Hi.
Today I have tried to debug haproxy as in the old days ;-), I was not
able to see the communication on stderr.
I'm sure I have something missed in the past on the list to be able to
see the output.
My steps.
curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz
tar xfvz haproxy-1.6.2.tar.gz
cd haproxy-1.6.2/
make TARGET=linux2628 DEBUG=-DDEBUG_FULL USE_PCRE=1 USE_OPENSSL=1
USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 all
cd ../
export MONITOR_BIND_PORT=7991
export HTTP_BIND_PORT=7992
export HTTPS_BIND_PORT=7993
#############
haproxy-1.6.2/haproxy -f haproxy.conf -d -V
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
Sharing capture with vars
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
[NO MORE OUTPUT AFTER CURL CALL]
#############
I connected from another Terminal to this haproxy with curl.
##############
LANG=C curl -vk http://xx.xx.xx.xx:7992/
* Trying xx.xx.xx.xx...
* Connected to xx.xx.xx.xx5 (xx.xx.xx.xx) port 7992 (#0)
> GET / HTTP/1.1
> Host: xx.xx.xx.xx:7992
> User-Agent: curl/7.45.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
#############
Please can anyone tell me what I have missed, thanks.
#################
haproxy-1.6.2/haproxy -vv
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
HA-Proxy version 1.6.2 2015/11/03
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents =
200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
cat haproxy.conf
#############
# please read the manual
# http://www.haproxy.org/#docs
global
debug
# no daemon!
# don't use gid, uid, group or user on openshift
ca-base .
crt-base .
# in docker or openshift?
# log
# Name of the POD or Service or ...
# log-send-hostname
# log-tag
# node
# it's magic ;-)
ssl-default-bind-ciphers
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH
ssl-default-bind-options no-sslv3
ssl-default-server-ciphers
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH
ssl-default-server-options no-sslv3
# this file is created at build time!
# openssl dhparam -out /usr/local/etc/haproxy/ssl/dh-param_4096 4096
ssl-dh-param-file dh-param_4096
# ssl-server-verify default is required
# perf tun
# I think this values should be carefully changed, in case you need to
change it!
maxconn 100
# maxconnrate
# maxpipes
# maxsessrate
# maxsslconn
# maxsslrate
# defaults to 20000
# tune.ssl.cachesize
# default defaults to 300 (5 min)
# tune.ssl.lifetime
# greater than 1024 bits are not supported
# by Java 7 and earlier clients
# tune.ssl.default-dh-param 4096
# peers !!
# peers ssl-sessions
# Service disovering for the other haproxies in the cloud
# peer <peername> <ip>:<port>
listen haproxy-monitor
bind *:${MONITOR_BIND_PORT}
mode health
option httpchk
defaults
timeout connect 5s
timeout client 30s
timeout server 30s
# Long timeout for WebSocket connections.
timeout tunnel 1h
# balance ?
# rate-limit sessions
option forwardfor
option http-ignore-probes
option splice-auto
option log-separate-errors
option ssl-hello-chk
frontend http-in
bind *:${HTTP_BIND_PORT} accept-proxy tfo
mode http
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
use_backend test01
frontend https-in
mode http
bind *:${HTTPS_BIND_PORT} accept-proxy ssl ca-file ca-bundle crt
cert_key.pem tfo
use_backend OSEManager
backend OSEManager
mode http
server OSEManager DestServer:443 ssl verify none
backend test01
mode http
server DESTNAME Destserver
####################
lsb_release -a
########
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise
###########
BR Aleks
Today I have tried to debug haproxy as in the old days ;-), I was not
able to see the communication on stderr.
I'm sure I have something missed in the past on the list to be able to
see the output.
My steps.
curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz
tar xfvz haproxy-1.6.2.tar.gz
cd haproxy-1.6.2/
make TARGET=linux2628 DEBUG=-DDEBUG_FULL USE_PCRE=1 USE_OPENSSL=1
USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 all
cd ../
export MONITOR_BIND_PORT=7991
export HTTP_BIND_PORT=7992
export HTTPS_BIND_PORT=7993
#############
haproxy-1.6.2/haproxy -f haproxy.conf -d -V
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
Sharing capture with vars
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
[NO MORE OUTPUT AFTER CURL CALL]
#############
I connected from another Terminal to this haproxy with curl.
##############
LANG=C curl -vk http://xx.xx.xx.xx:7992/
* Trying xx.xx.xx.xx...
* Connected to xx.xx.xx.xx5 (xx.xx.xx.xx) port 7992 (#0)
> GET / HTTP/1.1
> Host: xx.xx.xx.xx:7992
> User-Agent: curl/7.45.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
#############
Please can anyone tell me what I have missed, thanks.
#################
haproxy-1.6.2/haproxy -vv
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
HA-Proxy version 1.6.2 2015/11/03
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents =
200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
cat haproxy.conf
#############
# please read the manual
# http://www.haproxy.org/#docs
global
debug
# no daemon!
# don't use gid, uid, group or user on openshift
ca-base .
crt-base .
# in docker or openshift?
# log
# Name of the POD or Service or ...
# log-send-hostname
# log-tag
# node
# it's magic ;-)
ssl-default-bind-ciphers
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH
ssl-default-bind-options no-sslv3
ssl-default-server-ciphers
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH
ssl-default-server-options no-sslv3
# this file is created at build time!
# openssl dhparam -out /usr/local/etc/haproxy/ssl/dh-param_4096 4096
ssl-dh-param-file dh-param_4096
# ssl-server-verify default is required
# perf tun
# I think this values should be carefully changed, in case you need to
change it!
maxconn 100
# maxconnrate
# maxpipes
# maxsessrate
# maxsslconn
# maxsslrate
# defaults to 20000
# tune.ssl.cachesize
# default defaults to 300 (5 min)
# tune.ssl.lifetime
# greater than 1024 bits are not supported
# by Java 7 and earlier clients
# tune.ssl.default-dh-param 4096
# peers !!
# peers ssl-sessions
# Service disovering for the other haproxies in the cloud
# peer <peername> <ip>:<port>
listen haproxy-monitor
bind *:${MONITOR_BIND_PORT}
mode health
option httpchk
defaults
timeout connect 5s
timeout client 30s
timeout server 30s
# Long timeout for WebSocket connections.
timeout tunnel 1h
# balance ?
# rate-limit sessions
option forwardfor
option http-ignore-probes
option splice-auto
option log-separate-errors
option ssl-hello-chk
frontend http-in
bind *:${HTTP_BIND_PORT} accept-proxy tfo
mode http
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
use_backend test01
frontend https-in
mode http
bind *:${HTTPS_BIND_PORT} accept-proxy ssl ca-file ca-bundle crt
cert_key.pem tfo
use_backend OSEManager
backend OSEManager
mode http
server OSEManager DestServer:443 ssl verify none
backend test01
mode http
server DESTNAME Destserver
####################
lsb_release -a
########
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise
###########
BR Aleks