HAProxy community

Rancher LB on TCP port

Hi there

Just setting up my first Rancher farm and struggling with TCP forward for MQTT service.

I have images running VerneMQ on the back and a LB on front, set up the port as:

On my log file I have:

[WARNING] 008/193755 (206) : config : ‘option forwardfor’ ignored for frontend ‘1883’ as it requires HTTP mode.

And can’t publish or subscribe on my MQTT, it just drop the connection after some seconds with weird messages as : Connection error: Connection Refused: bad user name or password.

Here is my HAProxy conf file auto generated by Rancher:

global
chroot /var/lib/haproxy
daemon
group haproxy
maxconn 4096
maxpipes 1024
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
ssl-default-bind-options no-sslv3 no-tlsv10 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
user haproxy

defaults
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
maxconn 4096
mode tcp
option forwardfor
option http-server-close
option redispatch
retries 3
timeout client 50000
timeout connect 5000
timeout server 50000

resolvers rancher
 nameserver dnsmasq 169.254.169.250:53

listen default
bind *:42

frontend 1883
bind *:1883
mode tcp
default_backend 1883_

backend 1883_
acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0
acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0
http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port
http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto
mode tcp
server b607cfb03c061fa915f3b4cb74b761a1c479dfcd 10.42.185.68:1883
server 7bfce2298da800f4da61c5424f05067261e4496c 10.42.134.94:1883
server 82de085c23669466f0d35ec8febe291a196b73bb 10.42.117.251:1883

Any help in how I can setup rancher / haproxy to work with MQTT protocols or any other protocol than HTTP / HTTPS ?

Thanks