HAProxy not working for 1 site
-
can you send a screenshot of frontend ACL and action
-
This post is deleted! -
@magickarle Is this what you're looking for?
-
@CreationGuy
Did you add the hostname to the Nextcloud config? -
@viragomann Yes, that is under the DNS Resolver section. When going to the domain it talks about too many redirections.
-
@CreationGuy
I'm talking about the Nextcloud config.
<rootdir>/config/config.phpsection 'trusted_domains'
-
@viragomann I forgot to do that. It's in there now. I don't get the too many redirects but now it just spins.
-
Nextcloud’s overwriteprotocol setting in config.php. Add this if HAProxy handles SSL termination:
'overwriteprotocol' => 'https',
Ensure HAProxy isn't re-redirecting to itself. This can happen if the frontend or backend rules conflict.
What's does this return:
curl -v -H "Host: nc.zzzzz.net" https://nc.zzzzz.net -
@magickarle said in HAProxy not working for 1 site:
Nextcloud’s overwriteprotocol setting in config.php. Add this if HAProxy handles SSL termination:
'overwriteprotocol' => 'https',
Ensure HAProxy isn't re-redirecting to itself. This can happen if the frontend or backend rules conflict.
This seems not to be necessary, however.
I'm running Nextcloud behind HAproxy. HAproxy does TLS offloading with redirecting http to https, and the backend server requires https as well. But I don't have this in my NC config.
-
The connection has timed out
An error occurred during a connection to nc.mydomain.net:9001.
The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer’s network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.
root@truenas[~]# curl -v -H "Host: nc.mydomain.net" https://nc.mydomain.net * Trying 10.2.2.1:443... * Connected to nc.mydomain.net (10.2.2.1) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.mydomain.net * start date: Nov 24 22:20:11 2024 GMT * expire date: Feb 22 22:20:10 2025 GMT * subjectAltName: host "nc.mydomain.net" matched cert's "*.mydomain.net" * issuer: C=US; O=Let's Encrypt; CN=R11 * SSL certificate verify ok. * using HTTP/2 * h2h3 [:method: GET] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: nc.mydomain.net] * h2h3 [user-agent: curl/7.88.1] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x55a290830ce0) > GET / HTTP/2 > Host: nc.mydomain.net > user-agent: curl/7.88.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 307 < server: nginx/1.27.3 < date: Wed, 04 Dec 2024 13:34:43 GMT < content-type: text/html < content-length: 171 < location: https://nc.mydomain.net:9001/ < strict-transport-security: max-age=15552000; includeSubDomains; preload < <html> <head><title>307 Temporary Redirect</title></head> <body> <center><h1>307 Temporary Redirect</h1></center> <hr><center>nginx/1.27.3</center> </body> </html> * Connection #0 to host nc.mydomain.net left intact