HAPROXY + Wordpress -> Error 503
-
Hello everyone,
I need your advice for my problem. I've spent hours / days searching the WWW for answers but none of them are complete or would have helped me figure out what I did wrong.
So I installed ACME and HAPROXY by following Tom's great video (thanks Tom!) which is here https://www.youtube.com/watch?v=bU85dgHSb2E
I succeeded perfectly in the ACME part because for both my DNS "www.my-adresse-1.xyz" and "www.my-adresse-2.xy" I have the
On my Synology NAS I have my site “www.my-adresse-1.xyz” which has been running perfectly with “Wordpress” for several years.
My two-step project is to bridge my HAPROXY on my Synology NAS address 192.168.1.46 to manage this site and its certificate and therefore remove the current NAT -> Port Foward rule that I had set up and that works to direct everything to my Synology NAS and not the site.
So I removed this NAT rule and followed Tom's tutorial for configuring HAPROXY.
And put this one in (Firewall / Rules / WAN):
My only result, which is already good, is to have in the HAPROXY statistics no site in “green”, I can connect to it either as admin, or just to see my site (user) without any problem internally at home.
But if I try to connect from outside, I systematically get a 503 error.
I'm going round in circles and don't know what to do.
I've also tried (still following Tom's video) to point to my other NAS in UNRAID and launch “kuma uptime” (the test Tom does in his video), I always end up on the home page of my UNRAID NAS and never on the kuma port 3001 (tested from outside but the same from my home), port 3001 is never taken into account by HAPROXY and doesn't redirect anything I always end up on the UNRAID home page in 192.168.1.80
That's it, if you have just the clue to help me unblock myself, thank you very much for your help. I feel like I've tested everything!? could “pfBlockerNG” block anything? I can't easily accuse anyone but myself now...
My "Frontend"
Settings Backend pour "Kuma" :
Frontend :
-
@SwissSteph
First of all ensure that the backend is shown up as online in the stats.
You may have to configure the health check properly. -
Thank you for your message. Everything seems (to me) OK!?
EDIT:
still the same problem, even though I have the correct certificate created in ACME
-
@SwissSteph
Obviously your backend doesn't respond to the request from HAproxy though.HAproxy uses the settings you stated for the backend server to access it. I noticed, that you use port 443, but have "Encrypt" unchecked. I don't assume, that your server is really configured this way.
You probably have to enable encryption in the backend settings. -
@viragomann
Thank you for your intervention and your message. I have the impressiuon that I have used all the possibilities (my eyes don't see much anymore with all these modifications), but I still get error 503.Maybe it's Wordpress that's at fault? But here too I've tried removing all the plugins and the same result (well, without having tried all the possibilities below), I don't know what to modify ...
-
@SwissSteph
The client certificate in the backend settings is for servers, which require a client certificate to get access. I don't presume, your server is configured like that. So just remove this.I don't use Wordpress, but I don't think that it's on the app. This would probably throw another error.
For testing select your WP backend as default in the frontend to rule out host miss-match issues.
And I suspect, that there is a misconfiguration indeed.
The host-match ACL shows the value beginning with "www", but your browser screenshot shows the hostname starting with an "s". -
@viragomann
Thanks again for your input, I don't know if I've understood all your message and made all the proposed changes, so here are my latest screenshots. What do you think?With this configuration I have the certificate in my browser, and now a 404 error ... that's a plus ;-) I don't know if it's good news, but at least there's a change in the error.
What's incredible is that if I go directly to my NAS for this site it has been working perfectly for several years
-
@SwissSteph said in HAPROXY + Wordpress -> Error 503:
With this configuration I have the certificate in my browser, and now a 404 error ... that's a plus ;-)
So yeah, you are a step further.
However, I think, you should learn some basics about how HAproxy works.In short, it acts as a webserver, which you access with your browser and it acts as a client accessing your real backend server, which hosts the page.
The frontend includes all the webserver settings and the client settings are done in the backend.
So in the frontend you have to specify settings like the IP, port, host name and if TLS should be used. If you check "SSL offloading" you need to state a certificate below, which is handed out to the web browser.
In the backend you have to specify, how HAproxy accesses the backend server. You can state the IP and port and if it's encrypted or not.If you backend server is configured to provide TLS itself (what I assume in your case) you have to check "SSL" in the backend and probably need to set the port to 443, as long as the server does not listen on something else.
"SSL checks" means, that HAproxy will verifies the certificate. This might not be needed, when accessing an internal server.Note that HAproxy used just the values you stated in the backend settings. It doesn't add / change the host header, even if you stated a host name. It just resolves the name and access the resulting IP.
If HAproxy cannot access the backend server or doesn't get a proper response you get error 503 or alike.
But now you get error 404. This error comes from your backend server. So presumably your backend settings are still wrong.
As I mentioned above "Encrypt (SSL)" might be need to check. If you still get 404 go to the backend server and check its log file for hints. -
@viragomann
THANK YOU!I will study every word of your message and continue my inspection.
I'll come back here with the rest, and if I finally come up with a solution that works I'll put it here completely for others too.