Ssh timeout and sometimes not working

anog10 · October 24, 2018, 8:41am

Hello
I use this configuration. web work perfect but when i try to use ssh sometimes not working and when is working after 1 min that i am not use it is timeout. how i can fix this. how i can remove do not make me timeout. i change the ssh port on my proxy server

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 1h
timeout client 1h
timeout server 1h
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend main
bind *:80
mode http
option forwardfor
option http-server-close
default_backend app-main

backend app-main
balance roundrobin
server web1 ip:80 check fall 3 rise 2

frontend sshd
bind *:22
default_backend ssh
timeout client 1h
mode tcp

backend ssh
mode tcp
server localhost-bitbucket-ssh ip:22

lukastribus · October 24, 2018, 9:43am

Sounds like this has nothing to do with haproxy, but is caused by other, intermediate devices. Just because you configure haproxy with a timeout of 1 hour does not mean your firewall or NAT device use a 1 hour timeout for SSH traffic.

anog10 · October 24, 2018, 11:18am

when i try to connect direct on proxy or on real server i don’t have this timeout. i try to configure 2nd haproxy on dif server but i have the same issue. any idea how i can found what is wrong. after 1min is timeout if is on idle. if i use it is ok

lukastribus · October 24, 2018, 12:59pm

Could be outgoing firewall rules on your haproxy instance then, or firewalling between the instance and the destination servers.

You can check haproxy logs, but it won’t change the fact that the haproxy timeouts are set to 1 hour.

Topic		Replies	Views
HAProxy 1.7 web interface checks for maintenance backends Help!	4	871	February 13, 2018
HAProxy marks server as down while not being down - inexplicable healthcheck timeouts Help!	3	2686	March 20, 2020
Trying to install SSL Cert for use with HAPROXY. No luck Help!	10	9950	January 7, 2019
SSL termination does not work correctly (v2.0.8) Help!	3	1563	November 13, 2019
Acces of Webserver behind haproxy - timeout Help!	0	557	April 19, 2020

Ssh timeout and sometimes not working

Related Topics