FTP Connection in the HAproxy
-
Hi,
This is my HAproxy conf. file and everything works right without FTP connection.
I can not access the servers via FTP.
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 chroot /var/lib/haproxy user haproxy group haproxy daemon #debug #quiet stats socket /var/lib/haproxy/stats defaults log global mode http option httplog option dontlognull retries 3 redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 listen stats bind *:8080 mode http option forwardfor option httpclose stats enable stats show-legends stats refresh 5s stats uri /stats stats realm Haproxy\ Statistics stats auth hello:world stats admin if TRUE frontend MAIN bind *:21 bind *:80 bind *:143 bind *:443 bind *:993 mode http acl server1_URL hdr_dom(host) -i domain1.com acl server2_URL hdr_dom(host) -i domain2.com acl server3_URL hdr_dom(host) -i domain3.com acl server4_URL hdr_dom(host) -i domain4.com acl server5_URL hdr_dom(host) -i domain5.com use_backend server1 if server1_URL use_backend server2 if server2_URL use_backend server3 if server3_URL use_backend server4 if server4_URL use_backend server5 if server5_URL backend server1 mode http server web-first 192.168.1.2:80 backend server2 mode http server web-first 192.168.1.3:80 backend server3 mode http server web-first 192.168.1.4:80 backend server4 mode http server web-second 192.168.1.6:80 backend server5 mode http server web-third 192.168.1.7:80I tried this: it did not work
listen FTP :21,:10000-10250 mode tcp server ftp01 192.168.1.4 check port 21What should I do for it?
Thank you. -
Have you set pasv_address on the FTP machine?
-
@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?
-
@emsanator said in FTP Connection in the HAproxy:
@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?
Yes
-
I added this lines in HAproxy conf. file:
listen bind <public IP>:21 mode tcp server web-second <local IP>:21 checkResult:
[root@rp ~]# sudo systemctl restart haproxy Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. [root@rp ~]# systemctl status haproxy.service ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago Docs: man:systemd-sysv-generator(8) Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS) Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE) Main PID: 15197 (code=killed, signal=TERM) Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] : 'listen' expects an <id> argument and Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1 Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.Where am I making mistakes?
-
@emsanator said in FTP Connection in the HAproxy:
I added this lines in HAproxy conf. file:
listen bind <public IP>:21 mode tcp server web-second <local IP>:21 checkResult:
[root@rp ~]# sudo systemctl restart haproxy Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. [root@rp ~]# systemctl status haproxy.service ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago Docs: man:systemd-sysv-generator(8) Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS) Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE) Main PID: 15197 (code=killed, signal=TERM) Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] : 'listen' expects an <id> argument and Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1 Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.Where am I making mistakes?
The configuration file has an issue, I am
reviewing the configuration file. Before restarting running ‘haproxy check’ so you make sure it doesn’t fail on restart. -
You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080 -
@manxam said in FTP Connection in the HAproxy:
You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080I have one "listen" and for statistics.
Could you give an example for FTP listen? -
@emsanator : Check line 81 of your file. The error states that it couldn't find a declaration for listen on that line. (/etc/haproxy/haproxy.cfg:81)
I expect that you're missing "listen myftpserver" or similar. -
listen FTP bind *:21,:10000-10250 mode tcp server ftp01 192.168.1.4 check port 21 server ftp02 192.168.1.5 check port 21I do not get HAproxy error with this method
FileZilla Log:
Status: Connecting to <Public IP>:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Server does not support non-ASCII characters. Status: Logged in Status: Retrieving directory listing... Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: The data connection could not be established: ECONNREFUSED - Connection refused by serverI tried every way in few days but I can not connect with FTP.
-
As @scottalanmiller mentioned above, you'll have to configure pasv on ftp and ensure your client is configured to use it as well.
within vsftpd.conf :
pasv_enable=YES port_enable=YES pasv_min_port=10000 pasv_max_port=10250 pasv_address=IP.OF.BOUND.INTERFACE pasv_addr_resolve=NO -
