Hi All,
I set a basic config with pfsense as SSL termination.
I'm using a CMS on a standard Apache / PHP / Mysql system.
Reaching the website, I it half working as I have on a regular basis some 502 bad gateway errors and seems linked to cors issue ?
cadfac7b-ce6c-4b52-8067-a51cda59197e-image.png
Am I right saying this ?
If so , I found this article in the forum for CORS :
https://forum.netgate.com/topic/171678/enabling-cors-in-haproxy?_=1715866714636
But wanted before going this way to double check if it is really my issue as my other sites seems not to be problematic.
Issue is on "stream", "main" and "moodle" are ok
Here is for ref my haproxy .conf
# Automaticaly generated, dont edit manually.
# Generated on: 2024-05-03 09:36
global
maxconn 5000
log /var/run/log syslog debug
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
log-send-hostname MAIN
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats refresh 10
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend Main_FrontEnd
bind MY_PUBLIC_IP:443 name MY_PUBLIC_IP:443 ssl crt-list /var/etc/haproxy/Main_FrontEnd.crt_list
mode http
log global
option httplog
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl Direct var(txn.txnhost) -m str -i cleafy.MY_DOMAIN.com
acl Stream var(txn.txnhost) -m str -i cleafystream.MY_DOMAIN.com
acl Wordpress var(txn.txnhost) -m str -i wordpress.MY_DOMAIN.com
acl MoodleSSL var(txn.txnhost) -m str -i moodle.MY_DOMAIN.com
acl aclcrt_Main_FrontEnd var(txn.txnhost) -m reg -i ^([^\.]*)\.MY_DOMAIN\.com(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend Direct_ipvANY if Direct aclcrt_Main_FrontEnd
use_backend Stream_ipvANY if Stream aclcrt_Main_FrontEnd
use_backend Wordpress_ipvANY if Wordpress aclcrt_Main_FrontEnd
use_backend Moodle-SSL_ipvANY if MoodleSSL aclcrt_Main_FrontEnd
backend Direct_ipvANY
mode http
id 110
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.114:80 id 101 check inter 1000
backend Stream_ipvANY
mode http
id 111
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.175:80 id 101 check inter 1000
backend Wordpress_ipvANY
mode http
id 112
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.119:80 id 101 check inter 1000
backend Moodle-SSL_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.145:80 id 101 check inter 1000
Thanks for your insights !