Hi Lukas,
Thanks for replying.
Below the information:
HA-Proxy version 1.5-dev22-1a34d57 2014/02/03
Copyright 2000-2014 Willy Tarreau <w...@1wt.eu>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.30 2012-02-04
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
What I am trying to do is described here:
http://trick77.com/2014/03/01/tunlr-style-dns-unblocking-pandora-netflix-hulu-et-al/
In short: I am using a VPS with Debian 7.0x64 and HAProxy 1.5 to proxy
some local connections over the HAProxy on the VPS. This works just
fine for normal hosts (so www.domain.ext), but I would like to include
all subdomains for a certain service, in this case (as a test)
"speedtest.net". I do this as follows:
global
daemon
maxconn 20000
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 0600 level admin
log /dev/log local0 debug
pidfile /var/run/haproxy.pid
spread-checks 5
defaults
maxconn 19500
log global
mode http
option httplog
option abortonclose
option http-server-close
option persist
option accept-invalid-http-response
timeout connect 20s
timeout server 120s
timeout client 120s
timeout check 10s
retries 3
listen stats
bind *:6969
mode http
stats enable
stats realm HAProxy
stats uri /
stats auth haproxy:xxx
# catchall
------------------------------------------------------------------------
frontend f_catchall
mode http
bind *:80
log global
option httplog
option accept-invalid-http-request
capture request header Host len 50
capture request header User-Agent len 150
#--- speedtest
use_backend b_catchall if { hdr_dom(host) -i speedtest }
...
default_backend b_deadend
backend b_catchall
log global
mode http
option httplog
option http-server-close
#--- speedtest
use-server www.speedtest.net if { hdr_dom(host) -i speedtest }
server www.speedtest.net *:80
...
# deadend
------------------------------------------------------------------------
backend b_deadend
mode http
log global
option httplog
backend b_deadend_sni
mode tcp
log global
option tcplog
no option accept-invalid-http-response
no option http-server-close
When I try to access this site (www.speedtest.net or speedtest.net or
c.speedtest.net or anything.speedtest.net), HAProxy crashes
immediately:
Mar 5 09:00:16 localhost kernel: [2823146.472856] haproxy invoked
oom-killer: gfp_mask=0x201da, order=0, oom_adj=0, oom_score_adj=0
Mar 5 09:00:16 localhost kernel: [2823146.473363] haproxy cpuset=/
mems_allowed=0
Mar 5 09:00:16 localhost kernel: [2823146.473601] Pid: 3125, comm:
haproxy Not tainted 3.2.0-4-amd64 #1 Debian 3.2.41-2+deb7u2
Mar 5 09:00:16 localhost kernel: [2823146.474089] Call Trace:
Mar 5 09:00:16 localhost kernel: [2823146.474333]
[<ffffffff810b6ac2>] ? dump_header+0x78/0x1bd
Mar 5 09:00:16 localhost kernel: [2823146.474633]
[<ffffffff81097882>] ? delayacct_end+0x72/0x7d
Mar 5 09:00:16 localhost kernel: [2823146.474904]
[<ffffffff81163cae>] ? security_real_capable_noaudit+0x40/0x4f
Mar 5 09:00:16 localhost kernel: [2823146.475202]
[<ffffffff810b6e8b>] ? oom_kill_process+0x49/0x271
Mar 5 09:00:16 localhost kernel: [2823146.475522]
[<ffffffff810b7586>] ? out_of_memory+0x2ea/0x337
Mar 5 09:00:16 localhost kernel: [2823146.475863]
[<ffffffff810bb214>] ? __alloc_pages_nodemask+0x629/0x7aa
Mar 5 09:00:16 localhost kernel: [2823146.476202]
[<ffffffff810e470a>] ? alloc_pages_current+0xc7/0xe4
Mar 5 09:00:16 localhost kernel: [2823146.476477]
[<ffffffff810b61c7>] ? filemap_fault+0x24f/0x33e
Mar 5 09:00:16 localhost kernel: [2823146.476766]
[<ffffffff810ce344>] ? __do_fault+0xc8/0x3ac
Mar 5 09:00:16 localhost kernel: [2823146.477052]
[<ffffffff810d08fb>] ? handle_pte_fault+0x298/0x79f
Mar 5 09:00:16 localhost kernel: [2823146.477340]
[<ffffffff810cde99>] ? pte_offset_kernel+0x16/0x35
Mar 5 09:00:16 localhost kernel: [2823146.477622]
[<ffffffff813509bd>] ? do_page_fault+0x312/0x337
Mar 5 09:00:16 localhost kernel: [2823146.477903]
[<ffffffff8102bb68>] ? pvclock_clocksource_read+0x42/0xb2
Mar 5 09:00:16 localhost kernel: [2823146.478222]
[<ffffffff81065f1d>] ? timekeeping_get_ns+0xd/0x2a
Mar 5 09:00:16 localhost kernel: [2823146.478493]
[<ffffffff81066501>] ? getnstimeofday+0x4a/0x7b
Mar 5 09:00:16 localhost kernel: [2823146.478762]
[<ffffffff8134dfe5>] ? async_page_fault+0x25/0x30
Mar 5 09:00:16 localhost kernel: [2823146.479031] Mem-Info:
Mar 5 09:00:16 localhost kernel: [2823146.479239] Node 0 DMA per-cpu:
Mar 5 09:00:16 localhost kernel: [2823146.479523] CPU 0: hi: 0,
btch: 1 usd: 0
Mar 5 09:00:16 localhost kernel: [2823146.479769] Node 0 DMA32 per-cpu:
Mar 5 09:00:16 localhost kernel: [2823146.480051] CPU 0: hi: 186,
btch: 31 usd: 25
Mar 5 09:00:16 localhost kernel: [2823146.480308] active_anon:92638
inactive_anon:27 isolated_anon:0
Mar 5 09:00:16 localhost kernel: [2823146.480309] active_file:19
inactive_file:29 isolated_file:0
Mar 5 09:00:16 localhost kernel: [2823146.480309] unevictable:0
dirty:3 writeback:0 unstable:0
Mar 5 09:00:16 localhost kernel: [2823146.480310] free:1208
slab_reclaimable:5110 slab_unreclaimable:15793
Mar 5 09:00:16 localhost kernel: [2823146.480311] mapped:13 shmem:38
pagetables:640 bounce:0
Mar 5 09:00:16 localhost kernel: [2823146.481765] Node 0 DMA
free:2040kB min:84kB low:104kB high:124kB active_anon:10368kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
isolated(anon):0kB isolated(file):0kB present:15688kB mlocked:0kB
dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:532kB
slab_unreclaimable:1724kB kernel_stack:0kB pagetables:16kB
unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0
all_unreclaimable? yes
Mar 5 09:00:16 localhost kernel: [2823146.483625] lowmem_reserve[]: 0
489 489 489
Mar 5 09:00:16 localhost kernel: [2823146.483920] Node 0 DMA32
free:2792kB min:2784kB low:3480kB high:4176kB active_anon:360184kB
inactive_anon:108kB active_file:76kB inactive_file:116kB
unevictable:0kB isolated(anon):0kB isolated(file):0kB present:500952kB
mlocked:0kB dirty:12kB writeback:0kB mapped:52kB shmem:152kB
slab_reclaimable:19908kB slab_unreclaimable:61448kB kernel_stack:984kB
pagetables:2544kB unstable:0kB bounce:0kB writeback_tmp:0kB
pages_scanned:353 all_unreclaimable? yes
Mar 5 09:00:16 localhost kernel: [2823146.485688] lowmem_reserve[]: 0 0 0 0
Mar 5 09:00:16 localhost kernel: [2823146.485959] Node 0 DMA: 6*4kB
0*8kB 0*16kB 1*32kB 1*64kB 1*128kB 1*256kB 1*512kB 1*1024kB 0*2048kB
0*4096kB = 2040kB
Mar 5 09:00:16 localhost kernel: [2823146.486585] Node 0 DMA32:
252*4kB 211*8kB 4*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB
0*2048kB 0*4096kB = 2792kB
Mar 5 09:00:16 localhost kernel: [2823146.487225] 97 total pagecache pages
Mar 5 09:00:16 localhost kernel: [2823146.487450] 0 pages in swap cache
Mar 5 09:00:16 localhost kernel: [2823146.487670] Swap cache stats:
add 0, delete 0, find 0/0
Mar 5 09:00:16 localhost kernel: [2823146.488025] Free swap = 0kB
Mar 5 09:00:16 localhost kernel: [2823146.488244] Total swap = 0kB
Mar 5 09:00:16 localhost kernel: [2823146.489927] 131054 pages RAM
Mar 5 09:00:16 localhost kernel: [2823146.490161] 3817 pages reserved
Mar 5 09:00:16 localhost kernel: [2823146.490384] 202 pages shared
Mar 5 09:00:16 localhost kernel: [2823146.490593] 120585 pages non-shared
Mar 5 09:00:16 localhost kernel: [2823146.490834] [ pid ] uid tgid
total_vm rss cpu oom_adj oom_score_adj name
Mar 5 09:00:16 localhost kernel: [2823146.491287] [ 278] 0 278
5307 113 0 -17 -1000 udevd
Mar 5 09:00:16 localhost kernel: [2823146.491755] [ 1810] 0 1810
13227 208 0 0 0 rsyslogd
Mar 5 09:00:16 localhost kernel: [2823146.492263] [ 1862] 0 1862
4167 40 0 0 0 atd
Mar 5 09:00:16 localhost kernel: [2823146.492720] [ 1874] 0 1874
1028 35 0 0 0 acpid
Mar 5 09:00:16 localhost kernel: [2823146.493186] [ 1944] 0 1944
5101 60 0 0 0 cron
Mar 5 09:00:16 localhost kernel: [2823146.493634] [ 1974] 102 1974
7488 96 0 0 0 dbus-daemon
Mar 5 09:00:16 localhost kernel: [2823146.494147] [ 2247] 101 2247
12729 115 0 0 0 exim4
Mar 5 09:00:16 localhost kernel: [2823146.502482] [ 2312] 0 2312
4063 40 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.502941] [ 2313] 0 2313
4063 40 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.503393] [ 2314] 0 2314
4063 40 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.503847] [ 2315] 0 2315
4063 40 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.504313] [ 2316] 0 2316
4063 39 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.504775] [ 2317] 0 2317
4063 40 0 0 0 getty
Mar 5 09:00:16 localhost kernel: [2823146.505220] [ 2368] 0 2368
15507 268 0 0 0 console-kit-dae
Mar 5 09:00:16 localhost kernel: [2823146.505687] [ 4350] 0 4350
5514 82 0 0 0 squid
Mar 5 09:00:16 localhost kernel: [2823146.506161] [ 4355] 13 4355
8391 2953 0 0 0 squid
Mar 5 09:00:16 localhost kernel: [2823146.506665] [ 4380] 13 4380
984 18 0 0 0 unlinkd
Mar 5 09:00:16 localhost kernel: [2823146.507144] [14118] 0 14118
5306 116 0 -17 -1000 udevd
Mar 5 09:00:16 localhost kernel: [2823146.507606] [14120] 0 14120
5306 115 0 -17 -1000 udevd
Mar 5 09:00:16 localhost kernel: [2823146.508083] [17063] 0 17063
2606 38 0 0 0 pptpd
Mar 5 09:00:16 localhost kernel: [2823146.508620] [22597] 65534 22597
8018 386 0 0 0 openvpn
Mar 5 09:00:16 localhost kernel: [2823146.509106] [ 587] 0 587
12462 153 0 -17 -1000 sshd
Mar 5 09:00:16 localhost kernel: [2823146.509554] [ 2779] 0 2779
3653 39 0 0 0 pptpctrl
Mar 5 09:00:16 localhost kernel: [2823146.510054] [ 2780] 0 2780
5977 118 0 0 0 pppd
Mar 5 09:00:16 localhost kernel: [2823146.510497] [ 2991] 0 2991
20444 214 0 0 0 sshd
Mar 5 09:00:16 localhost kernel: [2823146.510939] [ 2996] 0 2996
31864 431 0 0 0 bash
Mar 5 09:00:16 localhost kernel: [2823146.511388] [ 3125] 105 3125
100474 86877 0 0 0 haproxy
So either, I am doing something wrong in the config (which is entirely
possible), or something is wrong with HAProxy 1.5.
Thanks
Fred
On 4 March 2014 19:07, Lukas Tribus <luky...@hotmail.com> wrote:
> Hi Fred,
>
>
>
>> Is this a known bug in HAProxy 1.5?
>> When I use 0.0.0.0 or * as server address for a certain host, HAProxy
>> crashes with a oom_killer log.
>
> Thats certainly not expected. Does the OOM conditional really come
> from HAProxy?
>
>
>
>>
>> server
>> ...
>>
>> Address “0.0.0.0″ or “*” has a special meaning.
>> It indicates that the connection will be forwarded to the same IP
>> address as the one from the client connection. This is useful in
>> transparent proxy architectures where the client’s connection is
>> intercepted and haproxy must forward to the original destination
>> address.
>>
>> eg in the backend:
>>
>> use-server www.speedtest.net if { hdr_sub(host) speedtest.net }
>> server www.speedtest.net *
>>
>> so what should happen is that the alias 'www.speedtest.net' should be
>> equal to the same IP address as was transmitted.
>>
>> Or am I doing something wrong?
>
> Please post the full configuration and explain what you are trying to
> do. Also, post the output of "./haproxy -vv".
>
>
>
> Regards,
>
> Lukas
