Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy Seems to Forward to wrong Backend Port

    Scheduled Pinned Locked Moved
    Cache/Proxy
    4
    6
    897
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sammiorelli
      last edited by

      I'm setting up HAProxy and running into a very strange problem.

      I'm pretty confident in my front end and back end configuration, with the back end needing to point to port 8000 on the target internal server. But, consistently HAProxy said the server was down, which was really strange to me, since running a curl command to the destination returned the webpage in the command prompt of the pfsense.

      So I looked at the HAProxy report, and this is where my suspicions that something is wrong popped up. When I cursor over the backend that's "down," the IP address it shows in the mousover is :443, not :8000.
      haproxy stats screenshot.png

      But as you can see, very clearly I've got it set to port 8000, not 443. Has anyone run into this?
      haproxy backend settings.png

      S 1 Reply Last reply Reply Quote 0
      • S
        sammiorelli @sammiorelli
        last edited by

        @sammiorelli update: uninstalled the normal version, installed -dev, rebooted everything, and it no longer is trying to go to port 443 internally and is going to 8000. Seems it was something stuck from the install.

        kiokomanK 1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8 @sammiorelli
          last edited by

          @sammiorelli
          for me, dev have a bug,
          let's say you create a backend that point to port 8000
          if you change the port from 8000 to something else it does not work, it's still redirecting to port 8000
          i always have to delete the backend and reconfigure it to make it work

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • E
            Elan67
            last edited by

            I can confirm a similar issue with my (not dev) installation. Changing the BE port is ignored unless I stop HaProxy then change the port and start haproxy again! Completely impractical in a production scenario!

            Another issue that arose with HAProxy version 2.8.2-61a0f57, released 2023/08/09 is that SSL (self-signed certificate) BE are ok (ie green on stats) but accessing the from FE return in an endless loop.
            Still investigating in the meanwhile I had to switch to not -SSL BE to get it work again.

            E 1 Reply Last reply Reply Quote 0
            • G
              gmpreussner
              last edited by

              I have the same problem, except it goes to port 80 instead of 443 (because my backends are HTTP, not HTTPS, on non-standard ports, such as 8080, 8081, 7860, etc.).

              pfSense 2.7.2
              haproxyy 0.63_1 (haproxy-2.8.3)

              Currently, the workaround is to reboot pfSense after HAProxy settings changes.
              See also https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed

              1 Reply Last reply Reply Quote 0
              • E
                Elan67 @Elan67
                last edited by

                I solved the empty response behavior from an SSL BE. The BE name of the BE must match the FDQN and cannot be arbitrary anymore, ie:
                e4d3ed7a-1ea9-4008-b5c6-c90288a9b949-image.png
                the Field explanations do not help at all:
                ef37ea06-c628-4117-a5cb-c22c64854d1c-image.png

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post