(Solved) HAProxy "routing" problem
-
Hello,
I have a problem that my frontend do not rout the traffic to the correct backend.
Even if I typ in https://zwave.host.tdl I get https://galaxy.host.tdl
Is there a way to read a log what happens ?# Automaticaly generated, dont edit manually. # Generated on: 2018-11-15 12:36 global maxconn 50 log /var/run/log kern err stats socket /tmp/haproxy.socket level admin uid 80 gid 80 nbproc 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon tune.ssl.default-dh-param 2048 server-state-file /tmp/haproxy_server_state lua-load /var/etc/haproxy/luascript_acme-http01-webroot.lua ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 resolvers globalresolvers nameserver local localhost:53 resolve_retries 3 timeout retry 1s hold valid 10s frontend ACME bind 1.20.183.121:80 name 1.20.183.121:80 mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl url_acme_http01 var(txn.txnpath) -m beg -i /.well-known/acme-challenge acl varazir var(txn.txnhost) -m end -i host.tdl http-request set-var(txn.txnpath) path http-request set-var(txn.txnhost) hdr(host) http-request use-service lua.acme-http01 if METH_GET url_acme_http01 use_backend ToHTTPS_ipvANY if varazir frontend MAIN bind 0.0.0.0:443 name 0.0.0.0:443 bind /tmp/haproxy_chroot/MAIN.socket name unixsocket uid 80 accept-proxy mode tcp log global timeout client 30000 tcp-request inspect-delay 5s acl openvpn req.ssl_sni -i zedde.host.tdl acl galaxy req.ssl_sni -i galaxy.host.tdl acl domoticz req.ssl_sni -i zwave.host.tdl acl octoprint req.ssl_sni -i octoprint.host.tdl tcp-request content accept if { req.ssl_hello_type 1 } use_backend Openvpn_ipvANY if !{ req.ssl_hello_type 1 } !{ req.len 0 } use_backend Galaxy_ipvANY if galaxy use_backend SSLredirect_ipvANY if domoticz use_backend SSLredirect_ipvANY if octoprint default_backend SSLredirect_ipvANY frontend SSL bind 127.0.0.1:7443 name 127.0.0.1:7443 ssl crt-list /var/etc/haproxy/SSL.crt_list bind /tmp/haproxy_chroot/SSL.socket name unixsocket uid 80 accept-proxy ssl crt-list /var/etc/haproxy/SSL.crt_list mode http log global option http-keep-alive timeout client 30000 acl zwave var(txn.txnhost) -m beg -i zwave. acl octoprint var(txn.txnhost) -m beg -i octoprint. http-request set-var(txn.txnhost) hdr(host) use_backend Domoticz_ipvANY if zwave use_backend Octoprint_ipvANY if octoprint backend ToHTTPS_ipvANY mode http id 105 log global timeout connect 30000 timeout server 30000 retries 3 server toHTTPs /MAIN.socket send-proxy-v2-ssl-cn id 106 resolvers globalresolvers backend Openvpn_ipvANY mode tcp id 103 log global timeout connect 30000 timeout server 30000 retries 3 server zedde 192.168.0.20:1194 id 101 resolvers globalresolvers backend Galaxy_ipvANY mode tcp id 104 log global timeout connect 30000 timeout server 30000 retries 3 server galaxy 192.168.0.20:9443 id 101 maxconn 10 resolvers globalresolvers backend SSLredirect_ipvANY mode tcp id 107 log global timeout connect 30000 timeout server 30000 retries 3 server ssl-redirect /SSL.socket send-proxy-v2-ssl-cn id 108 resolvers globalresolvers backend Domoticz_ipvANY mode http id 100 log global timeout connect 30000 timeout server 30000 retries 3 option httpchk OPTIONS / server zwave 192.168.0.22:8080 id 101 check inter 1000 resolvers globalresolvers backend Octoprint_ipvANY mode http id 102 log global timeout connect 30000 timeout server 30000 retries 3 option httpchk OPTIONS / server octoprint 192.168.0.113:80 id 101 check inter 1000 resolvers globalresolvers -
Notice if I login to https://galaxy.host.tdl amd then try to access the other backends they get routed to https://galaxy.host.tdl
-
I moved the galaxy backend to the ssl offload fronted.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.