thomasjpfan
commented
5 years ago What kind of traffic are you proxying? TCP?
Closed lukicsl closed 5 years ago
thomasjpfan
commented
5 years ago What kind of traffic are you proxying? TCP?
lukicsl
commented
5 years ago yes, in principle it is some sort of json, xml and binary rpc data
thomasjpfan
commented
5 years ago Are you only proxying TCP traffic?
lukicsl
commented
5 years ago yes,
I finally foud the tcp support option, but seems not work as I expect.
I am having this service definition:
- com.df.notify=true
- com.df.distribute=true
- com.df.servicePath.1=/openhab,/rest,/start,/habpanel,/habmin,/doc,/paperui
- com.df.reqPathSearchReplace.1=/openhab,/
- com.df.port.1=8080
- com.df.servicePath.2=/
- com.df.srcPort.2=9125
- com.df.port.2=9125
- com.df.reqMode2=tcp
- com.df.servicePath.3=/
- com.df.srcPort.3=9126
- com.df.port.3=9126
- com.df.reqMode3=tcp
but somehow the result is:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | backend openhab_openhab-be8080_1
proxy_proxy.1.k33rhpamkhil@vevedock-02 | mode http
proxy_proxy.1.k33rhpamkhil@vevedock-02 | http-request add-header X-Forwarded-Proto https if { ssl_fc }
proxy_proxy.1.k33rhpamkhil@vevedock-02 | http-request set-path %!
proxy_proxy.1.k33rhpamkhil@vevedock-02 | (BADINDEX) server openhab_openhab openhab_openhab:8080
proxy_proxy.1.k33rhpamkhil@vevedock-02 | backend openhab_openhab-be9125_2
proxy_proxy.1.k33rhpamkhil@vevedock-02 | mode http
proxy_proxy.1.k33rhpamkhil@vevedock-02 | http-request add-header X-Forwarded-Proto https if { ssl_fc }
proxy_proxy.1.k33rhpamkhil@vevedock-02 | server openhab_openhab openhab_openhab:9125
proxy_proxy.1.k33rhpamkhil@vevedock-02 | backend openhab_openhab-be9126_3
proxy_proxy.1.k33rhpamkhil@vevedock-02 | mode http
proxy_proxy.1.k33rhpamkhil@vevedock-02 | http-request add-header X-Forwarded-Proto https if { ssl_fc }
proxy_proxy.1.k33rhpamkhil@vevedock-02 | server openhab_openhab openhab_openhab:9126
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:15:32 Proxy config was reloaded
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:15:32 Reloading the proxy
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:15:32 Validating configuration
proxy_proxy.1.k33rhpamkhil@vevedock-02 | Configuration file is valid
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:15:33 Proxy config was reloaded
The proxy setting is:
ports:
- 80:80
- 443:443
- 9125:9125
- 9126:9126
networks:
- proxy
environment:
- LISTENER_ADDRESS=swarm-listener
- MODE=swarm
- CONNECTION_MODE=${CONNECTION_MODE:-http-server-close}
- STATS_USER=admin
- STATS_PASS=admin
- BIND_PORTS=9125,9126the config output is:
root@80a52663f5e1:/# cat /cfg/haproxy.cfg
global
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.sock mode 660 level admin expose-fd listeners
tune.ssl.default-dh-param 2048
# disable sslv3, prefer modern ciphers
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
resolvers docker
nameserver dns 127.0.0.11:53
defaults
mode http
balance roundrobin
option dontlognull
option dontlog-normal
option http-server-close
option redispatch
errorfile 400 /errorfiles/400.http
errorfile 403 /errorfiles/403.http
errorfile 405 /errorfiles/405.http
errorfile 408 /errorfiles/408.http
errorfile 429 /errorfiles/429.http
errorfile 500 /errorfiles/500.http
errorfile 502 /errorfiles/502.http
errorfile 503 /errorfiles/503.http
errorfile 504 /errorfiles/504.http
maxconn 5000
timeout connect 5s
timeout client 20s
timeout server 20s
timeout queue 30s
timeout tunnel 3600s
timeout http-request 5s
timeout http-keep-alive 15s
stats enable
stats refresh 30s
stats realm Strictly\ Private
stats uri /admin?stats
stats auth admin:admin
frontend services
bind *:80
bind *:443
mode http
option forwardfor
bind *:9125
bind *:9126
acl url_monitor_grafana3000_0 path_beg /grafana/ path_beg /grafana/public path_beg /grafana/api
use_backend monitor_grafana-be3000_0 if url_monitor_grafana3000_0
acl url_monitor_monitor9090_0 path_beg /monitor
acl domain_monitor_monitor9090_0 hdr_beg(host) -i vevedock-01
use_backend monitor_monitor-be9090_0 if url_monitor_monitor9090_0 domain_monitor_monitor9090_0
acl url_openhab_frontail9001_0 path_beg /oh-log
use_backend openhab_frontail-be9001_0 if url_openhab_frontail9001_0
acl url_openhab_openhab8080_1 path_beg /openhab path_beg /rest path_beg /start path_beg /habpanel path_beg /habmin path_beg /doc path_beg /paperui
acl url_openhab_openhab9125_2 path_beg /
acl srcPort_openhab_openhab9125_2 dst_port 9125
acl url_openhab_openhab9126_3 path_beg /
acl srcPort_openhab_openhab9126_3 dst_port 9126
use_backend openhab_openhab-be8080_1 if url_openhab_openhab8080_1
use_backend openhab_openhab-be9125_2 if url_openhab_openhab9125_2 srcPort_openhab_openhab9125_2
use_backend openhab_openhab-be9126_3 if url_openhab_openhab9126_3 srcPort_openhab_openhab9126_3
backend monitor_grafana-be3000_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-path %[path,regsub(/grafana,)]
server monitor_grafana monitor_grafana:3000
backend monitor_monitor-be9090_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server monitor_monitor monitor_monitor:9090
backend openhab_frontail-be9001_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server openhab_frontail openhab_frontail:9001
backend openhab_openhab-be8080_1
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-path %[path,regsub(/openhab,/)]
server openhab_openhab openhab_openhab:8080
backend openhab_openhab-be9125_2
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server openhab_openhab openhab_openhab:9125
backend openhab_openhab-be9126_3
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server openhab_openhab openhab_openhab:9126root@80a52663f5e1:/# Try com.df.reqMode.2=tcp (with the .).
lukicsl
commented
5 years ago damn! changed that, getting strange warning on debug console:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:34:31 Creating configuration for the service openhab_openhab
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:34:31 Reloading the proxy
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:34:31 Validating configuration
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for frontend 'tcpFE_9125' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for frontend 'tcpFE_9126' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for backend 'openhab_openhab-be9125_2' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for backend 'openhab_openhab-be9126_3' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | Configuration file is valid
proxy_proxy.1.k33rhpamkhil@vevedock-02 | The configuration file is valid, but there still may be a misconfiguration somewhere that will give unexpected results, please verify:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | stdout:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | Configuration file is valid
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 | stderr:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for frontend 'tcpFE_9125' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for frontend 'tcpFE_9126' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for backend 'openhab_openhab-be9125_2' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4112) : config : 'stats' statement ignored for backend 'openhab_openhab-be9126_3' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for frontend 'tcpFE_9125' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for frontend 'tcpFE_9126' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for backend 'openhab_openhab-be9125_2' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for backend 'openhab_openhab-be9126_3' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | The configuration file is valid, but there still may be a misconfiguration somewhere that will give unexpected results, please verify:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | stdout:
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 | stderr:
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for frontend 'tcpFE_9125' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for frontend 'tcpFE_9126' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for backend 'openhab_openhab-be9125_2' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 | [WARNING] 013/153431 (4119) : config : 'stats' statement ignored for backend 'openhab_openhab-be9126_3' as it requires HTTP mode.
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 |
proxy_proxy.1.k33rhpamkhil@vevedock-02 | 2019/01/14 15:34:31 Proxy config was reloadedThe stats entry in global may be progagating to the mode tcp services. What does the haproxy config look like now?
lukicsl
commented
5 years ago I deleted
- BIND_PORTS=9125,9126
no it seems to work from a telnet session and I am not getting 503 back from proxy
proxy_proxy.1.x9z7vwlsb13x@vevedock-02 | 2019/01/14 15:54:41 HAPRoxy: 10.255.0.2:44128 [14/Jan/2019:15:54:38.542] tcpFE_9126 openhab_openhab-be9126_3/openhab_openhab 3008/-1/3017 0 SC 3/1/0/0/3 0/0
the cfg:
root@c0163a830a66:/# cat /cfg/haproxy.cfg
global
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.sock mode 660 level admin expose-fd listeners
tune.ssl.default-dh-param 2048
log 127.0.0.1:1514 local0
# disable sslv3, prefer modern ciphers
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
resolvers docker
nameserver dns 127.0.0.11:53
defaults
mode http
balance roundrobin
option http-server-close
option redispatch
errorfile 400 /errorfiles/400.http
errorfile 403 /errorfiles/403.http
errorfile 405 /errorfiles/405.http
errorfile 408 /errorfiles/408.http
errorfile 429 /errorfiles/429.http
errorfile 500 /errorfiles/500.http
errorfile 502 /errorfiles/502.http
errorfile 503 /errorfiles/503.http
errorfile 504 /errorfiles/504.http
maxconn 5000
timeout connect 5s
timeout client 20s
timeout server 20s
timeout queue 30s
timeout tunnel 3600s
timeout http-request 5s
timeout http-keep-alive 15s
stats enable
stats refresh 30s
stats realm Strictly\ Private
stats uri /admin?stats
stats auth admin:admin
frontend services
bind *:80
bind *:443
mode http
option forwardfor
option httplog
log global
acl url_monitor_grafana3000_0 path_beg /grafana/ path_beg /grafana/public path_beg /grafana/api
use_backend monitor_grafana-be3000_0 if url_monitor_grafana3000_0
acl url_monitor_monitor9090_0 path_beg /monitor
acl domain_monitor_monitor9090_0 hdr_beg(host) -i vevedock-01
use_backend monitor_monitor-be9090_0 if url_monitor_monitor9090_0 domain_monitor_monitor9090_0
acl url_openhab_frontail9001_0 path_beg /oh-log
use_backend openhab_frontail-be9001_0 if url_openhab_frontail9001_0
acl url_openhab_openhab8080_1 path_beg /openhab path_beg /rest path_beg /start path_beg /habpanel path_beg /habmin path_beg /doc path_beg /paperui
use_backend openhab_openhab-be8080_1 if url_openhab_openhab8080_1
frontend tcpFE_9126
bind *:9126
mode tcp
option tcplog
log global
default_backend openhab_openhab-be9126_3
frontend tcpFE_9125
bind *:9125
mode tcp
option tcplog
log global
default_backend openhab_openhab-be9125_2
backend monitor_grafana-be3000_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
log global
http-request set-path %[path,regsub(/grafana,)]
server monitor_grafana monitor_grafana:3000
backend monitor_monitor-be9090_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
log global
server monitor_monitor monitor_monitor:9090
backend openhab_frontail-be9001_0
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
log global
server openhab_frontail openhab_frontail:9001
backend openhab_openhab-be8080_1
mode http
http-request add-header X-Forwarded-Proto https if { ssl_fc }
log global
http-request set-path %[path,regsub(/openhab,/)]
server openhab_openhab openhab_openhab:8080
backend openhab_openhab-be9125_2
mode tcp
server openhab_openhab openhab_openhab:9125
backend openhab_openhab-be9126_3
mode tcp
server openhab_openhab openhab_openhab:9126root@c0163a830a66:/# The debug output above does it indicate that I am forwarding 9126 port to openhab_openhab service
I am not getting inside the openhab service not the expected results, but that might also be a service internal problem
lukicsl
commented
5 years ago I will try out tomorrow the setup with a well known simple service like MQTT.
for the moment closing the issue
I am running openhab inside the swarm. Managed to get it running. Stuck right now with missing option/knowledge how to route none html traffic from outside to openhab service. proxy should listen to ports 9125, 9126 and route to the service.
with HAProxy that should be manageable: https://www.linickx.com/load-balance-anything-with-haproxy