HAProxy only Default backend is working
-
I'm not able to forward ports from my ISP supplied router. As a workaround, I have a persistent OpenVPN client connection running on PFSense and I've forwarded a port via my VPN service provider. All that to say I am able to establish a connection via HAproxy to my backend by going to https://mysubdomain.mydomain.com:[myopenvpnport]
But none of my subdomains are resolving correctly. Only the default backend gets returned, regardless of "mysubdomain"
I think it has something to do with routing the traffic on something other than 443/80. Seems like the subdomain info is getting lost...? Could also be something to do with the wildcard A record for my DNS registration. I don't know, I'm kind of fumbling in the dark here.
-
@oldgeezy said in HAProxy only Default backend is working:
But none of my subdomains are resolving correctly. Only the default backend gets returned, regardless of "mysubdomain"
Possibly you configured the HAproxy not properly.
If you give more details and show your set, maybe someone can tell you, what's wrong.
I think it has something to do with routing the traffic on something other than 443/80.
Routing doesn't care about ports normally.
Seems like the subdomain info is getting lost...?
The subdomain is only available in the host header, which is part of the HTTP protocol.
Are you even talking about HTTP here?Could also be something to do with the wildcard A record for my DNS registration
You can simply test this by trying to resolve your subdomains with dig or nslookup.
I guess, you pointed it to your VPN provider? -
Thanks for your comments. I'm at work now but I can try to share more details on the configuration later.
The more I think about it, the more I think the problem is not on the HAProxy side. HAProxy is returning subdomains correctly on the LAN listener and I created the WAN listener by copying it.
I'm pretty sure I can set my firewall rules so that the incoming WAN traffic lands on the LAN listener and get the same result.
Leads me to believe it's something to do with how my VPN service provider is forwarding the traffic, or my NAT / firewall rule configuration.
I'm not sure how to troubleshoot traffic getting passed, but getting striped of http headers along the way. Believe I am talking about HTTP, haha to the extent of my knowledge. Will have to come back to dig/nslookup. But the domain is resolving correctly.
-
@oldgeezy said in HAProxy only Default backend is working:
I'm pretty sure I can set my firewall rules so that the incoming WAN traffic lands on the LAN listener and get the same result.
Since you're talking about a VPN, where you get forwarded the traffic by the provider, I don't expect, that anything is coming in on the WAN, rather the VPN interface.
Leads me to believe it's something to do with how my VPN service provider is forwarding the traffic, or my NAT / firewall rule
If your main domain and subdomain resolve the the same IP, both should hit your interface or both not.
The VPN server cannot intercept the HTTPS and split the traffic anyhow.I'm not sure how to troubleshoot traffic getting passed,
Go to Diagnostic > Packet Capture and sniff the traffic on the involved interfaces.
but getting striped of http headers along the way.
Only a proxy working on the application layer can stripe a host header. And I don't expect, that you configured HAproxy to do this.
Believe I am talking about HTTP, haha to the extent of my knowledge.
So which application are you trying to reach and how. If you access it by an URL starting with http(s) it might obviously use HTTP.