One place for hosting & domains

      Logging

      How to Fix the “WordPress Keeps Logging Out” Problem (8 Methods)


      WordPress is the most popular Content Management System (CMS) online, with an estimated 62% of the CMS market share. Despite this, it isn’t perfect and can trigger some issues. For example, you may need to deal with the “WordPress keeps logging out” problem.

      Fortunately, there are many ways to ensure that being automatically logged out doesn’t happen so often. You can troubleshoot the problem by trying various possible solutions, such as clearing caches and disabling plugins. It can be a long process, but eventually, you can find out what is causing the issue.

      In this article, we’ll look at the most common reasons why WordPress keeps logging out. Then we’ll explore eight methods you can use to solve the issue. Let’s get started!

      Why WordPress Keeps Logging Out

      WordPress requires you to enter your username and password when you want to access your website’s dashboard. This system prevents unknown users from reaching your website and potentially stealing your data.

      However, when working on your website, you’ll likely want to keep your administrator dashboard open. If WordPress keeps logging you out, it can become frustrating to continually sign in to access your content.

      There are various reasons why WordPress might log you out, such as:

      • Cookies with outdated information
      • Cached files with old data
      • An improperly configured WordPress site address
      • Faulty plugins or theme files

      We’ll address each potential cause for the “WordPress keeps logging out” problem in our walkthrough. We’ll also explore fixes for each scenario.

      Skip the Stress

      Avoid troubleshooting when you sign up for DreamPress. Our friendly WordPress experts are available 24/7 to help solve website problems — big or small.

      How to Fix the “WordPress Keeps Logging Out” Problem (8 Methods)

      There are multiple ways to fix the “WordPress keeps logging out” problem. We’ll start by addressing the easiest ones and work our way up to the more complex methods.

      1. Clear Your Browser’s Cookies

      You can start by clearing all of the existing WordPress-related cookies from your browser. Cookies store information from previous browser sessions, such as login details and personal data. However, if they hold onto outdated data, they can trigger the logging out error.

      The process is similar with all major browsers. However, we will show you how to do it in Chrome.

      Go to the WordPress site URL in question, and click on the padlock icon to the left of the URL bar. You will then see a small box pop up.

      Clearing browser cookies for a particular site.

      As you can see, the browser says there are 19 cookies stored in the browser for this domain. To remove them, click on Cookies, and you will see another popup box.

      Viewing cookies in use for a website in your browser.

      Highlight the domains shown in the Allowed box and click on Remove at the bottom. When the domains disappear, select Done to save your changes.

      Now restart your browser and try logging into WordPress again. A new cookie will be set if you click on the Remember Me box.

      To find out how long until Chrome expires the cookie, just go to the Settings menu again. You can access it by clicking on the three vertical dots in the top-right corner of your browser.

      Accessing browser settings with Google Chrome.

      In the settings, click on Privacy and Security in the left-hand sidebar. On the right-hand side, you will then see an option called Cookies and other site data. Select it.

      Accessing browser privacy and security settings in Google Chrome.

      Scroll down the page until you see “See all cookies and site data.” Click on it.

      Seeing all cookies and site data in Google Chrome browser settings.

      You’ll now get a list of all the cookies on your computer. Use the search box at the top to find the one you’re looking for. Just type in the domain, and Chrome will show you what it has in storage.

      Clearing all cookies and site data in the Google Chrome browser settings.

      Click on the first result, and you’ll get a list of each cookie. Select the cookie name and scroll down right to the very bottom, where you will see the expiry date.

      Viewing the cookie expiry date in Google Chrome.

      As you can see, this cookie is valid for just over three months. It even includes the expiration time, so you know when your cookie will need a replacement.

      2. Clear Your Browser’s Cache

      If the logging out problem persists, it’s time to check your cache. A cache is a saved version of a website. Your browser uses this method to store information so pages will load faster when you next visit the site.

      However, if the page is cached in the browser along with an expired cookie, it will likely keep logging you out. As such, you’ll need to clear out the stored information.

      Again, clearing a cache is very similar with all major browsers, so we will focus on the most popular option: Chrome. Go to Chrome’s settings by clicking on the three vertical dots in the top right corner of the browser.

      When the menu drops down, choose More Tools > Clear Browsing Data.

      Clearing browser data in Google Chrome.

      Choosing Clear Browsing Data brings up this box:

      Clearing cached images and files in Google Chrome.

      Tick Cached images and files and click on Clear data. When the box disappears, restart your browser. As you can see, you can also remove the browser cookies using this method.

      3. Check Your Browser Settings

      The logging out problem can also come from your browser settings. For example, if your browser forces cookies to expire, it will forget your login information. Therefore, it will require you to log back in continuously.

      You’ll need to reaccess your browser settings as you did in the first step of this tutorial. Navigate to Settings > Privacy and Security > Cookies and other site data. Here, you can see if any cookies are blocked or enabled.

      General settings for cookies in Google Chrome.

      For example, you can see cookies are disabled during Incognito mode in our browser. However, there are also Block third-party cookies and Block all cookies options. If either of these are enabled, they could be interfering with your WordPress session and logging you out.

      If this is the case, select Allow all cookies by clicking on the button next to it. Now your browser will save the cookie for your WordPress login session.

      4. Clear Your WordPress Site’s Cache

      If you’re using a WordPress caching plugin, this add-on could be at fault. For example, it could be storing an outdated version of your site, triggering the “WordPress keeps logging out” problem.

      Site caches can be handy to have, especially if you have a high-traffic website. Still, they have the potential to cause problems down the line.

      If you have a site caching solution installed, there is usually an option in the WordPress dashboard to clear the cache with one click. It sits in the top menu and generally says Delete Cache. [a][b][d](Note: If you are using the Proxy Cache Purge plugin, you will also see this option, but deleting its cache will not fix the logging out issue.)

      The Delete Cache button in the WordPress admin dashboard.

      Once you click on this button, WordPress will direct you to your caching plugin. You can then click on Delete Cache or the specific control button for your software.

      The plugin may also ask you to confirm your choice or choose specific cache elements to purge. You can clear all of the stored items. When you reload your WordPress site, it will automatically generate a new cache.

      5. Double-Check Your WordPress Site Address

      In your WordPress site settings (under General), you can set the site URL to either “http://www.yourdomain.com” or “http://yourdomain.com”. Some people prefer not having “www” before their domain name for branding reasons or to make their URLs easier to type.

      The WordPress address URL and site address URL.

      However, if these two addresses don’t match, WordPress may see the discrepancy and log you out by default. So, you’ll need to solve the issue to prevent the “WordPress keeps logging out” problem.

      To fix the discrepancy, you’ll need to edit your wp-config.php text file. This document contains vital information for your WordPress website, such as its database connection details.

      You can access this file using a Secure File Transfer Protocol (SFTP) client. One of the most popular options is the free FileZilla program. If you’re a DreamHost customer, you can also use our secure WebFTP program.

      Start your SFTP client and look for the wp-config.php file. You can find it in the root directory of your domain.

      Open the file and paste the following code into it. You’ll want to swap out the example text for your own domain names:

      define( 'WP_HOME', 'http://example.com' );
      
      define( 'WP_SITEURL', 'http://example.com' );

      Now save the file and close your SFTP client. After that, you can go back to your WordPress dashboard to check if the problem is resolved.

      Easily Build Your Dream Website

      Don’t know code? No problem. Our DIY Website Builder makes building a website as easy as sending an email.

      6. Disable and Re-enable WordPress Plugins

      Still no luck fixing the “WordPress keeps logging out” problem? Not to worry, there are a few more things you can try. The next troubleshooting step is checking for a plugin conflict.

      A plugin is an add-on that you have installed on your WordPress site. You may have sourced it from the Plugins section on your site or through the WordPress plugin directory.

      However, many plugins use cookies to function on your site. If these cookies have expired, they might trigger the logging out problem.

      Additionally, poorly-coded plugins could interfere with your WordPress site. As such, you’ll need to identify if any add-ons are causing login or logout issues.

      If you only have a few plugins, this will be an easy process. However, if you have many add-ons, this is going to take a while!

      You can deactivate plugins by heading to Plugins > Installed Plugins in your WordPress dashboard.

      Accessing plugins from the WordPress dashboard.

      Tick the box next to Plugin and access the drop-down Bulk actions menu. Choose Deactivate and then Apply. This process will deactivate all your plugins.

      Deactivating plugins in bulk can help with the "WordPress keeps logging out"problem.

      Now you’ll need to reactivate each plugin and test to determine if it is the issue. You can do this by enabling them one at a time, logging back into your WordPress dashboard, and checking to see if they trigger the problem.

      If you find the culprit, you’ll want to delete it from your website. You may even want to contact the relevant developer to let them know their add-on is functioning incorrectly.

      However, suppose the logging out problem prevents you from accessing your Plugins dashboard. In that case, you can complete the process with an SFTP client. First, you’ll need to open up your website’s wp-content folder and look for Plugins.

      Accessing the wp-content folder from an SFTP client.

      Deactivate all your plugins by renaming the folder to something like “plugins_old”. Then you can navigate back to your WordPress dashboard and follow the manual process we described before.

      7. Check for Theme Conflicts

      The next possibility is a poorly-coded theme. WordPress has many high-quality themes available.

      However, as an open-source CMS, any developer can create a theme. Therefore, a poorly-coded one can slip through the cracks. It can then cause issues on your site, such as the “WordPress keeps logging out” problem.

      Every WordPress installation comes with the pre-installed Twenty Twenty-One theme. So you can quickly and easily check for a theme conflict by reverting your site to this default option. Then, you can determine if your previous choice was causing the logging out issue.

      To switch themes, go to Appearance > Themes in your WordPress dashboard. You will then see your available options, including the Twenty Twenty-One theme.

      However, if you deleted this theme, you can reinstall it for this tutorial. Type the name into the search box and select Twenty Twenty-One.

      Accessing themes from the WordPress dashboard.

      Mouse over the Twenty Twenty-One theme and click on the Activate box that appears.

      Switching to the default Twenty Twenty-One theme could help with the "WordPress keeps logging out" problem.

      The site will now switch to the Twenty Twenty-One theme. Now log out and back into WordPress and see if that fixed your problem. If it does, you might want to think about changing your theme to something else.

      To avoid installing poorly-coded themes, you can read the reviews from other users. Just go to the WordPress theme directory and search for the name of the theme.

      On the right-hand side, you’ll see the theme’s star rating, which will give you a quick overview of its popularity.

      The star rating for a WordPress theme.

      Now click on the See all link at the top to read the reviews.

      Reviews for WordPress themes.

      You should also continually monitor your Updates section in WordPress to see if your theme has a new version available. Doing this will ensure that you get all the latest security updates and bug fixes. You can find updates at the top of your left-hand sidebar.

      Accessing updates in the WordPress dashboard.

      By installing all updates and double-checking the safety of a theme before you install it, you can avoid using a poorly-coded option.

      8. Contact Your Hosting Provider

      By now, you’ve likely discovered what was causing your WordPress logging out problem. However, in the improbable event that it is still happening, you may need to contact your web hosting provider for assistance. The issue may be a domain or server misconfiguration.

      If your hosting company is DreamHost, just get in touch with our customer support team! They will be more than happy to help you solve the problem.

      You’re Cordially Invited

      Join DreamHost’s Facebook group to connect with like-minded website owners and get advice from peers and experts alike!

      Fixing Other WordPress Problems

      If you’re running into any other issues with your WordPress site, we have a comprehensive list of troubleshooting tutorials:

      If you need further assistance, you can check out our WordPress tutorials. These expert guides can help you master your admin dashboard in no time!

      Conclusion

      The “WordPress keeps logging out” problem can be frustrating. But as we’ve just seen, you can use multiple troubleshooting methods to identify and solve the issue.

      By following the list we have provided here, you can start with the most straightforward possibilities and gradually work your way up to the more time-consuming ones. For example, clearing caches and cookies takes less than a minute. However, individually checking plugins can eat up a lot of time.

      Are you looking for a WordPress host that can help you out with any technical problems? At DreamHost, we have a support team that can walk you through any website-related issues. Check out one of our WordPress hosting packages today!



      Source link

      How To Configure HAProxy Logging with Rsyslog on Rocky Linux 8 [Quickstart]


      Introduction

      HAProxy, which stands for High Availability Proxy, is a widely used TCP and HTTP-based proxy server that runs on Linux, Solaris, and FreeBSD. It is used to load balance applications by distributing requests between multiple servers, and to ensure that applications are highly available for users.

      By default on many Rocky Linux 8 installations, HAProxy is not configured to write its log output to a file. This quickstart tutorial will explain how to configure HAProxy logging with Rsyslog by using a Unix domain socket for reliability, speed, and security.

      Prerequisites

      To complete this tutorial, you will need a server running Rocky Linux 8. This server should have a non-root user with administrative privileges. To set this up, follow the Initial Server Setup guide for Rocky Linux 8 tutorial.

      You can also use an interactive terminal that is embedded on this page to experiment with HAProxy and rsyslog logging in this tutorial. Click the following Launch an Interactive Terminal! button to get started.

      Launch an Interactive Terminal!

      Step 1 — Installing and Enabling HAProxy

      To install HAProxy, run the following dnf command:

      When you are prompted Is this ok [y/N]: enter y and press RETURN to install the package.

      Once you have installed HAProxy, enable and start it using the systemctl command:

      • sudo systemctl enable haproxy.service

      You should receive the following output:

      Output

      Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

      With the HAProxy service now enabled, you can start it up to ensure that it runs with a default configuration on your server:

      • sudo systemctl start haproxy.service

      Next examine HAProxy’s status to make sure it is running:

      • sudo systemctl status haproxy.service

      You should receive output like the following. Note the highlighted active (running) portion of the output. If your server shows the same highlighted section then HAProxy is running correctly on your server and you can proceed with configuring logging.

      Output

      ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-09-09 21:16:39 UTC; 4min 39s ago Process: 21340 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q (code=exited, status=0/SUCCESS) Main PID: 21341 (haproxy) Tasks: 2 (limit: 2881) Memory: 2.7M CGroup: /system.slice/haproxy.service ├─21341 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid . . .

      If your output is different, or the status shows something like Active: failed, then follow the troubleshooting steps in the How to Troubleshoot Common HAProxy Errors tutorial to determine what is preventing HAProxy from starting correctly.

      Once you have confirmed that HAProxy is enabled and running, you can continue to the next step, which is configuring HAProxy’s logging directives.

      Step 2 — Configuring HAProxy Logging Directives

      To configure HAProxy’s logging directives, open /etc/haproxy/haproxy.cfg in vi or your preferred editor:

      • sudo vi /etc/haproxy/haproxy.cfg

      Press i to switch to INSERT mode, then find the line log 127.0.0.1 local2 and comment it out by adding a # character to the beginning of the line, as highlighted in the following example:

      /etc/haproxy/haproxy.cfg

      . . .
      # 2) configure local2 events to go to the /var/log/haproxy.log
      #   file. A line like the following can be added to
      #   /etc/sysconfig/syslog
      #
      #    local2.*                       /var/log/haproxy.log
      #
          #log         127.0.0.1 local2
      
          chroot      /var/lib/haproxy
          pidfile     /var/run/haproxy.pid
      . . .
      

      Now add a line directly after the commented out line with the following contents:

          log         /dev/log local0
      

      The entire section of /etc/haproxy/haproxy.cfg that you edited should contain the following lines:

      /etc/haproxy/haproxy.cfg

      . . .
      #    local2.*                       /var/log/haproxy.log
      #
           #log         127.0.0.1 local2
           log         /dev/log local0
      
           chroot      /var/lib/haproxy
           pidfile     /var/run/haproxy.pid
      . . .
      

      The chroot line is important, because it restricts the HAProxy process to accessing files in the /var/lib/haproxy directory only. The log /dev/log local0 line will create a file inside that directory that Rsyslog will use to collect log entries from.

      Once you are finished editing the log lines in /etc/haproxy/haproxy.cfg, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      The last step that you need to complete in this section is to create the /var/lib/haproxy/dev directory since it does not exist by default.

      Create the directory using the mkdir command and then restart HAProxy:

      • sudo mkdir /var/lib/haproxy/dev
      • sudo systemctl restart haproxy.service

      You have now configured HAProxy to send its logs to a Unix domain socket that resides in /var/lib/haproxy/dev/log. In the next step, you will configure Rsyslog to create and access the socket.

      Step 3 — Configuring Rsyslog to Collect HAProxy Logs

      Rsyslog’s default configuration on Rocky Linux 8 does not handle HAProxy logs. To collect logs from the HAProxy service, open a new file /etc/rsyslog.d/99-haproxy.conf using vi or your preferred editor:

      • sudo vi /etc/rsyslog.d/99-haproxy.conf

      Press i to switch to INSERT mode, then paste the following lines into the file:

      /etc/rsyslog.d/99-haproxy.conf

      $AddUnixListenSocket /var/lib/haproxy/dev/log
      
      # Send HAProxy messages to a dedicated logfile
      :programname, startswith, "haproxy" {
        /var/log/haproxy.log
        stop
      }
      

      The $AddUnixListenSocket directive tells Rsyslog to create a Unix domain socket in the specified location, in this case /var/lib/haproxy/dev/log. The :programname, startswith, "haproxy" section specifies the file where Rsyslog will write the log entries to that it collects from the socket.

      Once you are finished editing /etc/rsyslog.d/99-haproxy.conf, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      You have now configured Rsyslog to read log entries from the Unix domain socket in /var/lib/haproxy/dev/log and write them to a log file in /var/log/haproxy.log.

      However, before restarting Rsyslog you will need to determine if SELinux is enforcing access control on your Rocky Linux 8 system.

      To check SELinux’s current policy, run the following:

      You will receive one of the following outputs:

      • Enforcing - In this mode, SELinux is enforcing access controls on your system. You will need to complete the following optional Step 4 — Configuring SELinux section.
      • Permissive - In this case, SELinux logs all access attempts to its log file, but does not enforce access controls on your system.
      • Disabled - If SELinux is disabled, then it is not logging or enforcing any access control policies on your system.

      If the getenforce command returned either Permissive or Disabled, then you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      Once you restart Rsyslog, you will be able to view logs in the /var/log/haproxy.log file that you configured in /etc/rsyslog.d/99-haproxy.conf. Proceed to Step 5 — Testing HAProxy Logging to make sure that everything is working as expected.

      Otherwise, if your system is running SELinux in Enforcing mode, then the next section of this tutorial explains how to add a module to allow Rsyslog and HAProxy to communicate with each other over their shared Unix domain socket.

      Step 4 — (Optional) Configuring SELinux

      If your Rocky Linux 8 system is configured with SELinux in Enforcing mode, then you will need to allow Rsyslog access to HAProxy’s chroot directory. Allowing this access will let Rsyslog create the Unix domain socket that HAproxy will send its logs to.

      If you are using the Interactive Terminal to follow along with this tutorial, the environment does not support enabling SELinux. You can still experiment with creating and compiling the module, but you will not be able to load the module.

      If you are not familiar with SELinux, this tutorial series An Introduction to SELinux on CentOS 7 will help you learn how to manage and interact with SELinux. Although it is written for CentOS 7, the principles and commands in the series are equally applicable to Rocky Linux 8.

      To enable Rsyslog and HAProxy access to their shared socket, the first task is to create a Type Enforcement policy file. Open a new file called rsyslog-haproxy.te in vi or your preferred editor:

      Press i to switch to INSERT mode, then paste the following lines into the file:

      rsyslog-haproxy.te

      module rsyslog-haproxy 1.0;
      
      require {
          type syslogd_t;
          type haproxy_var_lib_t;
          class dir { add_name remove_name search write };
          class sock_file { create setattr unlink };
      }
      
      #============= syslogd_t ==============
      allow syslogd_t haproxy_var_lib_t:dir { add_name remove_name search write };
      allow syslogd_t haproxy_var_lib_t:sock_file { create setattr unlink };
      

      The first line defines the module name and version. The require portion tells the SELinux module loader about the types and classes that are required for the policy to be loaded as a module. The last two lines are the rules that allow Rsyslog access to HAProxy’s chroot and socket file respectively.

      When you are done editing the file, save and close it by pressing ESC, typing :wq, and pressing ENTER.

      Next, run the following command to install the checkpolicy package, which contains the checkmodule utility that you will use to turn the Type Enforcement file into an SELinux module.

      • sudo dnf install checkpolicy

      Now that you have the checkmodule tool installed, the next step is to compile the module and then load it into SELinux. Run the following to compile the Type Enforcement file into an SELinux module:

      • checkmodule -M -m rsyslog-haproxy.te -o rsyslog-haproxy.mod

      Next, run semodule_package to generate a complete policy package that SELinux can load into the Linux kernel:

      • semodule_package -o rsyslog-haproxy.pp -m rsyslog-haproxy.mod

      The final step is to load the package that you generated into the Linux kernel using the semodule command:

      • sudo semodule -i rsyslog-haproxy.pp

      Adding the module may take a few seconds. Once the command completes you can confirm that the module is loaded into the kernel by running the semodule command:

      • sudo semodule -l |grep rsyslog-haproxy

      You should receive output like the following:

      Output

      rsyslog-haproxy

      Once the module is loaded you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      You have now defined, compiled, and loaded an SELinux policy that will allow HAProxy and Rsyslog to communicate over their shared socket.

      In the next step you will test that everything works by making an HTTP request to HAProxy and examining its new log file.

      Step 5 — Testing HAProxy Logging

      Now that you have configured HAProxy, Rsyslog, and optionally SELinux, you can test that logging to /var/log/haproxy.log is working.

      By default the haproxy package ships with a configuration file that creates an HTTP listener socket on port 5000. The configuration points to a non-existent backend server, so any request to the port will result in an HTTP 503 error.

      To check for a 503 error in your /var/log/haproxy.log file, first generate an HTTP request using curl like this:

      • curl -si http://127.0.0.1:5000

      You should receive output like the following:

      Output

      HTTP/1.0 503 Service Unavailable Cache-Control: no-cache Connection: close Content-Type: text/html <html><body><h1>503 Service Unavailable</h1> No server is available to handle this request. </body></html>

      Now examine /var/log/haproxy.log for any HTTP 503 responses using the grep command:

      • sudo grep -E 'NOSRV.+503' /var/log/haproxy.log

      Note: The NOSRV.+503 portion of the command is a regular expression. This tutorial on Using Grep & Regular Expressions to Search for Text Patterns in Linux
      goes into more depth on using grep and regular expressions.

      You should receive a line (or multiple lines) like the following:

      Output

      Sep 9 21:32:22 rocky-s-1vcpu-1gb-nyc3-01 haproxy[4451]: 127.0.0.1:56024 [9/Sep/2020:21:32:22.098] main app/<NOSRV> 0/-1/-1/-1/0 503 212 - - SC-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"

      This line corresponds to the curl request that you made, which means that Rsyslog and HAProxy are configured to use their shared socket correctly.

      Conclusion

      In this quickstart tutorial, you configured HAProxy to log to a Unix domain socket. You also set up Rsyslog to create and read from the socket so that the two programs can communicate with each other without opening up any TCP/IP ports on your system. Finally, you optionally compiled, packaged, and loaded an SELinux policy to allow Rsyslog and HAProxy shared access to their socket.



      Source link

      How To Configure HAProxy Logging with Rsyslog on CentOS 8 [Quickstart]


      Introduction

      HAProxy, which stands for High Availability Proxy, is a widely used TCP and HTTP-based proxy server that runs on Linux, Solaris, and FreeBSD. It is used to load balance applications by distributing requests between multiple servers, and to ensure that applications are highly available for users.

      By default on many CentOS 8 installations, HAProxy is not configured to write its log output to a file. This quickstart tutorial will explain how to configure HAProxy logging with Rsyslog by using a Unix domain socket for reliability, speed, and security.

      Prerequisites

      To complete this tutorial, you will need a server running CentOS 8. This server should have a non-root user with administrative privileges. To set this up, follow the Initial Server Setup guide for CentOS 8 tutorial.

      Step 1 — Installing and Enabling HAProxy

      To install HAProxy, run the following dnf command:

      When you are prompted Is this ok [y/N]: enter y and press RETURN to install the package.

      Once you have installed HAProxy, enable and start it using the systemctl command:

      • sudo systemctl enable haproxy.service

      You should receive the following output:

      Output

      Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

      With the HAProxy service now enabled, you can start it up to ensure that it runs with a default configuration on your server:

      • sudo systemctl start haproxy.service

      Next examine HAProxy’s status to make sure it is running:

      • sudo systemctl status haproxy.service

      You should receive output like the following. Note the highlighted active (running) portion of the output. If your server shows the same highlighted section then HAProxy is running correctly on your server and you can proceed with configuring logging.

      Output

      ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-09-09 21:16:39 UTC; 4min 39s ago Process: 21340 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q (code=exited, status=0/SUCCESS) Main PID: 21341 (haproxy) Tasks: 2 (limit: 2881) Memory: 2.7M CGroup: /system.slice/haproxy.service ├─21341 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid . . .

      If your output is different, or the status shows something like Active: failed, then follow the troubleshooting steps in the HAproxy Common Errors Series Introduction tutorial to determine what is preventing HAProxy from starting correctly.

      Once you have confirmed that HAProxy is enabled and running, you can continue to the next step, which is configuring HAProxy’s logging directives.

      Step 2 — Configuring HAProxy Logging Directives

      To configure HAProxy’s logging directives, open /etc/haproxy/haproxy.cfg in vi or your preferred editor:

      • sudo vi /etc/haproxy/haproxy.cfg

      Press i to switch to INSERT mode, then find the line log 127.0.0.1 local2 and comment it out by adding a # character to the beginning of the line, as highlighted in the following example:

      /etc/haproxy/haproxy.cfg

      . . .
      # 2) configure local2 events to go to the /var/log/haproxy.log
      #   file. A line like the following can be added to
      #   /etc/sysconfig/syslog
      #
      #    local2.*                       /var/log/haproxy.log
      #
          #log         127.0.0.1 local2
      
          chroot      /var/lib/haproxy
          pidfile     /var/run/haproxy.pid
      . . .
      

      Now add a line directly after the commented out line with the following contents:

          log         /dev/log local0
      

      The entire section of /etc/haproxy/haproxy.cfg that you edited should contain the following lines:

      /etc/haproxy/haproxy.cfg

      . . .
      #    local2.*                       /var/log/haproxy.log
      #
           #log         127.0.0.1 local2
           log         /dev/log local0
      
           chroot      /var/lib/haproxy
           pidfile     /var/run/haproxy.pid
      . . .
      

      The chroot line is important, because it restricts the HAProxy process to accessing files in the /var/lib/haproxy directory only. The log /dev/log local0 line will create a file inside that directory that Rsyslog will use to collect log entries from.

      Once you are finished editing the log lines in /etc/haproxy/haproxy.cfg, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      The last step that you need to complete in this section is to create the /var/lib/haproxy/dev directory since it does not exist by default.

      Create the directory using the mkdir command and then restart HAProxy:

      • sudo mkdir /var/lib/haproxy/dev
      • sudo systemctl restart haproxy.service

      You have now configured HAProxy to send its logs to a Unix domain socket that resides in /var/lib/haproxy/dev/log. In the next step, you will configure Rsyslog to create and access the socket.

      Step 3 — Configuring Rsyslog to Collect HAProxy Logs

      Rsyslog’s default configuration on CentOS 8 does not handle HAProxy logs. To collect logs from the HAProxy service, open a new file /etc/rsyslog.d/99-haproxy.conf using vi or your preferred editor:

      • sudo vi /etc/rsyslog.d/99-haproxy.conf

      Press i to switch to INSERT mode, then paste the following lines into the file:

      /etc/rsyslog.d/99-haproxy.conf

      $AddUnixListenSocket /var/lib/haproxy/dev/log
      
      # Send HAProxy messages to a dedicated logfile
      :programname, startswith, "haproxy" {
        /var/log/haproxy.log
        stop
      }
      

      The $AddUnixListenSocket directive tells Rsyslog to create a Unix domain socket in the specified location, in this case /var/lib/haproxy/dev/log. The :programname, startswith, "haproxy" section specifies the file where Rsyslog will write the log entries to that it collects from the socket.

      Once you are finished editing /etc/rsyslog.d/99-haproxy.conf, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      You have now configured Rsyslog to read log entries from the Unix domain socket in /var/lib/haproxy/dev/log and write them to a log file in /var/log/haproxy.log.

      However, before restarting Rsyslog you will need to determine if SELinux is enforcing access control on your CentOS 8 system.

      To check SELinux’s current policy, run the following:

      You will receive one of the following outputs:

      • Enforcing – In this mode, SELinux is enforcing access controls on your system. You will need to complete the following optional Step 4 — Configuring SELinux section.
      • Permissive – In this case, SELinux logs all access attempts to its log file, but does not enforce access controls on your system.
      • Disabled – If SELinux is disabled, then it is not logging or enforcing any access control policies on your system.

      If the getenforce command returned either Permissive or Disabled, then you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      Once you restart Rsyslog, you will be able to view logs in the /var/log/haproxy.log file that you configured in /etc/rsyslog.d/99-haproxy.conf. Proceed to Step 5 — Testing HAProxy Logging to make sure that everything is working as expected.

      Otherwise, if your system is running SELinux in Enforcing mode, then the next section of this tutorial explains how to add a module to allow Rsyslog and HAProxy to communicate with each other over their shared Unix domain socket.

      Step 4 — (Optional) Configuring SELinux

      If your CentOS 8 system is configured with SELinux in Enforcing mode, then you will need to allow Rsyslog access to HAProxy’s chroot directory. Allowing this access will let Rsyslog create the Unix domain socket that HAproxy will send its logs to.

      If you are not familiar with SELinux, this tutorial series An Introduction to SELinux on CentOS 7 will help you learn how to manage and interact with SELinux. Although it is written for CentOS 7, the principles and commands in the series are equally applicable to CentOS 8.

      To enable Rsyslog and HAProxy access to their shared socket, the first task is to create a Type Enforcement policy file. Open a new file called rsyslog-haproxy.te in vi or your preferred editor:

      Press i to switch to INSERT mode, then paste the following lines into the file:

      rsyslog-haproxy.te

      module rsyslog-haproxy 1.0;
      
      require {
          type syslogd_t;
          type haproxy_var_lib_t;
          class dir { add_name remove_name search write };
          class sock_file { create setattr unlink };
      }
      
      #============= syslogd_t ==============
      allow syslogd_t haproxy_var_lib_t:dir { add_name remove_name search write };
      allow syslogd_t haproxy_var_lib_t:sock_file { create setattr unlink };
      

      The first line defines the module name and version. The require portion tells the SELinux module loader about the types and classes that are required for the policy to be loaded as a module. The last two lines are the rules that allow Rsyslog access to HAProxy’s chroot and socket file respectively.

      When you are done editing the file, save and close it by pressing ESC, typing :wq, and pressing ENTER.

      Next, run the following command to install the checkpolicy package, which contains the checkmodule utility that you will use to turn the Type Enforcement file into an SELinux module.

      • sudo dnf install checkpolicy

      Now that you have the checkmodule tool installed, the next step is to compile the module and then load it into SELinux. Run the following to compile the Type Enforcement file into an SELinux module:

      • checkmodule -M -m rsyslog-haproxy.te -o rsyslog-haproxy.mod

      Next, run semodule_package to generate a complete policy package that SELinux can load into the Linux kernel:

      • semodule_package -o rsyslog-haproxy.pp -m rsyslog-haproxy.mod

      The final step is to load the package that you generated into the Linux kernel using the semodule command:

      • sudo semodule -i rsyslog-haproxy.pp

      Adding the module may take a few seconds. Once the command completes you can confirm that the module is loaded into the kernel by running the semodule command:

      • sudo semodule -l |grep rsyslog-haproxy

      You should receive output like the following:

      Output

      rsyslog-haproxy

      Once the module is loaded you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      You have now defined, compiled, and loaded an SELinux policy that will allow HAProxy and Rsyslog to communicate over their shared socket.

      In the next step you will test that everything works by making an HTTP request to HAProxy and examining its new log file.

      Step 5 — Testing HAProxy Logging

      Now that you have configured HAProxy, Rsyslog, and optionally SELinux, you can test that logging to /var/log/haproxy.log is working.

      By default the haproxy package ships with a configuration file that creates an HTTP listener socket on port 5000. The configuration points to a non-existent backend server, so any request to the port will result in an HTTP 503 error.

      To check for a 503 error in your /var/log/haproxy.log file, first generate an HTTP request using curl like this:

      • curl -si http://127.0.0.1:5000

      You should receive output like the following:

      Output

      HTTP/1.0 503 Service Unavailable Cache-Control: no-cache Connection: close Content-Type: text/html <html><body><h1>503 Service Unavailable</h1> No server is available to handle this request. </body></html>

      Now examine /var/log/haproxy.log for any HTTP 503 responses using the grep command:

      • sudo grep -E ‘NOSRV.+503’ /var/log/haproxy.log

      Note: The NOSRV.+503 portion of the command is a regular expression. This tutorial on Using Grep & Regular Expressions to Search for Text Patterns in Linux
      goes into more depth on using grep and regular expressions.

      You should receive a line (or multiple lines) like the following:

      [secondary_label Output
      Sep 9 21:32:22 centos-s-1vcpu-1gb-nyc3-01 haproxy[4451]: 127.0.0.1:56024 [9/Sep/2020:21:32:22.098] main app/<NOSRV> 0/-1/-1/-1/0 503 212 - - SC-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
      

      This line corresponds to the curl request that you made, which means that Rsyslog and HAProxy are configured to use their shared socket correctly.

      Conclusion

      In this quickstart tutorial, you configured HAProxy to log to a Unix domain socket. You also set up Rsyslog to create and read from the socket so that the two programs can communicate with each other without opening up any TCP/IP ports on your system. Finally, you optionally compiled, packaged, and loaded an SELinux policy to allow Rsyslog and HAProxy shared access to their socket.



      Source link