[SOLVED] Migrating Haproxy 1.5.8 to 1.7.5


#1

Hello there,

I’m running Haproxy for a while now, after doing my Debian migration from Jessie to Stretch, Debian update Haproxy package, BUT my Haproxy 1.5.8-3+deb8u1 configuration does not work anymore on the Stretch candidate version 1.7.5-2.

So I came back to my old Haproxy package and block the package from upgrade.

This is my Haproxy configuration which works great on 1.5.8-3+deb8u1:

https://pastebin.com/9Asky63c

FYI:

I used my own certificate that I concatenated like this:

1# Private KEY
2# Certificat Own Domain
3#IntermediateCA
4#RootCA

Any idea why the same configuration does not work with newer version of Haproxy ?

Thank you !


#2

When you say “does not work”, does it not start? Does it not handle connections?

Do you get an error message?


#3

Hi,

thank you for answering me :slight_smile:

Haproxy does not start.

I will search for error log.


#4

I do not have the log anymore :frowning:

But what’s is the problem with my configuration file ?
Maybe some options change between this two version ?

If nothing seems wrong I will update Haproxy and fetch log.


#5

Some news.

This weekend I tried to install 1.7.5 or 1.8 version from backport repo, configuration seems OK after check it with -c option, so Haproxy start well.

BUT for some backend (like webmin or plex for example), I have a 503 error…

Configuration is exactly the same as 1.5, backend is up and running (with 1.5 it works just great)

here the log error:

Jul 29 18:54:55 LINOLOGY haproxy[21311]: 80.12.58.230:56257 [29/Jul/2018:18:54:55.298] https~ plex/ 0/-1/-1/-1/0 503 213 - - SC-- 1/1/0/0/0 0/0 “GET /web/index.html HTTP/1.1”
Jul 29 18:55:22 LINOLOGY haproxy[21311]: 80.12.58.230:56293 [29/Jul/2018:18:55:22.308] https~ plex/ 0/-1/-1/-1/0 503 213 - - SC-- 1/1/0/0/0 0/0 “GET /web/index.html HTTP/1.1”
Jul 29 18:56:21 LINOLOGY haproxy[21311]: 80.12.58.230:56299 [29/Jul/2018:18:56:21.077] https~ webmin/ 0/-1/-1/-1/0 503 213 - - SC-- 1/1/0/0/0 0/0 “GET / HTTP/1.1”
Jul 29 18:56:21 LINOLOGY haproxy[21311]: 80.12.58.230:56300 [29/Jul/2018:18:56:21.337] https~ webmin/ 0/-1/-1/-1/0 503 213 - - SC-- 1/1/0/0/0 0/0 “GET /favicon.ico HTTP/1.1”

When it’s OK with 1.5 version:

Jul 29 19:06:41 LINOLOGY haproxy[12463]: 80.12.58.230:56335 [29/Jul/2018:19:06:41.748] https~ plex/plex 159/0/1/2/162 200 9655 - - ---- 1/1/0/1/0 0/0 “GET /web/index.html HTTP/1.1”

Why I get this 503 with HAproxy version above 1.5 ?


#6

The SC code means haproxy cannot accessa the backend:

 SC   The server or an equipment between it and haproxy explicitly refused
      the TCP connection (the proxy received a TCP RST or an ICMP message
      in return). Under some circumstances, it can also be the network
      stack telling the proxy that the server is unreachable (eg: no route,
      or no ARP response on local network). When this happens in HTTP mode,
      the status code is likely a 502 or 503 here.

Can you share the startup log and confirm haproxy actually sees the backend up (since you enable healthcheck).

Can you try without the check keyword (healthcheck doesn’t make a lot of sense anyway when you only have one backend server, you seem to be using haproxy for content switching only (not load balancing).


#7

Hello,

yes, I only use Haproxy for content switching.

Here the full start log:

Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy http started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy http started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy https started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy https started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy subsonic started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy subsonic started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy emby started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy emby started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy plex started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy plex started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy pyload started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy pyload started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy webmin started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy webmin started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy nas started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy nas started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy www started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy www started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy pydio started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy pydio started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy transmission started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy transmission started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy awstats started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy awstats started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy cvvtg started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy cvvtg started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy speedtest started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy speedtest started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy ts3wi started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy ts3wi started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy plexpy started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy plexpy started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy aria2c started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy aria2c started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy live started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy live started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy ombi started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy ombi started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy webmail started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy webmail started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy stats started.
Jul 29 17:34:20 LINOLOGY haproxy[19594]: Proxy stats started.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server plex/plex is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server plex/plex is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend plex has no server available!
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend plex has no server available!
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server pyload/pyload is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server pyload/pyload is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend pyload has no server available!
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend pyload has no server available!
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server webmin/webmin is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: Server webmin/webmin is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend webmin has no server available!
Jul 29 17:34:20 LINOLOGY haproxy[19595]: backend webmin has no server available!
Jul 29 17:34:21 LINOLOGY haproxy[19595]: Server transmission/transmission is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:21 LINOLOGY haproxy[19595]: Server transmission/transmission is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:21 LINOLOGY haproxy[19595]: backend transmission has no server available!
Jul 29 17:34:21 LINOLOGY haproxy[19595]: backend transmission has no server available!
Jul 29 17:34:21 LINOLOGY haproxy[19595]: Server plexpy/plexpy is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:21 LINOLOGY haproxy[19595]: Server plexpy/plexpy is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:21 LINOLOGY haproxy[19595]: backend plexpy has no server available!
Jul 29 17:34:21 LINOLOGY haproxy[19595]: backend plexpy has no server available!
Jul 29 17:34:22 LINOLOGY haproxy[19595]: Server live/live is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:22 LINOLOGY haproxy[19595]: Server live/live is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 29 17:34:22 LINOLOGY haproxy[19595]: backend live has no server available!
Jul 29 17:34:22 LINOLOGY haproxy[19595]: backend live has no server available!

I did not see this log when I launch Haproxy, but the server mentionned are the server I can’t reach.

But same question, why on 1.5 my configuration works perfectly ?

I will try with check option removed.


#8

Its possible haproxy 1.7 was compiled with USE_GETADDRINFO=1 and haproxy 1.5 was not, so localhost also resolves to its IPv6 equivilant ::1, where some applications don’t listen.

Try replacing localhost with 127.0.0.1


#9

Ok, I see, will try this tip and come back here to tell if it’s work or not !

But some backend server are working great, just a few don’t work with 1.7 or higher :confused:

Thank you !


#10

Because some backends listen to IPv6 as well, and others don’t.


#11

It works !

Thank you very much for your time :slight_smile: