Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with getting second server working with haproxy

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 694 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vMAC
      last edited by

      I currently have a couple servers and I am hoping to get those servers operating via haproxy. I currently have a zoneminder server which I have successfully set up so that any device I use while on my LAN will successfully be forwarded to my zoneminder server by using zm.domain.com. I also have a wildcard cert and now I don't get the browser warning when connecting on my LAN.

      My issue is that I am also trying to add another server (Truenas) and I would like it to be found by going to tn.domain.com. Unfortunately though I have copied the settings that I used to create the ZM proxy. It is not working for the Truenas server. Sometimes I get a 503 error, and other times I get a Redirected Too Many times error. Looking at the config, can anyone point me in the right direction to fix what I'm doing wrong?

      # Automaticaly generated, dont edit manually.
# Generated on: 2024-12-30 15:32
global
	maxconn			1000
	log			/var/run/log	local0	debug
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	uid			80
	gid			80
	nbthread			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	ssl-default-bind-ciphersuites	TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-server-ciphersuites	TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-bind-options	ssl-min-ver TLSv1.3 no-tls-tickets
	ssl-default-server-options	ssl-min-ver TLSv1.3 no-tls-tickets
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:10 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend http-to-https
	bind			0.0.0.0:80 name 0.0.0.0:80   
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	http-request redirect scheme https 

frontend https-frontend
	bind			0.0.0.0:443 name 0.0.0.0:443   ssl crt-list /var/etc/haproxy/https-frontend.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			zm-web	var(txn.txnhost) -m str -i zm.domain.com
	acl			tn-web	var(txn.txnhost) -m str -i tn.domain.com
	acl			aclcrt_https-frontend	var(txn.txnhost) -m reg -i ^([^\.]*)\.servers\.com(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend zm_server_ipvANY  if  zm-web aclcrt_https-frontend
	use_backend tn_server_ipvANY  if  tn-web aclcrt_https-frontend

backend zm_server_ipvANY
	mode			http
	id			100
	log			global
	http-check		send meth OPTIONS
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
	option			httpchk
	server			zm_server 192.168.1.15:80 id 101 check inter 1000  

backend tn_server_ipvANY
	mode			http
	id			102
	log			global
	http-check		send meth OPTIONS
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
	option			httpchk
	server			tn_server 192.168.1.10:80 id 101 check inter 1000
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @vMAC
        last edited by

        @vMAC said in Help with getting second server working with haproxy:

        Sometimes I get a 503 error, and other times I get a Redirected Too Many times error.

        I'd consider these as different issues.

        HAproxy give 503 if the backend state is offline or the backend does not respond as expected.
        So first ensure, that HAproxy shows the backend as online in the stats. I'd switch over to basic health check for testing.

        However, "redirected to many times" might come from the browser. Best you use the browsers debugging mode to investigate, what's going on here.

        V 1 Reply Last reply Reply Quote 0
        • V
          vMAC @viragomann
          last edited by

          @viragomann said in Help with getting second server working with haproxy:

          @vMAC said in Help with getting second server working with haproxy:

          Sometimes I get a 503 error, and other times I get a Redirected Too Many times error.

          I'd consider these as different issues.

          HAproxy give 503 if the backend state is offline or the backend does not respond as expected.
          So first ensure, that HAproxy shows the backend as online in the stats. I'd switch over to basic health check for testing.

          However, "redirected to many times" might come from the browser. Best you use the browsers debugging mode to investigate, what's going on here.

          Got it, so here is what I found. Truenas has a Http -> Https redirect built into settings. I had it checked, unchecking it has not stopped the too many redirects, and looks to have resolved my original issue. Thank you!

          I am now trying to set one up for my Unifi Cloud Controller though and it is giving me a TLS mismatch error as I am trying to redirect to a 8443 port?
          Bad Request
          This combination of host and port requires TLS.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.