Score:0

Unable to access web service with floating IP address assigned to my machine

ma flag

I have a machine for which I have assigned a floating IP address. That machine is also my load balancer. I can access my service easily using the IP address of load balancer.

However I am unable to access it using the floating IP address which was assigned to my load balancer machine.

sudo nano /etc/haproxy/haproxy.cfg

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

#HAProxy for web servers
frontend web-frontend
  bind IPADDRESSOFLOADBALANCER:80
  mode http
  default_backend web-backend

backend web-backend
  balance roundrobin
  server web-server1 IPADD1:80 check
  server web-server2 IPADD2:80 check
  server web-server3 IPADD3:80 check
  server web-server4 IPADD4:80 check

Is there anything else I need to do apart from assigning the floating IP address. I am unable to access the service using floating IP address.

enter image description here

c4f4t0r avatar
nl flag
you could to use bind *:80 in your haproxy frontend
Himanshu Poddar avatar
ma flag
@c4f4t0r Yup that worked, but I didn't understand why it works? Also won't there be any security issue. Can't I specifically bind to 2 IP addresses?
Score:1
pe flag

I don't think you can, most people just bind to one IP address or ALL of them. You would have to use a separate front end for each one using the same backend. But everyone just uses the * which works fine.

Score:0
ma flag

I was using Digtal Ocean platform to create my droplets. After assigned a floating IP to it from this page.

https://cloud.digitalocean.com/networking/floating_ips?i=0eb956

Now I need to get the private IP of my droplet using the command ip a

root@ubuntu-s-1vcpu-1gb-blr1-01:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:a0:A:B:C:D brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/20 brd E.F.G.H scope global eth0
valid_lft forever preferred_lft forever
inet *PRIVATEIP(X.X.X.X)*/16 brd X.X.I.J scope global eth0
valid_lft forever preferred_lft forever
inet6 2400:6180:ZZ:ZZ::ZZ:ZZZZ/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::50a0:9fff:fe54:add2/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 9a:4b:a5:ZZ:ZZ:ZZ brd ff:ff:ff:ff:ff:ff
inet K.L.M.N/20 brd O.P.Q.R scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::984b:SSSS:TTTT:UUUU/64 scope link
valid_lft forever preferred_lft forever

I got the floating IP say, FLOATINGIPADDRESS

Floating IP works via Anchor IP present over eth0 interface. We can use the same private IP as any traffic sent over Floating IP will be sent to this private IP only i.e inet *X.X.X.X*/16 brd

Now I need HAProxy to bind to this private IP in my HAProxy cfg file.

sudo nano /etc/haproxy/haproxy.cfg

#HAProxy for web servers
frontend web-frontend
  bind PRIVATEIP(X.X.X.X):80
  bind LOADBALNCERIP:80
  mode http
  default_backend web-backend

backend web-backend

  http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto
  http-request add-header X-Real-Ip %[src] # Custom header with src IP
  option forwardfor # X-forwarded-for

  balance roundrobin
  server web-server1 IP1:80 check
  server web-server2 IP2:80 check
  server web-server3 IP3:80 check
  server web-server4 IP4:80 check

listen stats
bind PRIVATEIP(X.X.X.X):8080
bind LOADBALNCERIP:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth root:password            #Login User and Password for the monitoring
stats admin if TRUE
default_backend web-backend
c4f4t0r avatar
nl flag
if you check the output of netstat -tunap you will see that haproxy was listening only on your private ip
Himanshu Poddar avatar
ma flag
what do you mean by "only"? it was also listening on public ip
c4f4t0r avatar
nl flag
in your original question, You had bind PRIVATEIP(X.X.X.X):80, Now you continue changing everything, you could take to the output of neststat command netstat -tunap | grep LISTEN and you will see what I mean :)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.