haproxy - which configuration files - haproxy

I have an HAProxy install which was configured by someone who left the company. It runs on Ubuntu 10.04 and it seems to use 3 configuration files in the directory /etc/haproxy
haproxy.cfg
haproxy.http.cfg
haproxy.https.cfg
I don't see the point in using the haproxy.https.cfg file as I believe (in our configuration) it can all be configured from a single haproxy.http.cfg file but when I remove that httpS file it complains bitterly and refuses to run. My question
Is this the standard configuration haproxy uses or if not, I can't find a reference to the "S" file anywhere. Can anyone suggest how HAProxy concludes it should use it?
Thanks

The very answer to your question: your haproxy is simply launched with those three config files ( -f haproxy.cfg -f haproxy.http.cfg -f haproxy.https.cfg, maybe from /etc/init.d/haproxy but mileage varies depending on your distribution ).
If you remove the file, of course it will complain.
This is not particularly standard, but ain't bad either, it helps structuring the conf rather than having a very long file.
The task of the .https version will certainly be to redirect the https traffic towards a service that can handle HTTPS (stunnel or nginx usually), since haproxy cannot terminate ssl connections. (stunnel has to be patched, see on the haproxy page)
If you want you can merge those files into one or two, just find out how haproxy is launched (check for init.d or let us know which distribution) and fix it appropriately.

I believe that it is only /etc/haproxy/haproxy.cfg that is used by default.
This may be of use to you (1.4 configuration reference):
http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

Related

Making nextcloud work on a prefixed path (using docker and caddy)

I'm trying to setup my own instance of nextcloud on my server but I'm running into a problem as I want nextcloud to be available under https://example.com/cloud/.
Next cloud is running in a CoreOS virtual machine called let's say myvm.
So this is the way I setup my CaddyFile:
example.com {
gzip
proxy /cloud myvm:8080 {
transparent
without /cloud
}
}
I have other proxies that work fine for other services or VMs that are written similarily.
With this, and publishing port 8080 in my docker-compose file, I manage to connect to the nextcloud instance. But every time I go to example.com/cloud/ it will redirect me to example.com/apps/files/ instead of example.com/cloud/apps/files/.
If I enter this last url manually, I can access to nextcloud, but also the page doesn't load properly because all the contents cannot be loaded because they are not prompted with the prefix cloud/.
Is there a way to explain nextcloud about this prefix through the configuration of docker-compose file? (It's the only configuration I created, it works with just that and no extra work, I use one similar to the one available here (the apache one).)
Or maybe I can improve the CaddyFile config? (By the way, if I don't use the without option, it will just not work at all and return 404 when I go to the url).

Why does BitBake error if it can't find www.example.com?

BitBake fails for me because it can't find https://www.example.com.
My computer is an x86-64 running native Xubuntu 18.04. Network connection is via DSL. I'm using the latest versions of the OpenEmbedded/Yocto toolchain.
This is the response I get when I run BitBake:
$ bitbake -k core-image-sato
WARNING: Host distribution "ubuntu-18.04" has not been validated with this version of the build system; you may possibly experience unexpected failures. It is recommended that you use a tested distribution.
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:
Fetcher failure for URL: 'https://www.example.com/'. URL https://www.example.com/ doesn't work.
Please ensure your host's network is configured correctly,
or set BB_NO_NETWORK = "1" to disable network access if
all required sources are on local disk.
Summary: There was 1 WARNING message shown.
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
The networking issue, the reason why I can't access www.example.com, is a question for the SuperUser forum. My question here is, why does BitBake rely on the existence of www.example.com? What is it about that website that is so vital to BitBake's operation? Why does BitBake post an Error if it cannot find https://www.example.com?
At this time, I don't wish to set BB_NO_NETWORK = "1". I would rather understand and resolve the root cause of the problem first.
Modifying poky.conf didn't work for me (and from what I read, modifying anything under Poky is a no-no for a long term solution).
Modifying /conf/local.conf was the only solution that worked for me. Simply add one of the two options:
#check connectivity using google
CONNECTIVITY_CHECK_URIS = "https://www.google.com/"
#skip connectivity checks
CONNECTIVITY_CHECK_URIS = ""
This solution was originally found here.
For me, this appears to be a problem with my ISP (CenturyLink) not correctly resolving www.example.com. If I try to navigate to https://www.example.com in the browser address bar I just get taken to the ISP's "this is not a valid address" page.
Technically speaking, this isn't supposed to happen, but for whatever reason it does. I was able to work around this temporarily by modifying the CONNECTIVITY_CHECK_URIS in poky/meta-poky/conf/distro/poky.conf to something that actually resolves:
# The CONNECTIVITY_CHECK_URI's are used to test whether we can succesfully
# fetch from the network (and warn you if not). To disable the test set
# the variable to be empty.
# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master
CONNECTIVITY_CHECK_URIS ?= "https://www.google.com/"
See this commit for more insight and discussion on the addition of the www.example.com check. Not sure what the best long-term fix is, but the change above allowed me to build successfully.
If you want to resolve this issue without modifying poky.conf or local.conf or any of the files for that matter, just do:
$touch conf/sanity.conf
It is clearly written in meta/conf/sanity.conf that:
Expert users can confirm their sanity with "touch conf/sanity.conf"
If you don't want to execute this command on every session or build, you can comment out the line INHERIT += "sanity" from meta/conf/sanity.conf, so the file looks something like this:
Had same issue with Bell ISP when accessing example.com gave DNS error.
Solved by switching ISP's DNS IP to Google's DNS (to avoid making changes to configs):
https://developers.google.com/speed/public-dns/docs/using

Mamp Pro 4 HTTP and HTTPS

Is it not possible in Mamp Pro 4 to have both http and https? The application I am working on requires both depending on the page.
I must be missing something as it makes no sense when I enable SSL only https works and http then stops working.
I tried going through the http.conf, but really have no idea whats causing this.
I think it just generates the vhost for https only and then removes http. Doesn't even look like you can manually edit it.
Any suggestion would be great.
Well to update my own post and if anyone else has this problem.
The software is currently not capable of this on the same hostname.
According to Mamp support you have to create two hosts with the same name (e.g. sample.app and sample.app.).
Enable one of the "sample.app" hostnames to use SSL
Enable the second host entry "sample.app" to not use SSL. (Don't forget to hold Alt or Option when clicking on +)
Point both to the same directory.
Mamp will highlight this in red, as its warning that you have two of the same hostnames.
So currently this is the only solution I am aware of for this issue.
Hope they resolve this in future updates as a lot of applications, especially ecommerce rely on the ability to switch between http and https.
You can see this on the Mamp Pro documentation here.
I got a simple solution by edit template:
Open Mamp Pro
File > Edit Template > Apache > httpd-ssl.conf
Add these line after
<VirtualHost *:80>
ServerName MAMP_SSLVirtualHost_ServerName_MAMP
MAMP_SSLVirtualHost_ServerAdmin_MAMP
MAMP_SSLVirtualHost_DirectoryIndex_MAMP
DocumentRoot MAMP_SSLVirtualHost_DocumentRoot_MAMP
</VirtualHost>
Mamp Pro 5 in 2020 Update
To tag onto MrDuy's great response, as the Alt Click on the + doesn't seem to work in V5, editing the httpd-ssl.conf template seems to be the way to go.
However MrDuy's answer assumes you're using port 80 for HTTP inside MAMP, which is not the default 8888. Additionally, and I can't speak for MAMP PRO 4 users, the snippet needs to be placed before the MAMP_SSLVirtualHost_iteration_end_MAMP line at the bottom of the file, as obviously this is the end marker that MAMP uses to conduct its iteration of the hosts in the GUI.
TLDR;
Follow the first two steps in MrDuy's answer:
Open MAMP Pro
File > Edit Template > Apache > httpd-ssl.conf
Then, at the bottom of the file, locate the line with MAMP_SSLVirtualHost_iteration_end_MAMP Before this line, paste the following:
<VirtualHost *:8888>
ServerName MAMP_SSLVirtualHost_ServerName_MAMP
MAMP_SSLVirtualHost_ServerAdmin_MAMP
MAMP_SSLVirtualHost_DirectoryIndex_MAMP
DocumentRoot MAMP_SSLVirtualHost_DocumentRoot_MAMP
</VirtualHost>
It would've been niced to use the placeholder markers MAMP uses in it's non SSL config file (MAMP_VirtualHost_IP_MAMP, MAMP_VirtualHost_Port_MAMP etc) but obviously these aren't passed in the file. Which means that if you decide to change the HTTP port, you must also manually update this file.
#MAMP, can't we make this a default? :`(
Cheers!

installing kubernetes on coreos with rkt and automated script

I'm trying to install kuberentes with rkt on my real (not virtual) coreos servers at home using the scripts at https://github.com/coreos/coreos-kubernetes/tree/master/multi-node/generic and I have some questions.
my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.
can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?
when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?
thanks!
update
Rob thank you so much for your response. I wasn't clear enough regarding etcd2. I already have etcd2 tls installed and properly configured on my coreos servers. so I configured my etcd servers in the controller-install.sh file:
export ETCD_ENDPOINTS="https://coreos-2.tux-in.com:2379,https://coreos-3.tux-in.com:2379"
but when I run the controller-install.sh script, it returns and repeat the following output:
Waiting for etcd...
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
...
so I was guessing it's because i didn't define etcd related tls certificates in the controller script and that is why it stuck in that faze.
on my macbook pro laptop I have the following alias configured:
alias myetcdctl="~/apps/etcd-v3.0.8-darwin-amd64/etcdctl --endpoint=https://coreos-2.tux-in.com:2379 --ca-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/ca.pem --cert-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1.pem --key-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1-key.pem --timeout=10s"
so when I run myetcdctl member list I get:
8832ce6a269a7dac: name=ccff826d5f564c67abf35467306f80a0 peerURLs=https://coreos-3.tux-in.com:2380 clientURLs=https://coreos-3.tux-in.com:2379 isLeader=true
a2c0ac9708ef90fc: name=dc38bc8f20e64940b260d3f7b260430d peerURLs=https://coreos-2.tux-in.com:2380 clientURLs=https://coreos-2.tux-in.com:2379 isLeader=false
so I'm guessing that I don't really have a problem there.
any ideas?
thanks!
my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.
These scripts don't start an etcd server. You will need to set one up manually and will be able to use TLS and as many nodes as you would like. This isn't clear in the current form of the document, I will attempt a PR to fix.
can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?
Only CONTROLLER_ENDPOINT be a domain name.
when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?
These scripts include/start the rkt API service. As you can see below, it also has a Restart parameter set (source):
[Unit]
Before=kubelet.service
[Service]
ExecStart=/usr/bin/rkt api-service
Restart=always
RestartSec=10
[Install]
RequiredBy=kubelet.service

ASP.Net MVC 2 on nginx/mono 2.8

I am trying to setup ASP.Net MVC 2 application on Linux environment. I've installed Ubuntu 10.10 on VirtualBox, then installed Mono 2.8 from sources. After that I have installed nginx and configure it as recommended here.
Unfortunately, FastCGI shows me standard error 500 page:
No Application Found
Unable to find a matching application for request:
Host localhost:80
Port 80
Request Path /Default.aspx
Physical Path /var/www/mvc/Default.aspx
My application is located in /var/www/mvc directory. I've tried to create some stub Default.aspx file and place it in root dir of my application, but it didn't help, same error occured.
Thanks.
I've been doing some testing with this as well, using all ubuntu10.10 binaries.
From what I can make from it, either nginx fails to pass the hostname of the mono server fails to receive it over the fastcgi protocol. Anyhow, the tutorial line:
fastcgi-mono-server2 /applications=www.domain1.xyz:/:/var/www/www.domain1.xyz/ /socket=tcp:127.0.0.1:9000
doesn't work. Removing the hostname makes the thing work:
fastcgi-mono-server2 /applications=/:/var/www/www.domain1.xyz/ /socket=tcp:127.0.0.1:9000
but this of course blocks the use of multiple virtual mono hosts.
Since you are running ASP.NET MVC 2 application you should use fastcgi-mono-server4.
Adding following line in /etc/nginx/fastcgi_param resolves the issue for me. It also allows to use multiple virtual hosts.
fastcgi_param HTTP_HOST $host;
Does your application work with xsp (xsp4 if you are using .net 4.0)? You'll want to make sure that is working before you try configuring the connection to another web server.
Does nginx know where to find mono? You most likely have a parallel install and it won't be in the default paths.
I use apache, but you may still find some of the instructions on my blog useful:
http://tqcblog.com/2010/04/02/ubuntu-subversion-teamcity-mono-2-6-and-asp-net-mvc/
I had this problem just now, I too had been following the document on the mono site:
I was trying to start the fastcgi-mono-server as it suggested:
sudo fastcgi-mono-server4 /applications=www.domain1.xyz:/:/var/www/www.domain1.xyz/ /socket=tcp:127.0.0.1:9000 &
However when I did it like that I got the same problem as you. I changed it to this:
sudo fastcgi-mono-server4 /applications=/:/var/www/www.domain1.xyz/ /socket=tcp:127.0.0.1:9000 &
And it worked ( I had to type in www.domain1.xyz/Home/Index to see my MVC page, not worked out how to stop it looking for www.domain1.xyz/default.aspx yet XD ).
You need to make sure the domain set in your site config matches the domain passed to the fastcgi server. So for example if your default site (/etc/nginx/sites-enabled/default) has the following config:
server {
...
server_name www.domain1.xyz;
...
}
You would need to pass that domain into the fastcgi server:
sudo fastcgi-mono-server4 /applications=www.domain1.xyz:/:/var/www/www.domain1.xyz/ ...
Then when you access the site it will obviously need to be with that domain you set.