Problem with IIS 10


#1

Hi
I have a windows server 2016 runing IIS V10
i use this server as a download server
i just want to hide the real ip address of this server usinig haproxy 1.7.8
here is my haproxy.cfg file

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend http_front
bind *:80
mode http
stats uri /haproxy?stats
default_backend http_back

backend http_back
balance first
mode http
server ServerDL my-server ip:80 check

i recieve 503 Service Unavailable !!!
also in the haproxy stats link in http_back section it shows the the server is down!

please help me im new to haproxy


#2

Can you connect to your backend server at port 80 and does it return a valid response?

What does curl -vv ip:80 from the haproxy instance return?


#3

thanks lukastribus
yes i can connect to the backend server with port 80
curl -vv ip:80


#4

Well you blurred everything out that would help to understand the issue. Did you used an ip address or a hostname in that curl call?

Also, I noticed you specified:
server ServerDL my-server ip:80 check

The syntax is invalid. It’s server <servername> <ip/hostname:port> <additional parameter>, you have one option too much. Haproxy probably tries to resolve my-server via DNS. Remove either my-server or ServerDL (whatever it is that doesn’t belong in there).


#5

sorry for blurred , I only blurred the ip address of IIS
i use ip address in curl call
i change the config to this :
server WinServer 192.168.1.1:80 check

the problem still remains
why i my static report for haproxy tells me that the server is Down?


#6

The healthcheck for this servers fails, it does not respond on Layer 4 (L4 Timeout).

When you remove healthchecking (the check keyword), do request toward the server work?


#7

when i use this config :
server WinServer 192.168.1.1:80
i got no check in static report


the problem still remains (its takes time to show the error 503 Service Unavailable .No server is available to handle this request. )
I change the config for test and set it to one of my linux servers and its works fine with linux ! (so easy !)
is there any thing i must config in IIS ? ( i think i miss somthing in IIS )


#8

There is nothing special about IIS. The curl command you did earlier was done on the same box/VM that haproxy runs, right?

I can’t tell what’s causing this, I suggest you run haproxy through strace -tt so we can find out what happens at syscall level.


#9

yes i type the curl in same vm that haproxy runs.
i change the config file to this :
server WinServer dl.mydomain.com:80 check
and i fix the problem with Statistics Report of haproxy


but the problem is stilll remains !!!
the error is changed to :
504 Gateway Time-out The server didn’t respond in time.

i install strace but i dont know how to use it !
what should i type in command line ?


#10

I don’t understand what happens here: the haproxy stats show that haproxy ran for 1 day and 6 hours, and that the WinServer backend transferred at least 2,4 GB of data.

When you made this screenshot, was it more more than 30 hours after you changed the configuration? Can you check if you have multiple haproxy processes running in the background? In that case, the kernel may load-balance between different processes in different older configurations. So it is important that you confirm that only once instance is running.

Best would be to stop haproxy, check that nothing is responding on port 80 at all (not even with an 504 error), and then start haproxy again. If after stopping haproxy there is still a service running on port 80, then you have obsolete processes running in the background.

Also, putting noreuseport into your global section will ensure that haproxy fails at startup if it can’t bind exclusively to port 80.


#11

we have lots of problems with iis in widows and we are planing to change the os of server
in our testing we are testing the haproxy with simple server that runs only apache and its working great .
there is nothing wrong about haproxy .
we think there is something wrong with iis .
we decide to use linux in backend servers , for resource efficiency and capability to communicate with other systems like haproxy.
thanks for all your help and time , we learn a lot from you:rose: