@PepperDeb said in HAproxy (type = tcp):

I don't want to have the port open available for both domain.

That a wrong point of view. You open the port just on an IP, not on domains. Ports are part of the IP protocol and a single port - IP combination can be used for a single service to listen on.

Domains can be resolved to IP addresses by DNS to get use of it by the IP protocol, and there is no limit on domains you can point on a single IP.
It's just the HTTP protocol that can determine the domain name by the host header, but this happens on layer 7 within the service itself (which is listening on an IP - port combination).

@jpattard splice the connections for teams.

I haven't seen that error here but you might try uninstalling the package and reinstalling it to be sure it has proper content. The function it's talking about is static, so I'm not sure why it might be saying it's not unless your copy of that file is somehow wrong.

Also worth trying to move from haproxy-devel to haproxy though the PHP code is the same in both right now, so if there is a problem it may be the same in both places.

Uninstall haproxy-devel, install haproxy.

@JonathanLee This post is not mine :-).

@jc1976 I personally do not know how I am on 7.2 I just use the standard packages.

I have used pkg update and pkg upgrade in the shell but I do not think that would cause it.

@Sweety I normally bypass microsoft IPs from SQUID in MITM mode, is not necessary to check it with squid.

This list helps me:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

I add this to a alias and latter I add this alias into squid bypass "Bypass Proxy for These Destination IPs" and let that alias pass by firewall rules.

Let me know if this helps u, regards!!!

@michmoor: Update to 0.63_1 went through without problems, error has been eliminated.

Many thanks for the quick help!

solved it. the cause was the primary frontend was disabled. All is working now!

Thanks!
Stefan

@viktor_g
Hi Viktor,

I have been using HA for quite sometime, but have been puzzled how to configure Squid because I am also using pfBlocker. pfBlocker does not display HA addresses. After reading your post I am assuming that the LAN of pfBlocker will find its way to the right HA interface.

There is always something new to learn, one of my employees said today, and I seem always to be a newbie in some area. However exposing my ignorance has taught me a great deal.

From your post, could you please explain

in case of IPv4, it's easier to use port forward to 127.0.0.1:3128:

Bind Squid to Loopback (127.0.0.1) interface. Create a port forward from <CARP IP>:3128 to 127.0.0.1:3128. Have your users hit <CARP IP>:3128.

I would like to know the why and the how. I think I know what is going on here and even how to do it, but I have not spent much time doing Squid for a while and want to be sure.

Why is it a good idea to do this? Where do I bind Squid to Loopback? maybe obvious but guessing gets me into trouble. I have several HA LANs. There is only one mapping here. Can I map multiple addresses to 127.0.0.1? Having my users "hit" the CARP address happens automatically I think.

Thanks for your patience and help.

Roy

I'm resurrecting this old thread because I am experiencing the same issue (HAProxy will not automatically start on reboot) and, like the OP, I can't seem to find any diagnostics and/or logs that might explain why.

I'm running CE 2.7 and HAProxy 0.61_11. After reboot, I can start and stop HAProxy normally.

If anyone has a suggestion on where to look and/or how to gather some problem determination info, I'd appreciate it.

I thought it would save bandwidth via caching common repeated items?
I use pfBlockerNG for ads and such, and not squidguard.

Okay, there was two issues, one was tcp mode and the second one was under SSL offloading checked: Add ACL for certificate CommonName. (host header matches the "CN" of the certificate)

so for somebody how will want to have the same:
Create frontend with SSL Offloading checked
type http/https offloading selected
default backend selected
Use "forwardfor" option checked
and all other settings unchecked

backend part
server with encrypt ssl checked
health check method none
and in advanced settings
backend pass thru
http-request set-header Host onesite.com
option httpchk GET /
http-check send hdr Host onesite.com