FTP Connection in the HAproxy



  • Hi,

    This is my HAproxy conf. file and everything works right without FTP connection.

    I can not access the servers via FTP.

     global
    log 127.0.0.1   local0
     log 127.0.0.1   local1 notice
    #log loghost    local0 info
    maxconn 4096
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet
    stats socket /var/lib/haproxy/stats
    
     defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    redispatch
    maxconn 2000
    contimeout      5000
    clitimeout      50000
    srvtimeout      50000
     
    listen stats
    bind *:8080
        mode http
        option forwardfor
        option httpclose
        stats enable
        stats show-legends
        stats refresh 5s
        stats uri /stats
        stats realm Haproxy\ Statistics
        stats auth hello:world
        stats admin if TRUE
    
    frontend MAIN 
    bind *:21 
    bind *:80 
    bind *:143 
    bind *:443 
    bind *:993 
    mode http 
    
        acl server1_URL hdr_dom(host) -i domain1.com
        acl server2_URL hdr_dom(host) -i domain2.com
        acl server3_URL hdr_dom(host) -i domain3.com
        acl server4_URL hdr_dom(host) -i domain4.com
        acl server5_URL hdr_dom(host) -i domain5.com 
    
    use_backend server1 if server1_URL
    use_backend server2 if server2_URL
    use_backend server3 if server3_URL
    use_backend server4 if server4_URL
    use_backend server5 if server5_URL   
    
    backend server1
    mode http
    server web-first 192.168.1.2:80
    
    backend server2
    mode http
    server web-first 192.168.1.3:80
    
    backend server3
    mode http
    server web-first 192.168.1.4:80
     
    backend server4
    mode http
    server web-second 192.168.1.6:80
     
    backend server5
    mode http
    server web-third 192.168.1.7:80 
    

    I tried this: it did not work

    listen FTP :21,:10000-10250
    mode tcp
    server ftp01 192.168.1.4 check port 21
    

    What should I do for it?
    Thank you.



  • Have you set pasv_address on the FTP machine?



  • @scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?



  • @emsanator said in FTP Connection in the HAproxy:

    @scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?

    Yes



  • @scottalanmiller

    I added this lines in HAproxy conf. file:

     listen 
        bind <public IP>:21
        mode tcp  
        server web-second <local IP>:21 check
    

    Result:

    [[email protected] ~]# sudo systemctl restart haproxy
    Job for haproxy.service failed because the control process exited with error code. See "systemctl status         haproxy.service" and "journalctl -xe" for details.
    [[email protected] ~]# systemctl status haproxy.service
    ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
    Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS)
    Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
    Main PID: 15197 (code=killed, signal=TERM)
    
    Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] :     'listen' expects an <id> argument and
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'.
    Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1
    Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
    Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state.
    Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.
    

    Where am I making mistakes?



  • @emsanator said in FTP Connection in the HAproxy:

    @scottalanmiller

    I added this lines in HAproxy conf. file:

     listen 
      bind <public IP>:21
      mode tcp  
      server web-second <local IP>:21 check
    

    Result:

    [[email protected] ~]# sudo systemctl restart haproxy
    Job for haproxy.service failed because the control process exited with error code. See "systemctl status         haproxy.service" and "journalctl -xe" for details.
    [[email protected] ~]# systemctl status haproxy.service
    ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
    Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS)
    Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
    Main PID: 15197 (code=killed, signal=TERM)
    
    Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] :     'listen' expects an <id> argument and
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
    Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'.
    Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1
    Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
    Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state.
    Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.
    

    Where am I making mistakes?

    The configuration file has an issue, I am
    reviewing the configuration file. Before restarting running ‘haproxy check’ so you make sure it doesn’t fail on restart.



  • You're missing a name declaration beside the listen in the last example that you posted.
    listen <my_service_here>
    and optionally the hostname and bind port:
    listen <my_service_here> localhost:8080



  • @manxam said in FTP Connection in the HAproxy:

    You're missing a name declaration beside the listen in the last example that you posted.
    listen <my_service_here>
    and optionally the hostname and bind port:
    listen <my_service_here> localhost:8080

    I have one "listen" and for statistics.
    Could you give an example for FTP listen?



  • @emsanator : Check line 81 of your file. The error states that it couldn't find a declaration for listen on that line. (/etc/haproxy/haproxy.cfg:81)
    I expect that you're missing "listen myftpserver" or similar.



  • @manxam

     listen FTP  
           bind *:21,:10000-10250
           mode tcp 
           server ftp01 192.168.1.4 check port 21
           server ftp02 192.168.1.5 check port 21
    

    I do not get HAproxy error with this method

    FileZilla Log:

     Status:	Connecting to <Public IP>:21...
     Status:	Connection established, waiting for welcome message...
     Status:	Initializing TLS...
     Status:	Verifying certificate...
     Status:	TLS connection established.
     Status:	Server does not support non-ASCII characters.
     Status:	Logged in
     Status:	Retrieving directory listing...
     Status:	Server sent passive reply with unroutable address. Using server address instead.
     Command:	MLSD
     Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
    

    I tried every way in few days but I can not connect with FTP.



  • As @scottalanmiller mentioned above, you'll have to configure pasv on ftp and ensure your client is configured to use it as well.

    within vsftpd.conf :

    pasv_enable=YES
    port_enable=YES
    pasv_min_port=10000
    pasv_max_port=10250
    pasv_address=IP.OF.BOUND.INTERFACE
    pasv_addr_resolve=NO