Hi,
When attempting to check the configuration of a file, I get a segmentation fault.
/ # haproxy -c -f haproxy.cfg
[WARNING] 162/142118 (8736) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
Configuration file is valid
Segmentation fault (core dumped)
/ # haproxy -v
HA-Proxy version 1.6.6 2016/06/26
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>
Has anyone seen this before? It makes it impossible to check the config before reloading haproxy. I can’t find an issue tracker for HAproxy, so i don’t know if this is a known issue.
HAproxy is running inside a Docker container.
It seems I’m not permitted to attach text files, so I’m afraid I’ll paste the config here instead:
global
log local-traffic-logger len 65535 local0
log local-traffic-logger len 65535 local1 notice
log-send-hostname
maxconn 4096
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy.stats level admin
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA
defaults
balance roundrobin
log global
mode http
option redispatch
option httplog
option dontlognull
option forwardfor
timeout connect 5s
timeout client 50s
timeout server 50s
timeout http-keep-alive 5s
log-format "{\"timestamp\":\"%Ts\",\"backend\":\"%b\",\"bytes\":\"%B\",\"clientip\":\"%ci\",\"duration\":\"%Tt\",\"encoding\":\"json\",\"host\":\"%s\",\"method\":\"%HM\",\"query\":\"%HQ\",\"sls_service_level\":\"${SERVICE_LEVEL}\",\"sls_tag_0\":\"webfarm\",\"sls_tag_1\":\"front-end\",\"sls_tag_2\":\"haproxy\",\"sls_type\":\"apache_access\",\"sslcipher\":\"%sslc\",\"sslversion\":\"%sslv\",\"status\":\"%ST\",\"urlpath\":\"%HP\",\"urlquery\":\"%HQ\",\"useragent\":\"%hr\",\"webapp\":\"%b\"}"
listen stats
bind :1936 ssl crt /run/secrets/cert0.pem
mode http
stats enable
timeout connect 10s
timeout client 1m
timeout server 1m
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth stats:Hope&Anchor
frontend port_443
bind :443 ssl crt /run/secrets/
reqadd X-Forwarded-Proto:\ https
maxconn 4096
capture request header Host len 50
capture request header User-Agent len 100
acl is_websocket hdr(Upgrade) -i WebSocket
acl host_rule_2 hdr_reg(host) -i ^neptune-logs\..*\.foo\.ac\.uk$
acl host_rule_2_port hdr_reg(host) -i ^neptune-logs\..*\.foo\.ac\.uk:443$
use_backend SERVICE_webapps_neptune-logs if host_rule_2 or host_rule_2_port
acl host_rule_4 hdr(host) -i finance-security.neptune-preprod.foo.ac.uk
acl host_rule_4_port hdr(host) -i finance-security.neptune-preprod.foo.ac.uk:443
use_backend SERVICE_webapps_finance-security if host_rule_4 or host_rule_4_port
acl host_rule_6 hdr(host) -i finance-security.neptune-preprod.footol.ac.uk
acl host_rule_6_port hdr(host) -i finance-security.neptune-preprod.footol.ac.uk:443
use_backend SERVICE_webapps_finance-security if host_rule_6 or host_rule_6_port
acl host_rule_8 hdr_reg(host) -i ^parking-permit-service\..*\.foo\.ac\.uk$
acl host_rule_8_port hdr_reg(host) -i ^parking-permit-service\..*\.foo\.ac\.uk:443$
use_backend SERVICE_webapps_parking-permit-service if host_rule_8 or host_rule_8_port
acl host_rule_10 hdr(host) -i interface-catalogue.neptune-preprod.foo.ac.uk
acl host_rule_10_port hdr(host) -i interface-catalogue.neptune-preprod.foo.ac.uk:443
use_backend SERVICE_webapps_interface-catalogue if host_rule_10 or host_rule_10_port
acl host_rule_12 hdr(host) -i interface-catalogue.neptune-preprod.footol.ac.uk
acl host_rule_12_port hdr(host) -i interface-catalogue.neptune-preprod.footol.ac.uk:443
use_backend SERVICE_webapps_interface-catalogue if host_rule_12 or host_rule_12_port
acl host_rule_14 hdr_reg(host) -i ^azure-testing-webapp\..*\.foo\.ac\.uk$
acl host_rule_14_port hdr_reg(host) -i ^azure-testing-webapp\..*\.foo\.ac\.uk:443$
use_backend SERVICE_webapps_azure-testing-webapp if host_rule_14 or host_rule_14_port
acl host_rule_16 hdr_reg(host) -i ^.*$
acl host_rule_16_port hdr_reg(host) -i ^.*:443$
use_backend SERVICE_webapps_out-of-service if host_rule_16 or host_rule_16_port
frontend port_80
bind :80
reqadd X-Forwarded-Proto:\ http
maxconn 4096
capture request header Host len 50
capture request header User-Agent len 100
acl is_websocket hdr(Upgrade) -i WebSocket
acl host_rule_1 hdr_reg(host) -i ^neptune-logs\..*\.foo\.ac\.uk$
acl host_rule_1_port hdr_reg(host) -i ^neptune-logs\..*\.foo\.ac\.uk:80$
use_backend SERVICE_webapps_neptune-logs if host_rule_1 or host_rule_1_port
acl host_rule_3 hdr(host) -i finance-security.neptune-preprod.foo.ac.uk
acl host_rule_3_port hdr(host) -i finance-security.neptune-preprod.foo.ac.uk:80
use_backend SERVICE_webapps_finance-security if host_rule_3 or host_rule_3_port
acl host_rule_5 hdr(host) -i finance-security.neptune-preprod.footol.ac.uk
acl host_rule_5_port hdr(host) -i finance-security.neptune-preprod.footol.ac.uk:80
use_backend SERVICE_webapps_finance-security if host_rule_5 or host_rule_5_port
acl host_rule_7 hdr_reg(host) -i ^parking-permit-service\..*\.foo\.ac\.uk$
acl host_rule_7_port hdr_reg(host) -i ^parking-permit-service\..*\.foo\.ac\.uk:80$
use_backend SERVICE_webapps_parking-permit-service if host_rule_7 or host_rule_7_port
acl host_rule_9 hdr(host) -i interface-catalogue.neptune-preprod.foo.ac.uk
acl host_rule_9_port hdr(host) -i interface-catalogue.neptune-preprod.foo.ac.uk:80
use_backend SERVICE_webapps_interface-catalogue if host_rule_9 or host_rule_9_port
acl host_rule_11 hdr(host) -i interface-catalogue.neptune-preprod.footol.ac.uk
acl host_rule_11_port hdr(host) -i interface-catalogue.neptune-preprod.footol.ac.uk:80
use_backend SERVICE_webapps_interface-catalogue if host_rule_11 or host_rule_11_port
acl host_rule_13 hdr_reg(host) -i ^azure-testing-webapp\..*\.foo\.ac\.uk$
acl host_rule_13_port hdr_reg(host) -i ^azure-testing-webapp\..*\.foo\.ac\.uk:80$
use_backend SERVICE_webapps_azure-testing-webapp if host_rule_13 or host_rule_13_port
acl host_rule_15 hdr_reg(host) -i ^.*$
acl host_rule_15_port hdr_reg(host) -i ^.*:80$
use_backend SERVICE_webapps_out-of-service if host_rule_15 or host_rule_15_port
backend SERVICE_webapps_out-of-service
server webapps_out-of-service.1.mksakhmcijo97a39oiye6uaf5 10.0.0.5:8080 check inter 2000 rise 2 fall 3
backend SERVICE_webapps_parking-permit-service
cookie SRV insert indirect nocache
redirect scheme https code 301 if !{ ssl_fc }
option httpchk GET /healthcheck HTTP/1.1\r\nHost:\ www\nUser-Agent:\ haproxy
server webapps_out-of-service webapps_out-of-service:8080 check inter 2000 rise 2 fall 3 backup
http-response add-header X-Service %b
http-response add-header X-Backend-Name %s
http-response add-header X-HAProxy-Container %H
server webapps_parking-permit-service.1.hxpwjz49oyvy4g6dhyj63q3wu 10.0.0.24:8080 cookie webapps_parking-permit-service.1.hxpwjz49oyvy4g6dhyj63q3wu check inter 2000 rise 2 fall 3
backend default_service
backend SERVICE_webapps_neptune-logs
cookie SRV insert indirect nocache
redirect scheme https code 301 if !{ ssl_fc }
option httpchk GET /healthcheck HTTP/1.1\r\nHost:\ www\nUser-Agent:\ haproxy
server webapps_out-of-service webapps_out-of-service:8080 check inter 2000 rise 2 fall 3 backup
http-response add-header X-Service %b
http-response add-header X-Backend-Name %s
http-response add-header X-HAProxy-Container %H
server webapps_neptune-logs.1.5ywkz8y3ymu9yyay5bdj6gril 10.0.0.15:8080 cookie webapps_neptune-logs.1.5ywkz8y3ymu9yyay5bdj6gril check inter 2000 rise 2 fall 3
backend SERVICE_webapps_interface-catalogue
cookie SRV insert indirect nocache
redirect scheme https code 301 if !{ ssl_fc }
option httpchk GET /InterfaceCatalogue/healthcheck HTTP/1.1\r\nHost:\ www\nUser-Agent:\ haproxy
server webapps_out-of-service webapps_out-of-service:8080 check inter 2000 rise 2 fall 3 backup
http-response add-header X-Service %b
http-response add-header X-Backend-Name %s
http-response add-header X-HAProxy-Container %H
server webapps_interface-catalogue.1.0fas2vgvbd2y3t8p66ebsu7dh 10.0.0.23:8080 cookie webapps_interface-catalogue.1.0fas2vgvbd2y3t8p66ebsu7dh check inter 2000 rise 2 fall 3
backend SERVICE_webapps_azure-testing-webapp
cookie SRV insert indirect nocache
redirect scheme https code 301 if !{ ssl_fc }
option httpchk GET /healthcheck HTTP/1.1\r\nHost:\ www\nUser-Agent:\ haproxy
server webapps_out-of-service webapps_out-of-service:8080 check inter 2000 rise 2 fall 3 backup
http-response add-header X-Service %b
http-response add-header X-Backend-Name %s
http-response add-header X-HAProxy-Container %H
server webapps_azure-testing-webapp.1.2y8wh5yaw3rds58pes9x5l16o 10.0.0.19:8080 cookie webapps_azure-testing-webapp.1.2y8wh5yaw3rds58pes9x5l16o check inter 2000 rise 2 fall 3
backend SERVICE_webapps_finance-security
cookie SRV insert indirect nocache
redirect scheme https code 301 if !{ ssl_fc }
option httpchk GET /Depts/Finance/secure/applications/security/healthcheck HTTP/1.1\r\nHost:\ www\nUser-Agent:\ haproxy
server webapps_out-of-service webapps_out-of-service:8080 check inter 2000 rise 2 fall 3 backup
http-response add-header X-Service %b
http-response add-header X-Backend-Name %s
http-response add-header X-HAProxy-Container %H
server webapps_finance-security.1.21a0x3fwsu9jv1o4okf956f72 10.0.0.10:8080 cookie webapps_finance-security.1.21a0x3fwsu9jv1o4okf956f72 check inter 2000 rise 2 fall 3/
thanks,
Mark