-
Notifications
You must be signed in to change notification settings - Fork 621
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to configure TCP correctly (proxy.addr, ...) #283
Comments
proxy.addr
correctly
For TCP proxying to work two things need to happen:
So with this in mind lets go through your questions:
Let me know if that answers your question. |
Hi, thanks. It get more clear for 1,2,3. Interesting that you use mysql port I have tried in
This work fine I can do I have this error when I try to send an email from thunderbird:
I am reading this but not sure if it is the right direction. Maybe it is related to I haven't configured anything regarding certificate. It's always a mess to understand what needs to be configured and how it should be. Do I really have to do that here in Fabio ? I use to do SSL terminaisons on nginx. I never had to configure anything with haproxy when doing TCP proxying. |
|
Thanks for your indication, apparently I have verified and SSL is fine using plain TCP, the handshake is done after Fabio. I might have misunderstood the basic usage scenario... I use to have HAproxy installed, and I was registering my TCP services using Now I am registering with I noticed that using This is fine, my mail server needs to be public, but how about if I need to keep it private ? I though, ok just set the ip like ( Should the I have this assumption, if I open |
Service discovery is done through consul. Fabio finds the service instances that are registered in consul and starts routing to them once they appear and stops routing when they are gone. This is different from other proxies where you have to configure the upstream servers. As for the bind address: |
😢 I will revert to HAproxy, but only because it's impossible to proxy using a specific interface yet and I have services that require it. For when (approx) do you schedule your release ? I am waiting for it with impatience, from what I have seen and what I have played with, it is a great tool. Very easy and handy. Thanks for sharing it. |
Let me see what I can hack together. This isn't difficult. Didn't have the need for it yet since you would need to run fabio via something like supervisord, daemontools or systemd anyway which can do that little bit of shell magic. |
Sure, just tell me how I can help.
|
You can always use the shell to get the ip address, e.g.: fabio -proxy_addr "$(ifconfig eth0 | grep 'inet addr:' | awk '{print $2}' | cut -d: -f2):3600;proto=tcp" |
|
Sorry, I meant having the possibility to configure a default interface instead of |
As I've said, use the shell to get the ip address(es) you want fabio to bind to and then run |
This is the other part that I don't understand, how do I know the ip address from the host that run Fabio ? I though load balancing was for that. If I scale up on marathon I have no way to send the new application ip to Fabio. This is also why I do need fabio to listen by default on a different interface than |
Maybe lets take a step back and explain what it is that you're trying to do. Since you mention marathon the setup is a bit more complex. (This should have registered when you mentioned PanteraS). The usual deployment scenarios are listed here: https://github.com/fabiolb/fabio/wiki/Deployment Could you explain briefly what your setup looks like? |
So far, I only have 3 hosts Master+Slave where PanteraS is installed. I have installed on one of them NGINX, which is used as the public https proxy and all the public accesses. In PanteraS, HAproxy can also be used to proxy TCP. I sometimes open publicly on the public interface a new port proxied by HA proxy. (587,993) for example. Note that all my Master+Slave hosts all have the same HAproxy configuration setup and could be used has an emergency proxy if needed. |
Any update on this ? I hope I can migrate soon but the security requirement can't replace the HAproxy completely. |
I'm sorry but I still don't fully understand the problem you're trying to solve. Could you please try to explain it briefly again? Who is connecting to whom, with which protocol and what isn't working? |
All my services are using consul service discovery, see panteras, they use environment tags in the container to register services into LB.
TCP
I tried to replace HA proxy with Fabio and it doesn't fit all the previous requirements yet.
|
So what I understand is that fabio basically works but the ip and listener configuration isn't flexible enough for your use case. While I can add something like I think for now |
We need to be able to I will take your advice and implement the Thanks again for your answer. |
Why can't you use a shell script to determine the ip address in the meantime as outlined here? This shouldn't be blocking. |
For keeping flexibility of configuration. I don't always have the same interface name used. Also, on some host I have up to 3 network interfaces. |
But if you run |
That work for me. I think I got all the advice I needed to try one more migration. I haven't play with Closing for now. Thanks you again. |
Hi everyone!
Thanks for sharing Fabio, I have heard good thing about it.
I am following the project since it has been integrated in PanteraS
I wanted to try Fabio because it now has a TCP proxying mode.
I am configuring my services by registering them in consul and adding env tag to my docker containers :
I wasn't able to use the tcp proxying without playing with
proxy.addr
infabio.properties
proxy.addr
infabio.properties
everytime I am adding a new tcp proxied port ?25
,143
,587
,993
I have tried to send an email from thunderbird with
proto=tcp,:587;proto=tcp
and I have:I have tried to send an email from thunderbird with
proto=tcp,:587;proto=tcp+sni
it connect but I wait a very long time and I have a time out error.I didn't had to configure anything for proxying these services before. I can see I can configure ssl keystore and tls header value. I am not sure which is the right direction. Maybe you will have any idea why it is different ?
Thanks in advance
The text was updated successfully, but these errors were encountered: