set http.proxy.port 8011
set https.proxy.port 8011
http.proxy on
https.proxy on
sleep 1
arp.spoof on
Expected behavior:
I am trying to inject some js into the browser of each computer connected to my router. I except to see a message that the beef-inject was successfully injected
Actual behavior: What actually happened
Stops when it hits my IP address. Here is the output:
[13:26:41] [sys.log] [inf] http.proxy started on 0.0.0.0:8011 (sslstrip disabled)
[13:26:41] [sys.log] [inf] loading proxy certification authority TLS key from /var/root/.bettercap-ca.key.pem
[13:26:41] [sys.log] [inf] loading proxy certification authority TLS certificate from /var/root/.bettercap-ca.cert.pem
[13:26:41] [sys.log] [inf] Enabling forwarding.
[13:26:41] [sys.log] [inf] https.proxy started on 0.0.0.0:8011 (sslstrip disabled)
[13:26:41] [sys.log] [!!!] listen tcp 0.0.0.0:8011: bind: address already in use
edit:
Changing the ports for both to be different stopped the error however it is still not injecting anything into the browsers. All I keep getting in the console is:
ok so I changed that and I am no longer getting that error however, it is still not injecting any JS into the browsers. I just keep getting new and lost endpoints like so:
0.0.0.0/24 > 0.0.0.0 » [08:33:17] [endpoint.new] endpoint 0.0.0.0 detected as 04:18:d6:d0:69:e7 (Apple, Inc.).
0.0.0.0/24 > 0.0.0.0 » [08:33:23] [endpoint.lost] endpoint 0.0.0.0 (Apple, Inc.) lost.
.... Then it keeps ticking through the same messages, new > lost > new > lost
Any ideas?
set http.proxy.port 8011
set https.proxy.port 8011
Those ports are set to the same thing, which means they're both trying to listen on 8011 and are stomping on each other.
Change one of them to a different port and the error should go away.
Cheers!

Haproxy 1.6.2 not recognizing resolvers section

As a test, I have a local bind instance running:
>netstat -ant | grep LISTEN
tcp 0 0 10.72.186.23:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
...
>nslookup mysubdomain.example.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mysubdomain.example.com
Address: nn.nn.nn.251
Name: mysubdomain.example.com
Address: nn.nn.nn.249
Name: mysubdomain.example.com
Address: nn.nn.nn.201
Name: mysubdomain.example.com
Address: nn.nn.nn.138
I'm running haproxy 1.6.2 on the same host, with a resolvers section:
resolvers dns
nameserver dns1 127.0.0.1:53
nameserver dns2 10.72.186.23:53
hold valid 10s
It doesn't reject the resolvers section, but doesn't seem to be using it, either. It doesn't show in the stats page, and attempting to add this service command:
server mysubdomain-dev mysubdomain.example.com
causes this error:
>service haproxy restart
* Restarting haproxy haproxy
[ALERT] 322/171813 (10166) : parsing [/etc/haproxy/haproxy.cfg:77] : 'server mysubdomain-dev' : invalid address: 'mysubdomain.example.com' in 'mysubdomain.example.com'
[ALERT] 322/165300 (29751) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 322/165300 (29751) : Fatal errors found in configuration.
The haproxy doc https://cbonte.github.io/haproxy-dconv/configuration-1.6.html indicates this should work.
server <name> <address>[:[port]] [param*]
...
<address> is the IPv4 or IPv6 address of the server. Alternatively, a
resolvable hostname is supported, but this name will be resolved
during start-up. Address "0.0.0.0" or "*" has a special meaning.
Is there some other piece that needs to be added to the haproxy.cfg that activates the resolvers section?
When HAProxy first starts, it attempts to resolve the hostnames of any servers in all the backends to fill the server structures. During this first startup phase, HAProxy uses the OS resolver, i.e. generally the servers defined in your /etc/resolv.conf file.
Only later, when the server's IP addresses are updated during checks, HAProxy uses its internal resolver configuration and its internal DNS resolver.
From your error description, it now seems as if your host itself can not resolve the mysubdomain.example.com hostname. HAProxy will only be able to start if it can resolve the hostnames without an explicit named nameserver. This can be verified with e.g.
dig mysubdomain.example.com
might be you are not specifying the resolvers to use for that server
server mysubdomain-dev mysubdomain.example.com ->
server mysubdomain-dev mysubdomain.example.com resolvers dns