2

I need some help wrapping my head around this, perhaps I've completely misunderstood this and have gone the wrong way. Is it not possible to forward incoming RTMP streams over HAProxy to a receiving server? As in - instead of accessing an available RTMP stream on a server behind HAProxy, but send an RTMP stream through it to the said server.

I have set up a server to sit on a public IP address and receive RTMP live streams that are sent to it and another server that sits in a limited-access network, isolated from direct access from the public web (both servers see each other over VPN). Everything related to RTMP streaming is working just fine - I can send an RTMP stream to both (when connected to the same network of course) but I'm unable to configure HAProxy to forward my RTMP streams from the public facing server to the server that's isolated from the public web. I tried disabling firewalls temporary to check that was not the issue.

Servers used for reciving RTMP streams are NGINX, the HAProxy config that I tried using before abandoning the idea is as follows:

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     1024
    daemon
    stats socket /var/lib/haproxy/stats

defaults
    log                     global
    option                  tcplog
    option                  dontlognull
    retries                 6
    timeout queue           1m
    timeout connect         15s
    timeout client          1m
    timeout server          30s
    timeout check           10s
    maxconn                 256

listen rtmp-1935
    bind :1935
    mode tcp
    balance roundrobin
    server stream01 10.100.10.80:2000
    server stream02 10.100.10.80:2000

Some quick explanation of the config - the idea was for an RTMP stream to arrive on the public facing server on TCP port 1935, and then get forwarded over HAProxy to the other server, which is listening for RTMP streams on TCP port 2000. The result of the config above was that HAProxy would pick up the stream but then not forward anything.

Here's a log:

Apr 30 19:26:30 localhost haproxy[15972]: Proxy admin started.
Apr 30 19:27:58 localhost haproxy[15973]: 10.100.10.60:19398 [30/Apr/2018:19:27:58.164] admin admin/<STATS> 0/0/5 14887 LR 1/1/0/0/0 0/0
Apr 30 19:27:58 localhost haproxy[15973]: 10.100.10.60:19398 [30/Apr/2018:19:27:58.170] admin admin/<STATS> 0/0/361 14949 LR 1/1/0/0/0 0/0
Apr 30 19:27:58 localhost haproxy[15973]: 10.100.10.60:19398 [30/Apr/2018:19:27:58.531] admin admin/<NOSRV> -1/-1/288 212 SC 0/0/0/0/0 0/0
Apr 30 19:33:52 localhost haproxy[15973]: 10.100.10.60:19423 [30/Apr/2018:19:33:52.795] admin admin/<STATS> 0/0/6 15001 LR 1/1/0/0/0 0/0
Apr 30 19:33:53 localhost haproxy[15973]: 10.100.10.60:19423 [30/Apr/2018:19:33:52.801] admin admin/<NOSRV> -1/-1/333 212 SC 0/0/0/0/0 0/0
Apr 30 19:34:09 localhost haproxy[16211]: Proxy rtmp-1935 started.
Apr 30 19:34:09 localhost haproxy[16211]: Proxy admin started.
Apr 30 19:34:11 localhost haproxy[16212]: 10.100.10.60:19425 [30/Apr/2018:19:34:11.965] admin admin/<STATS> 0/0/7 14817 LR 1/1/0/0/0 0/0
Apr 30 19:34:12 localhost haproxy[16212]: 10.100.10.60:19425 [30/Apr/2018:19:34:11.973] admin admin/<NOSRV> -1/-1/355 212 SC 0/0/0/0/0 0/0

I have already given up on this idea and reverted to just pushing RTMP streams, I figured I'd leave this here out of curiosity to see if this could be done. I'm not expecting this to be answered.

Kārlis K.
  • 43
  • 1
  • 2
  • 9

2 Answers2

1

This should have worked fine. I've done it.

According to your logs, your session state at disconnection is SC.

S: the TCP session was unexpectedly aborted by the server, or the server explicitly refused it.

C: the proxy was waiting for the CONNECTION to establish on the server. The server might at most have noticed a connection attempt.

All indications are that your back-end server was not accepting TCP connections on port 2000 at all. Testing the connectivity from the HAProxy with telnet or nc should have returned Connection refused.

Community
  • 1
Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86
  • Odd, perhaps I'll have to start fresh and give this another try. I'm running this on CentOS 7 on both servers - after I wasn't receiving anything on the other server I switched off SE Linux and Firewall-cmd completely, which didn't help. I'm also going to look up if I've missed any Sysctl parameters that are required for HAProxy to operate normally. P.S.: Thanks for the explanation on logs - I had no idea what "SC" meant. – Kārlis K. May 01 '18 at 11:56
1

I went back and looked into this. Was experiencing problems where HAProxy couldn't connect to the remote server. This posted answer resolved my problem: Haproxy health check permission denied. It turns out it was I hadn't adjusted my SE Linux to permit HA Proxy outgoing connections (which is weird because I can swear I had SE Linux and all firewalls disabled briefly when I tested it last and it still failed).

Kārlis K.
  • 43
  • 1
  • 2
  • 9
  • Additionally, a stick session config that I tried to add later, which was also present a lot of the time (I was commenting out and/or reenabling various bits of my config then, could also explain why nothing worked with and without SE Linux and firewall) when I was initially experiencing issues the first time around, – Kārlis K. May 07 '18 at 19:13