Haproxy - Reverse Proxy to subdomain.exemple.com
-
You do notice that you have typed "exemple" i/o "example" in your browser, right?
It also looks like the ip you're referring to isn't serving anything at port 80 or the firewall can't reach it.
What happens if you replace your ip 172.16.0.250 with something like 172.217.17.68 (Which is a google server)The config seems to be ok from my perspective.
Mind you that exemple.com is registered (well it has a webserver behind it) so should you want to test it internally make sure it's internally resolved to the Firewall.
Are the IP addresses you are using actually internal and does your firewall know how to reach them?
One of them actually seems to be external and not having an HTTP server running which will definately end up in the error you get if your firewall tries to reach it through HAProxy. -
By the way; please don't open up your firewall like this.
It's best to open up port 80 only if your main purpose is Proxying for internal servers.
Doing this is almost as good as leaving out your firewall and just reverse proxying on Nginx. -
This is actually, I am using the exemple.com domain and subdomain.example.com just illustrate how I configured it, that domain is fake, actually my HAProxy settings are pointing to my real domain.
When I type my real domain, the error I have in the browser is this 503
Already the rules of my firewall, are exactly like the image above, ie all open ports -
By the way; please don't open up your firewall like this.
It's best to open up port 80 only if your main purpose is Proxying for internal servers.
Doing this is almost as good as leaving out your firewall and just reverse proxying on Nginx.Exactly, that my pfsense is only for testing with HAProxy, but my intention when it goes into production is to fine tune all these firewall rules…
-
Ok the 503 normally means your HAProxy has pickedup the incoming request, attempted to contact the backend but failed to connect to it.
So in this case double check your backend because it seems to be off.
-
Sorry for my dumb question.
But how do I check if the backend is active or not?
My backend is exactly like the images above -
Well according to your configuration you should have a backend running on
http://172.16.0.250:80Now this will -at least- need to give a response when going to it with a web-browser.
Usually the backend will have a multi-domain structure so it will return a different page, depending on the hostname you are redirecting for.Technically you can have several websites running on the same server on the same port.
This is e.g. how webshops often do it. -
Check stats page like explained here: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_troubleshooting
Make sure the servers are seen as 'up'.Also disable the transparent-client-ip on the backend, or at least understand what it affects. It 'breaks' things some expect to 'just work'..
-
Hello everyone.
Thanks for the posts posted, but I really can not make HAProxy work recursively.
I've been trying this for over 30 days and with no success.
If someone has the HAProxy configured, and can leave the prints of the settings I thank -
At the risk of stating the obvious: exemple is NOT the same thing as example. You keep producing that typo over and over and over again. When you keep obfuscating your setup and producing collateral typos in the way, it's impossible for others to debug anyway.
You've already been told how to debug in the post directly above.