[HAProxy] 503 Errors when Serving Two VMs using 2 DDNSes Pointing to 1 Public IP
-
Hi, I am trying to serve two different VMs that have their individual DDNS using HAProxy but I keep getting 503 errors when accessing them. Accessing by their private IPs have no such issues though.
I have tried following these two guides but kept getting the issue too:
https://blog.briantruscott.com/how-to-serve-multiple-domains-from-a-single-public-ip-using-haproxy-on-pfsense/
https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/Single-frontend-serving-multiple-different-domains-using-httpI have set the DDNSes (from No-IP) in Services / Dynamic DNS / Dynamic DNS Clients to point to my public IP; without HAProxy I can verify that all DDNSes will point to the pfsense machine.
The HAProxy stats page shows no connection issues at all.
Here's my config file:
global maxconn 1000 stats socket /tmp/haproxy.socket level admin gid 80 nbproc 1 chroot /tmp/haproxy_chroot daemon listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats refresh 10 stats admin if TRUE stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend SharedFront bind 58.182.70.241:80 name 58.182.70.241:80 mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl ACL1 hdr(host) -i aaa.ddns.net acl ACL2 hdr(host) -i bbb.ddns.net use_backend aaa_http_ipv4 if ACL1 use_backend bbb_http_ipv4 if ACL2 backend aaa_http_ipv4 mode http log global timeout connect 30000 timeout server 30000 retries 3 source ipv4@ usesrc clientip option httpchk GET / server aaa 192.168.1.23:80 check inter 1000 backend bbb_http_ipv4 mode http log global timeout connect 30000 timeout server 30000 retries 3 source ipv4@ usesrc clientip option httpchk GET / server bbb 192.168.1.24:80 check inter 1000Where else should I start looking?
-
Can you uncheck the "transparent-client-ip" setting in the backend, and see if that helps.?.
-
Can you uncheck the "transparent-client-ip" setting in the backend, and see if that helps.?.
Thanks, that did help for bbb.ddns.net, but I am getting ERR_NAME_NOT_RESOLVED errors from aaa.ddns.net
I noticed that aaa.ddns.net is not pointing to the right IP address unlike bbb.ddns.net and have already fixed it but the errors still persistOk, aaa.ddns.net is up too; I just needed more time for the DNS to propagate.
Now, I wonder if similar issues will occur when directing HTTPS traffic in a similar setup…
-
Ok, I managed to change my setup to use HTTPS instead, here's my config:
global maxconn 1000 stats socket /tmp/haproxy.socket level admin uid 80 gid 80 nbproc 1 chroot /tmp/haproxy_chroot daemon listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats refresh 10 stats admin if TRUE stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend SharedFront bind 58.182.70.241:443 name 58.182.70.241:443 mode tcp log global timeout client 30000 tcp-request inspect-delay 5s acl ACL1 req.ssl_sni -i aaa.ddns.net acl ACL2 req.ssl_sni -i bbb.ddns.net tcp-request content accept if { req.ssl_hello_type 1 } use_backend aaa_https_ipvANY if ACL1 use_backend bbb_https_ipvANY if ACL2 backend aaa_https_ipvANY mode tcp log global timeout connect 30000 timeout server 30000 retries 3 option httpchk GET / server aaa 192.168.1.23:443 check-ssl check inter 1000 verify none backend bbb_https_ipvANY mode tcp log global timeout connect 30000 timeout server 30000 retries 3 option httpchk GET / server bbb 192.168.1.24:443 check-ssl check inter 1000 verify noneCan someone help check if there will be potential issues?