Haproxy and www-alias
I've just install a PfSense with Haproxy.
Started configure it, all fork fine, but…
Dont understand how to setup Haproxy to work with www-alias of my backends?
I've tried to use a single frontend with ACL, wrote 1 rule where host name contains my hostname and action Use Backend.
But, without www all work fine, on www-alias get "503 Service Unavailable, No server is available to handle this request."
I've tried to get www via telnet from backend machine - all work.
ANd tried to get www via remote machine - get 503...
Check stats page that the servers are all 'green' from their health-checks.
Other than that can you share the haproxy.cfg ? What did your acl's look like exactly? And whats the name your trying to visit?
If none of the backends is selected due to the (to restrictive?) acl's that could result in the 503 page.
Where i can find haproxy.cfg?
And one more question - sometimes when i add a new backend machine, its not working, and i got 503 error.
In Stats this backend is DOWN - why?
if i checked it via telnet - all ok. Ping working.
Haproxy.cfg can be found at the bottom of the settings tab. (there is a link to make it visible)
If a backend only has a down server that explains the 503 as well.
Why the backend is down can be due to a number of reasons. Usually changing the health-check by adding a host header and perhaps a different method. Check my wiki here about some things to try there: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_troubleshooting
I found that if Check frequency parameter is not changed (implementing default 1000 ms), than haproxy think that host is down and get me 503 error.
When i changed this var to 5000 ms, its all ok.
That probably means that the webpage the healthcheck is checking is taking quite a bit of time to complete. Which might mean its keeping your webserver 'busy' just with the haproxy healthchecks.. You might want to try and configure a smaller/faster page to perform the actual checks against, but do try to still make it check the full chain (database connection & file storage present) so it wont stay 'UP' when the actual website is failing for endusers.