Dear Akshay Mangla.
On 10.02.20 06:00, Akshay Mangla wrote:
Hi Aleksandar,
I have made a few changes to the haproxy.cfg file and following are the outputs
:-
HAPROXY.cfg
#---------------------------------------------------------------------
[snipped]
frontend haproxy_inbound
bind *:443 *[CHANGED PORT]*
default_backend haproxy_httpd
Please read this blog post to setup ssl in haproxy.
https://www.haproxy.com/blog/haproxy-ssl-termination/
backend haproxy_httpd
balance roundrobin
mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
option httpchk
server lxapp14070.dc.corp.telstra.com 10.195.70.12:443 check * [Host
and Port Changed]*
server lxapp14071.dc.corp.telstra.com 10.195.70.13:443 check *[Host
and Port Changed] *
try to add "ssl" to the server line.
1.*curl -v --max-time 30 127.0.0.1:5001*
[root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001
<http://127.0.0.1:5001>
* About to connect() to 127.0.0.1 port 5001 (#0)
* Trying 127.0.0.1...
* Connection refused
* Failed connect to 127.0.0.1:5001; Connection refused
* Closing connection 0
curl: (7) Failed connect to 127.0.0.1:5001; Connection refused
Does anything listen on that port?
https://en.wikipedia.org/wiki/Localhost
2. *curl -v --max-time 30 10.195.70.12:443*
to test https with curl you should add 'https://' before the URL
[snipped]
Also now when I run the command haproxy -db -f /etc/haproxy/haproxy.cfg i
getting the following alert :-
*[root@lxapp14012 haproxy]# haproxy -db -f /etc/haproxy/haproxy.cfg
[ALERT] 040/155059 (20285) : Starting frontend haproxy_inbound: cannot bind
socket [0.0.0.0:443]*
Is it something that should be taken care of or it can be ignored??
This isn't a serious question isn't it?
https://www.startpage.com/do/search?lui=english&language=english&cat=web&query=could+not+bind+socket
Please check if there isn't another process running on this port.
Also when I try to check the status of haproxy i see many failed or disabled
instances and the haproxy instance is not able to start properly:-
[root@lxapp14012 haproxy]# *service haproxy status -l*
Redirecting to /bin/systemctl status -l haproxy.service
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor
preset: disabled)
Active: failed (Result: exit-code) since Thu 2020-02-06 23:04:08 AEDT; 3
days ago
Process: 15069 ExecReload=/bin/kill -USR2 $MAINPID (code=exited,
status=0/SUCCESS)
Process: 26084 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS (code=exited,
status=1/FAILURE)
Main PID: 26084 (code=exited, status=1/FAILURE)
Feb 06 23:04:08 lxapp14012 systemd[1]: Starting HAProxy Load Balancer...
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]:
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f
/etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]: [ALERT] 036/230408 (26086)
: Starting frontend haproxy_inbound: cannot bind socket [0.0.0.0:443
<http://0.0.0.0:443>]
Feb 06 23:04:08 lxapp14012 haproxy-systemd-wrapper[26084]:
haproxy-systemd-wrapper: exit, haproxy RC=1
Feb 06 23:04:08 lxapp14012 systemd[1]: haproxy.service: main process exited,
code=exited, status=1/FAILURE
Feb 06 23:04:08 lxapp14012 systemd[1]: Unit haproxy.service entered failed
state.
Feb 06 23:04:08 lxapp14012 systemd[1]: haproxy.service failed.
Feb 06 23:04:24 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded
because it is inactive.
Feb 06 23:07:29 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded
because it is inactive.
Feb 06 23:14:40 lxapp14012 systemd[1]: Unit haproxy.service cannot be reloaded
because it is inactive.
Can you please look into this and help us in finding the solution??
I would suggest to get some Linux courses to understand what these messages
means, something like this, as you use a RHEL bases system.
https://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i
Also if you are available is it possible to connect sometime and resolve these
issue in one go??
Well it looks to me that you don't want to pay some support I don't think that
I will connect to your machines.
If you are willing to pay for support I suggest to contact
https://www.haproxy.com/ for a offer.
Regards,
Akshay
Regards
Aleks
On Sun, Feb 9, 2020 at 10:54 PM Aleksandar Lazic <al-hapr...@none.at
<mailto:al-hapr...@none.at>> wrote:
Hi.
please keep the mailinglist in the loop.
On 06.02.20 10:23, Akshay Mangla wrote:
> Hi Aleksandar,
>
> Apologies for sending in the screenshot.
No probs just a hint.
> I got the following output when I ran the above commands :-
>
> *1.curl -v --max-time 30 http://127.0.0.1:5001/*
>
> [root@lxapp14012 ~]# curl -v --max-time 30 127.0.0.1:5001
<http://127.0.0.1:5001> <http://127.0.0.1:5001>
> * About to connect() to 127.0.0.1 port 5001 (#0)
> * Trying 127.0.0.1...
> * Connection refused
> * Failed connect to 127.0.0.1:5001 <http://127.0.0.1:5001>
<http://127.0.0.1:5001>; Connection refused
> * Closing connection 0
> curl: (7) Failed connect to 127.0.0.1:5001 <http://127.0.0.1:5001>
<http://127.0.0.1:5001>; Connection refused
Okay you should remove the "backend app" it looks like you don't need it.
> *2. curl -v --max-time 30 http://10.195.77.21:7068*
> *
> *
> * About to connect() to 10.195.77.21 port 7068 (#0)
> * Trying 10.195.77.21...
> * Connected to 10.195.77.21 (10.195.77.21) port 7068 (#0)
> > GET / HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: 10.195.77.21:7068 <http://10.195.77.21:7068>
<http://10.195.77.21:7068>
> > Accept: */*
> >
> * Connection #0 to host 10.195.77.21 left intact*
> *
>
> *3.curl -v --max-time 30 http://10.195.77.22:7068*
> *
> *
> * About to connect() to 10.195.77.22 port 7068 (#0)
> * Trying 10.195.77.22...
> * Connected to 10.195.77.22 (10.195.77.22) port 7068 (#0)
> > GET / HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: 10.195.77.22:7068 <http://10.195.77.22:7068>
<http://10.195.77.22:7068>
> > Accept: */*
> >
> * Connection #0 to host 10.195.77.22 left intact*
> *
>
> *Following is the version of HAProxy*
> [root@lxapp14012 ~]# haproxy -vv
> HA-Proxy version 1.5.18 2016/05/10
[snipp]
Thanks. you sholuld consider to update it to the latest version.
> *Also the outputs of the screenshot sent earlier is as below :-*
>
> [root@lxapp14012 ~]# haproxy -c -f /etc/haproxy/haproxy.cfg
> Configuration file is valid
>
> [root@lxapp14012 ~]# haproxy -db -f /etc/haproxy/haproxy.cfg
> [WARNING] 036/201733 (14778) : Server static/static is DOWN, reason: Layer4
connection problem, info: "Connection refused", check duration: 0ms. 0 active and
0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [ALERT] 036/201733 (14778) : backend 'static' has no server available!
> [WARNING] 036/201733 (14778) : Server app/app1 is DOWN, reason: Layer4 connection
problem, info: "Connection refused", check duration: 0ms. 3 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [WARNING] 036/201734 (14778) : Server app/app2 is DOWN, reason: Layer4 connection
problem, info: "Connection refused", check duration: 0ms. 2 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [WARNING] 036/201734 (14778) : Server app/app3 is DOWN, reason: Layer4 connection
problem, info: "Connection refused", check duration: 0ms. 1 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [WARNING] 036/201734 (14778) : Server app/app4 is DOWN, reason: Layer4 connection
problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [ALERT] 036/201734 (14778) : backend 'app' has no server available!
Yes clear there are no servers on the localhost.
> [WARNING] 036/201734 (14778) : Server haproxy_httpd/lxapp14058.dc.corp.telstra.com
<http://lxapp14058.dc.corp.telstra.com> <http://lxapp14058.dc.corp.telstra.com> is DOWN, reason: Layer7
invalid response, info: "<15><03><03>", check duration: 1ms. 1 active and 0 backup servers
left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [WARNING] 036/201735 (14778) : Server haproxy_httpd/lxapp14059.dc.corp.telstra.com
<http://lxapp14059.dc.corp.telstra.com> <http://lxapp14059.dc.corp.telstra.com> is DOWN, reason: Layer7
invalid response, info: "<15><03><03>", check duration: 2ms. 0 active and 0 backup servers
left. 0 sessions active, 0 requeued, 0 remaining in queue.
> [ALERT] 036/201735 (14778) : backend 'haproxy_httpd' has no server
available!
Looks like the backend expect https or tcp.
Which protocol expect the servers lxapp*.dc.corp.telstra.com
<http://dc.corp.telstra.com> ?
> Regards,
> Akshay
Regards
Aleks
> On Thu, Feb 6, 2020 at 1:43 PM Aleksandar Lazic <al-hapr...@none.at
<mailto:al-hapr...@none.at> <mailto:al-hapr...@none.at <mailto:al-hapr...@none.at>>>
wrote:
>
> Hi.
>
> On 06.02.20 07:08, Akshay Mangla wrote:
> > Hi HAProxy Team,
> >
> > I have been trying to install HAProxy on my vm machine and facing
some difficulties in doing so.
> >
> > Following is the HAProxy config file that we have currently.
> >
> >
#---------------------------------------------------------------------
> > # Example configuration for a possible web application. See the
> > # full configuration options online.
> > #
> > # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
> > #
> >
#---------------------------------------------------------------------
> >
> >
#---------------------------------------------------------------------
> > # Global settings
> >
#---------------------------------------------------------------------
> > global
> > # to have these messages end up in /var/log/haproxy.log you
will
> > # need to:
> > #
> > # 1) configure syslog to accept network log events. This is
done
> > # by adding the '-r' option to the SYSLOGD_OPTIONS in
> > # /etc/sysconfig/syslog
> > #
> > # 2) configure local2 events to go to the
/var/log/haproxy.log
> > # file. A line like the following can be added to
> > # /etc/sysconfig/syslog
> > #
> > # local2.* /var/log/haproxy.log
> > #
> > log 127.0.0.1 local2
> >
> > chroot /var/lib/haproxy
> > pidfile /var/run/haproxy.pid
> > maxconn 4000
> > user haproxy
> > group haproxy
> > daemon
> >
> > # turn on stats unix socket
> > stats socket /var/lib/haproxy/stats
> >
> >
#---------------------------------------------------------------------
> > # common defaults that all the 'listen' and 'backend' sections
will
> > # use if not designated in their block
> >
#---------------------------------------------------------------------
> > defaults
> > mode http
> > log global
> > option httplog
> > option dontlognull
> > option http-server-close
> > option forwardfor except 127.0.0.0/8 <http://127.0.0.0/8>
<http://127.0.0.0/8>
> > option redispatch
> > retries 3
> > timeout http-request 10s
> > timeout queue 1m
> > timeout connect 10s
> > timeout client 1m
> > timeout server 1m
> > timeout http-keep-alive 10s
> > timeout check 10s
> > maxconn 3000
> >
> >
#---------------------------------------------------------------------
> > # main frontend which proxys to the backends
> >
#---------------------------------------------------------------------
> > frontend main *:5000
> > acl url_static path_beg -i /static /images
/javascript /stylesheets
> > acl url_static path_end -i .jpg .gif .png .css
.js
> >
> > use_backend static if url_static
> > default_backend app
> >
> >
#---------------------------------------------------------------------
> > # static backend for serving up images, stylesheets and such
> >
#---------------------------------------------------------------------
> > backend static
> > balance roundrobin
> > server static 127.0.0.1:4331 <http://127.0.0.1:4331>
<http://127.0.0.1:4331> check
> >
> >
#---------------------------------------------------------------------
> > # round robin balancing between the various backends
> >
#---------------------------------------------------------------------
> > backend app
> > balance roundrobin
> > server app1 127.0.0.1:5001 <http://127.0.0.1:5001>
<http://127.0.0.1:5001> check
> > server app2 127.0.0.1:5002 <http://127.0.0.1:5002>
<http://127.0.0.1:5002> check
> > server app3 127.0.0.1:5003 <http://127.0.0.1:5003>
<http://127.0.0.1:5003> check
> > server app4 127.0.0.1:5004 <http://127.0.0.1:5004>
<http://127.0.0.1:5004> check
> >
> > frontend haproxy_inbound
> > bind *:7068
> > default_backend haproxy_httpd
> >
> > backend haproxy_httpd
> > balance roundrobin
> > mode http #(NOT NEEDED IF DEFINED IN DEFAULTS)
> > option httpchk
> > server lxapp14058.dc.corp.telstra.com
<http://lxapp14058.dc.corp.telstra.com> <http://lxapp14058.dc.corp.telstra.com> 10.195.77.21:7068
<http://10.195.77.21:7068> <http://10.195.77.21:7068> check
> > server lxapp14059.dc.corp.telstra.com
<http://lxapp14059.dc.corp.telstra.com> <http://lxapp14059.dc.corp.telstra.com> 10.195.77.22:7068
<http://10.195.77.22:7068> <http://10.195.77.22:7068> check
> >
> >
> > I have added the lines at the end which are colored and ran the
command ---> */haproxy -c -f /etc/haproxy/haproxy.cfg/* which gave me an output that
/*configuration file is valid*/.
> >
> > When i tried to start it manually (in foreground, to test) with
---> */haproxy -db -f /etc/haproxy/haproxy.cfg/* it started giving me an error
> > image.png
>
> I love screenshots, it's so easy to copy some text out of them ;-).
> My suggestion would be to copy the text from the console to the mail
> instead the screenshot.
>
> > Can you help me resolve this issue as I am stuck on this. Any
suggestions would be appreciated.
>
> I would assume that the backend is not a http backend as the httpchk
fails.
> What do you get when you execute the follwoing command from haproxy
maschine?
>
> curl -v --max-time 30 127.0.0.1:5001 <http://127.0.0.1:5001>
<http://127.0.0.1:5001>
> curl -v --max-time 30 http://10.195.77.21:7068
> curl -v --max-time 30 http://10.195.77.22:7068
>
> > Do let me know if you need any further information on this.
>
> Which haproxy version do you use?
> haproxy -vv
>
>
> > Regards,
> > Akshay
>
> Regards
> Aleks
>
