Problem stats second backend

Help!
1

Hi,

I have a problem with the stats on my second backend, first i have this error “Layer7 invalid response: TCPCHK got an empty response at step 2” follow by “socket error” :slight_smile:

Screenshot 2023-11-15 160708
Screenshot 2023-11-15 160708947×417 23.7 KB

My configuration file :

global
    log /var/log/haproxy local5 debug
    chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http

listen stats
	bind  :9000
	mode  http
	stats enable
	stats show-node
	stats hide-version
	stats realm HAproxy-ldap-pprime
	stats uri /stats
	stats refresh 1m
	stats auth infra:<%=@passwd_haproxy_stats%>

frontend example_front
    bind :389
    bind :636
    mode tcp
    option tcplog
    log global
    use_backend example1_back if { dst_port 389 }
    use_backend example2_back if { dst_port 636 }

backend example1_back
	mode tcp
	balance roundrobin
	option ldap-check
	server example1 <%=@ldap_ip%>:389 check
	server example2 <%=@ldapbis_ip%>:389 check

backend example2_back
	mode tcp
	balance roundrobin
	option ldap-check
	server example1 <%=@ldap_ip%>:636 check
	server example2 <%=@ldapbis_ip%>:636 check

I don’t understand why the fisrt work but not the second ?

Thanks for the help.

2

Hi,
i have a similar setup to yours.

I used two listens with the configurations i needed.

Bye

3

Hi,

thanks, i’m new in haproxy can you post an example of your config, please ?

thanks a lot.

4

Hi,
this is the configuration file

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        maxconn 200
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    http
        option  dontlognull
        timeout connect 10000
        timeout client  120000
        timeout server  120000
        timeout client-fin 120000
        timeout tunnel  3600000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

listen Stats
        log     global
        bind :1936
        mode http
        fullconn 200
        log global
        stats enable
        stats hide-version
        stats realm Haproxy\ Statistics
        stats show-node
        stats show-legends
        stats uri /
        stats auth your_user:your_pwd

listen Ldap
        log     global
        maxconn 100
        bind *:389
        mode tcp
        option tcplog
        fullconn 100
        balance roundrobin
        option tcpka

        server SRV_LDAP_01 ip_server01:389 check maxconn 50 weight 1 fall 1 rise 3
        server SRV_LDAP_02 ip_server02:389 check maxconn 50 weight 1 fall 1 rise 3

listen Ldaps
        log     global
        maxconn 100
        bind *:636
        mode tcp
        option tcplog
        fullconn 100
        balance roundrobin
        option tcpka

        server SRV_LDAPS_01 ip_server01:636 check maxconn 50 weight 1 fall 1 rise 3
        server SRV_LDAPS_02 ip_server02:636 check maxconn 50 weight 1 fall 1 rise 3

You can insert N servers in each listen.
The default mode is http (you look defaults), but you can specify the mode in each list.
You can check multiple ports in each list
You can balance APIs like DB clusters etc.

Bye

5

thanks a lot. bye

6

:slightly_smiling_face:

Let me know if everything works…

Bye