Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (Solved) HAProxy "routing" problem

    Scheduled Pinned Locked Moved Cache/Proxy
    haproxy
    3 Posts 1 Posters 907 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      varazir
      last edited by varazir

      Hello,

      I have a problem that my frontend do not rout the traffic to the correct backend.
      Even if I typ in https://zwave.host.tdl I get https://galaxy.host.tdl
      Is there a way to read a log what happens ?

      # Automaticaly generated, dont edit manually.
# Generated on: 2018-11-15 12:36
global
	maxconn			50
	log			/var/run/log	kern	err
	stats socket /tmp/haproxy.socket level admin 
	uid			80
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state
	lua-load		/var/etc/haproxy/luascript_acme-http01-webroot.lua
	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

resolvers globalresolvers
	nameserver local localhost:53
	resolve_retries 3
	timeout retry 1s
	hold valid 10s

frontend ACME
	bind			1.20.183.121:80 name 1.20.183.121:80   
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			url_acme_http01	var(txn.txnpath) -m beg -i /.well-known/acme-challenge
	acl			varazir	var(txn.txnhost) -m end -i host.tdl
	http-request set-var(txn.txnpath) path
	http-request set-var(txn.txnhost) hdr(host)
	http-request use-service lua.acme-http01  if  METH_GET url_acme_http01 
	use_backend ToHTTPS_ipvANY  if  varazir 

frontend MAIN
	bind			0.0.0.0:443 name 0.0.0.0:443   
	bind /tmp/haproxy_chroot/MAIN.socket name unixsocket uid 80 accept-proxy  
	mode			tcp
	log			global
	timeout client		30000
	tcp-request inspect-delay	5s
	acl			openvpn	req.ssl_sni -i zedde.host.tdl
	acl			galaxy	req.ssl_sni -i galaxy.host.tdl
	acl			domoticz	req.ssl_sni -i zwave.host.tdl
	acl			octoprint	req.ssl_sni -i octoprint.host.tdl
	tcp-request content accept if { req.ssl_hello_type 1 }
	use_backend Openvpn_ipvANY  if  !{ req.ssl_hello_type 1 } !{ req.len 0 } 
	use_backend Galaxy_ipvANY  if  galaxy 
	use_backend SSLredirect_ipvANY  if  domoticz 
	use_backend SSLredirect_ipvANY  if  octoprint 
	default_backend SSLredirect_ipvANY

frontend SSL
	bind			127.0.0.1:7443 name 127.0.0.1:7443   ssl crt-list /var/etc/haproxy/SSL.crt_list  
	bind /tmp/haproxy_chroot/SSL.socket name unixsocket uid 80 accept-proxy   ssl crt-list /var/etc/haproxy/SSL.crt_list 
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	acl			zwave	var(txn.txnhost) -m beg -i zwave.
	acl			octoprint	var(txn.txnhost) -m beg -i octoprint.
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Domoticz_ipvANY  if  zwave 
	use_backend Octoprint_ipvANY  if  octoprint 

backend ToHTTPS_ipvANY
	mode			http
	id			105
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	server			toHTTPs /MAIN.socket send-proxy-v2-ssl-cn id 106  resolvers globalresolvers 

backend Openvpn_ipvANY
	mode			tcp
	id			103
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	server			zedde 192.168.0.20:1194 id 101  resolvers globalresolvers 

backend Galaxy_ipvANY
	mode			tcp
	id			104
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	server			galaxy 192.168.0.20:9443 id 101  maxconn 10 resolvers globalresolvers 

backend SSLredirect_ipvANY
	mode			tcp
	id			107
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	server			ssl-redirect /SSL.socket send-proxy-v2-ssl-cn id 108  resolvers globalresolvers 

backend Domoticz_ipvANY
	mode			http
	id			100
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			zwave 192.168.0.22:8080 id 101 check inter 1000  resolvers globalresolvers 

backend Octoprint_ipvANY
	mode			http
	id			102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	option			httpchk OPTIONS / 
	server			octoprint 192.168.0.113:80 id 101 check inter 1000  resolvers globalresolvers
      1 Reply Last reply Reply Quote 0
      • V
        varazir
        last edited by

        Notice if I login to https://galaxy.host.tdl amd then try to access the other backends they get routed to https://galaxy.host.tdl

        1 Reply Last reply Reply Quote 0
        • V
          varazir
          last edited by

          I moved the galaxy backend to the ssl offload fronted.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.