FTP Connection in the HAproxy
-
Have you set pasv_address on the FTP machine?
-
@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?
-
@emsanator said in FTP Connection in the HAproxy:
@scottalanmiller No, will I set it in configuration file of vsftpd on the FTP machine?
Yes
-
I added this lines in HAproxy conf. file:
listen bind <public IP>:21 mode tcp server web-second <local IP>:21 check
Result:
[root@rp ~]# sudo systemctl restart haproxy Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. [root@rp ~]# systemctl status haproxy.service ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago Docs: man:systemd-sysv-generator(8) Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS) Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE) Main PID: 15197 (code=killed, signal=TERM) Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] : 'listen' expects an <id> argument and Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1 Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.
Where am I making mistakes?
-
@emsanator said in FTP Connection in the HAproxy:
I added this lines in HAproxy conf. file:
listen bind <public IP>:21 mode tcp server web-second <local IP>:21 check
Result:
[root@rp ~]# sudo systemctl restart haproxy Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. [root@rp ~]# systemctl status haproxy.service ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2018-04-05 19:48:57 UTC; 1s ago Docs: man:systemd-sysv-generator(8) Process: 15215 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS) Process: 15223 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE) Main PID: 15197 (code=killed, signal=TERM) Apr 05 19:48:57 rp.domain.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : parsing [/etc/haproxy/haproxy.cfg:81] : 'listen' expects an <id> argument and Apr 05 19:48:57 rp.domain.com haproxy[15223]: optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}... Apr 05 19:48:57 rp.domain.com haproxy[15223]: [ALERT] 094/194857 (15227) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg Apr 05 19:48:57 rp.domain.com haproxy[15223]: Errors found in configuration file, check it with 'haproxy check'. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service: control process exited, code=exited status=1 Apr 05 19:48:57 rp.domain.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Apr 05 19:48:57 rp.domain.com systemd[1]: Unit haproxy.service entered failed state. Apr 05 19:48:57 rp.domain.com systemd[1]: haproxy.service failed.
Where am I making mistakes?
The configuration file has an issue, I am
reviewing the configuration file. Before restarting running ‘haproxy check’ so you make sure it doesn’t fail on restart. -
You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080 -
@manxam said in FTP Connection in the HAproxy:
You're missing a name declaration beside the listen in the last example that you posted.
listen <my_service_here>
and optionally the hostname and bind port:
listen <my_service_here> localhost:8080I have one "listen" and for statistics.
Could you give an example for FTP listen? -
@emsanator : Check line 81 of your file. The error states that it couldn't find a declaration for listen on that line. (/etc/haproxy/haproxy.cfg:81)
I expect that you're missing "listen myftpserver" or similar. -
listen FTP bind *:21,:10000-10250 mode tcp server ftp01 192.168.1.4 check port 21 server ftp02 192.168.1.5 check port 21
I do not get HAproxy error with this method
FileZilla Log:
Status: Connecting to <Public IP>:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Server does not support non-ASCII characters. Status: Logged in Status: Retrieving directory listing... Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
I tried every way in few days but I can not connect with FTP.
-
As @scottalanmiller mentioned above, you'll have to configure pasv on ftp and ensure your client is configured to use it as well.
within vsftpd.conf :
pasv_enable=YES port_enable=YES pasv_min_port=10000 pasv_max_port=10250 pasv_address=IP.OF.BOUND.INTERFACE pasv_addr_resolve=NO
-