How can I see tcp connection debugging info in HAProxy

Question

I am currently refactoring a haproxy configuration that we use on our production servers to forward TCP traffic from a central server. The goal is to get everything working with docker containers to help with deployment reliability.

Everything has gone well so far, but now I have a couple of "listen" proxies using "mode tcp" that don't seem to be forwarding their traffic. I think the issue is either in the SSL certificate verification or in the forwarding to the secondary server itself.

In an attempt to debug the issue, I have turned on all syslog debugging ('debug' level) and have used the -d flag to run haproxy in debug mode. This provides extensive debugging information for all incoming http traffic, but doesn't seem to give me anything for TCP.

The lack of debug output for TCP forwarding is something I have run into in the past and have not found any way to get more details.

Is there some set of magic flags, configuration, or compile options I can use to see the full details of the TCP connection processing? (ex: accept, handshake, SSL cert verification, forwarding, timeouts, etc)

Answer 1

If you are using a TCP mode proxy, you have to specify option tcplog in your frontend's definition. This enables tcp mode logging. There's extensive documentation about this in the haproxy manual, for example here for haproxy 1.5: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#8.2.2