Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - laralar

Pages1
#1
19.7 Legacy Series / HAProxy plugin mailers and email alerts?
January 21, 2020, 06:54:11 AM
Hello

I am new to opnsense and Haproxy plugin

Any idea where I can put mailers and email-alerts section.  For example:

3.6. Mailers
------------
It is possible to send email alerts when the state of servers changes.
If configured email alerts are sent to each mailer that is configured
in a mailers section. Email is sent to mailers using SMTP.

mailers <mailersect>
  Creates a new mailer list with the name <mailersect>. It is an
  independent section which is referenced by one or more proxies.

mailer <mailername> <ip>:<port>
  Defines a mailer inside a mailers section.

  Example:
    mailers mymailers
        mailer smtp1 192.168.0.1:587
        mailer smtp2 192.168.0.2:587

    backend mybackend
        mode tcp
        balance roundrobin

        email-alert mailers mymailers
        email-alert from test1@horms.org
        email-alert to test2@horms.org

        server srv1 192.168.0.30:80
        server srv2 192.168.0.31:80
#2
19.7 Legacy Series / Re: Live log view for HAProxy plugin?
January 17, 2020, 10:44:13 AM
Yep that did the trick.. however, it would be good to have it in the OPNsense UI, instead of having to log in into the terminal

Any idea where can I find the developer of this plugin to submit a feature request?  I am terribly newbie in OPNSense and HAProxy.  ;D
#3
19.7 Legacy Series / Re: HAProxy synchronization with Map Files failing to apply HAProxy settings
January 17, 2020, 10:41:57 AM
I've found this in the HAProxy documentation:

>>> haproxy[18113]: 127.0.0.1:34548 [15/Oct/2003:15:18:55.798] px-http \
          px-http/<NOSRV> -1/-1/-1/-1/8490 -1 0 - - CR-- 2/2/2/0/0 0/0 ""

    => the client never completed its request and aborted itself ("C---") after
       8.5s, while the proxy was waiting for the request headers ("-R--").
       Nothing was sent to any server.


It seems they were lost requests by the client (maybe related to session that doesn't persist in the HA failover)

There seems to be a bug though in the HA Synchronization, if I don't do Apply on HAProxy, the Map Files don't get updated. 
#4
19.7 Legacy Series / HAProxy synchronization with Map Files failing to apply HAProxy settings
January 12, 2020, 01:05:39 PM
I have a setup of two OPNsense servers in HA mode. and also running os-haproxy plugin on them

I have a setup where I am using 4 map files for the configuration.

oot@opnsense1:/tmp/haproxy/mapfiles # ls -la
total 24
drwxr-x---  2 www   www   512 Jan 12 17:06 .
drwxr-x---  6 www   www   512 Jan 12 17:06 ..
-rw-------  1 root  www   681 Jan 12 17:06 5e162c72d8a779.05394596.txt
-rw-------  1 root  www  1709 Jan 12 17:06 5e164a6e713049.47297243.txt
-rw-------  1 root  www   180 Jan 12 17:06 5e165dc4c9c242.74140417.txt
-rw-------  1 root  www    41 Jan 12 17:06 5e165dd31a9bd4.08263470.txt


WHen testing the HA failover, shutting down the server, I was getting some NO SERV requests in the /var/log/haproxy.log file

clog -f /var/log/haproxy.log

root@opnsense2:/tmp/haproxy/mapfiles # cat /var/log/haproxy.log |grep NOSRV
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44784 [12/Jan/2020:17:05:52.277] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 30/30/0/0/0 0/0 "<BADREQ>"
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44734 [12/Jan/2020:17:05:52.277] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 29/29/0/0/0 0/0 "<BADREQ>"
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44050 [12/Jan/2020:17:05:52.579] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 30/30/0/0/0 0/0 "<BADREQ>"
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44088 [12/Jan/2020:17:05:52.579] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 29/29/0/0/0 0/0 "<BADREQ>"
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44090 [12/Jan/2020:17:05:52.579] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 28/28/0/0/0 0/0 "<BADREQ>"
Jan 12 17:05:57 opnsense2 haproxy[82574]: 10.20.10.1:44048 [12/Jan/2020:17:05:52.579] http-map http-map/<NOSRV> -1/-1/-1/-1/5001 400 211 - - CR-- 27/27/0/0/0 0/0 "<BADREQ>"



While checking the Files on both servers after the Manual synchronization, they seemed similar, (the only difference was a missing \n (end of line) at the end of the copied file on the BACKUP server.  and I am not getting this NOSRV requests on the MASTER server.  why Is this?

I looked further into it and found out that even though the files seemed the same in the GUI, they were not the same on the BACKUP server:
failove


root@opnsense2:/tmp/haproxy/mapfiles # ls -la
total 24
drwxr-x---  2 www   www   512 Jan 12 12:57 .
drwxr-x---  6 www   www   512 Jan 12 12:57 ..
-rw-------  1 root  www   666 Jan 12 12:57 5e162c72d8a779.05394596.txt
-rw-------  1 root  www  1693 Jan 12 12:57 5e164a6e713049.47297243.txt
-rw-------  1 root  www   164 Jan 12 12:57 5e165dc4c9c242.74140417.txt
-rw-------  1 root  www    26 Jan 12 12:57 5e165dd31a9bd4.08263470

See the difference in sizes.  comparing the files showed the differences.

Now.. I went to the backup server and hit Test Sysntax/ Apply on the HAProxy plugin and voila!!  Files are now the same:

root@opnsense2:/tmp/haproxy/mapfiles # ls -la
total 24
drwxr-x---  2 www  www   512 Jan 12 12:57 .
drwxr-x---  6 www  www   512 Jan 12 12:57 ..
-rw-------  1 www  www   681 Jan 12 17:11 5e162c72d8a779.05394596.txt
-rw-------  1 www  www  1708 Jan 12 17:11 5e164a6e713049.47297243.txt
-rw-------  1 www  www   179 Jan 12 17:11 5e165dc4c9c242.74140417.txt
-rw-------  1 www  www    41 Jan 12 17:11 5e165dd31a9bd4.08263470.txt
root@opnsense2:/tmp/haproxy/mapfiles #


But Still I am getting the NOSRV requests even though the files are the same


Restarted haproxy plugin,, still getting the NOSRV.. Restarted the BACKUP server and I am still getting the NOSRV.


Any idea why this could be happening?

I have detailed log enabled,, Any idea how to know which request key is getting the NOSRV ?

I also checked the /usr/local/etc/haproxy.conf files in both servers and they are the same

Thanks



#5
19.7 Legacy Series / Re: Live log view for HAProxy plugin?
January 12, 2020, 12:21:13 PM
Thanks.. that did the trick..

Still I would love the Live view that the firewall has where I could put some filter  ;D
#6
19.7 Legacy Series / Live log view for HAProxy plugin?
January 12, 2020, 05:46:17 AM
This is not an issue, but more like a feature request.

Would it be too difficult to implement a Live Log view like the one the firewall has with filter option?

With many websites and HTTP services hosted, and many requests coming (every second, or minute, it is kind of difficult to follow up the log.

For some strange reason, I tried what I normally do in Ubuntu .

tail -f /var/log/haproxy.log

But it seems stuck in FreeBSD. Any hint why this could be happening?

Finally, I am using Map tables. And where there is a no match, it would be useful to see what is the key that is being trying to match.. This two may not be related to the plugin itself but to HA Proxy, but any help would be appreciated

Thanks,
Luis
Pages1