FTP Connection in the HAproxy

scottalanmiller

Have you set pasv_address on the FTP machine?

Emsanator

@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?

scottalanmiller

@emsanator said in FTP Connection in the HAproxy:

@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?

Yes

Emsanator

@scottalanmiller

I added this lines in HAproxy conf. file:

 listen 
    bind <public IP>:21
    mode tcp  
    server web-second <local IP>:21 check

Result:

[root@rp ~]# sudo systemctl restart haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status         haproxy.service" and "journalctl -xe" for details.
[root@rp ~]# systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago
Docs: man:systemd-sysv-generator(8)
Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS)
Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
Main PID: 15197 (code=killed, signal=TERM)

Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] :     'listen' expects an <id> argument and
Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...
Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'.
Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1
Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state.
Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.

Where am I making mistakes?

dbeato

@emsanator said in FTP Connection in the HAproxy:

@scottalanmiller

I added this lines in HAproxy conf. file:

 listen 
  bind <public IP>:21
  mode tcp  
  server web-second <local IP>:21 check

Result:

[root@rp ~]# sudo systemctl restart haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status         haproxy.service" and "journalctl -xe" for details.
[root@rp ~]# systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago
Docs: man:systemd-sysv-generator(8)
Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS)
Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
Main PID: 15197 (code=killed, signal=TERM)

Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] :     'listen' expects an <id> argument and
Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...
Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'.
Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1
Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state.
Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.

Where am I making mistakes?

The configuration file has an issue, I am
reviewing the configuration file. Before restarting running ‘haproxy check’ so you make sure it doesn’t fail on restart.

manxam

You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080

Emsanator

@manxam said in FTP Connection in the HAproxy:

You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080

I have one "listen" and for statistics.
Could you give an example for FTP listen?

manxam

@emsanator : Check line 81 of your file. The error states that it couldn't find a declaration for listen on that line. (/etc/haproxy/haproxy.cfg:81)
I expect that you're missing "listen myftpserver" or similar.

Emsanator

@manxam

 listen FTP  
       bind *:21,:10000-10250
       mode tcp 
       server ftp01 192.168.1.4 check port 21
       server ftp02 192.168.1.5 check port 21

I do not get HAproxy error with this method

FileZilla Log:

 Status:	Connecting to <Public IP>:21...
 Status:	Connection established, waiting for welcome message...
 Status:	Initializing TLS...
 Status:	Verifying certificate...
 Status:	TLS connection established.
 Status:	Server does not support non-ASCII characters.
 Status:	Logged in
 Status:	Retrieving directory listing...
 Status:	Server sent passive reply with unroutable address. Using server address instead.
 Command:	MLSD
 Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server

I tried every way in few days but I can not connect with FTP.

manxam

As @scottalanmiller mentioned above, you'll have to configure pasv on ftp and ensure your client is configured to use it as well.

within vsftpd.conf :

pasv_enable=YES
port_enable=YES
pasv_min_port=10000
pasv_max_port=10250
pasv_address=IP.OF.BOUND.INTERFACE
pasv_addr_resolve=NO

JaredBusch

https://serverfault.com/questions/663855/haproxy-for-load-balancing-vsftpd-servers