Hi Andrew,

We need High availability for SFTP


Haproxy installed in server with ip (1.2.3.4)

for this IP several clients are mapped as mentioned below

client1.hh.com mapped to IP 1.2.3.4
client2.hh.com mapped to IP 1.2.3.4
client3.hh.com mapped to IP 1.2.3.4


For client1 the associated sftp servers are sftp1,sftp2,sftp3.


When request comes from client1.hh.com, then it should be serviced by any of the sftp servers associated to this client i.e sftp1 or sftp2 or sftp3.


To achieve this, below is the haproxy.cfg


listen sftp-server
bind :2121
mode tcp
maxconn 2000
option redis-check
retries 3
option redispatch
#checking if the request is coming from client1
acl devclient1 ssl_fc_sni_reg -i devclient1.healthhub.net.in
#req.ssl_sni ssl_fc_sni_reg
balance roundrobin

use_backend srvs_devclient1 if devclient1


backend srvs_devclient1

balance roundrobin
server ftp01 172.31.10.247:22 check weight 2
server ftp02 172.31.10.156:22 check weight 2

But when I try to transfer file i'm getting exception as connection closed by foreign client.
I'm able to transfer file to sftp server directly(sftp1) which is up and running, but through haproxy it's not working.

Kindly suggest how to fetch the servername from which the request is coming so that I can map that particular client to the associated sftp servers.

More over if any of sftp server is down, haproxy should route the request to any of the associated sftp servers which are up.

Eg: sftp1 is down, haproxy proxy should able to route the request to sftp2 or sftp3 which are up and running.

Requesting you to assist us to resolve the issue.


Thanks in advance.



-----Original Message-----
From: "Andrew Smalley" <***@loadbalancer.org>
Sent: Thursday, October 6, 2016 7:43pm
To: "***@abinnovative.com" <***@abinnovative.com>
Cc: "Lukas Tribus" <***@gmx.net>, "HAProxy" <***@formilux.org>, ***@abinnovative.com
Subject: Re: HaProxy for SFTP load balancing




If you want a connect to port check you can use the below example


listen sftp    bind 192.168.100.100:8022 transparent    mode http    balance leastconn    option forwardfor if-none    stick on hdr(X-Forwarded-For,-1)    stick on src    stick-table type string len 64 size 10240k expire 30m peers loadbalancer_replication    server backup 127.0.0.1:9081 backup non-stick    option http-keep-alive    option redispatch    option abortonclose    maxconn 40000    server RIP_ 192.168.100.0:80 weight RIP_Name check port 8022 inter 4000 rise 2 fall 2 minconn 100 maxconn 0 on-marked-down shutdown-sessions


Of if you wish to define an external file to use then something like below will work.

listen sftp    bind 192.168.100.100:8022 transparent    mode http    balance leastconn    option forwardfor if-none    stick on hdr(X-Forwarded-For,-1)    stick on src    stick-table type string len 64 size 10240k expire 30m peers loadbalancer_replication    server backup 127.0.0.1:9081 backup non-stick    option external-check    external-check command /var/lib/[ loadbalancer.org/check/sftp_check.sh ]( http://loadbalancer.org/check/sftp_check.sh )    option http-keep-alive    option redispatch    option abortonclose    maxconn 40000    server RIP_ 192.168.100.0:80 weight RIP_Name check inter 4000 rise 2 fall 2 minconn 100 maxconn 0 on-marked-down shutdown-sessions



I hope this helps?









Regards

Andrew Smalley

Loadbalancer.org Ltd.


On 6 October 2016 at 15:07, [ ***@abinnovative.com ]( mailto:***@abinnovative.com ) <[ ***@abinnovative.com ]( mailto:***@abinnovative.com )> wrote:


We gave, that doesn't works.


Vijay



On 06-10-2016 07:34 PM, Lukas Tribus wrote:

Hi Vijay,


enable health-checks, by adding the "check" keyword to both your server configuration lines.


Lukas

Thanks Willy that makes sense ofcourse. I guess the OP has issue with the
ftp server then like it is not really down from the haproxy point of view
but not able to serve requests. Since we were not told what the issue is or
how did he test the failover it is just an assumption. More detail
inspection of the ftp server health when the issue occures might reveil
something.