[HAProxy] 503 Errors when Serving Two VMs using 2 DDNSes Pointing to 1 Public IP



  • Hi, I am trying to serve two different VMs that have their individual DDNS using HAProxy but I keep getting 503 errors when accessing them. Accessing by their private IPs have no such issues though.

    I have tried following these two guides but kept getting the issue too:
    https://blog.briantruscott.com/how-to-serve-multiple-domains-from-a-single-public-ip-using-haproxy-on-pfsense/
    https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/Single-frontend-serving-multiple-different-domains-using-http

    I have set the DDNSes (from No-IP) in Services / Dynamic DNS / Dynamic DNS Clients to point to my public IP; without HAProxy I can verify that all DDNSes will point to the pfsense machine.

    The HAProxy stats page shows no connection issues at all.

    Here's my config file:

    global
    	maxconn			1000
    	stats socket /tmp/haproxy.socket level admin
    	gid			80
    	nbproc			1
    	chroot			/tmp/haproxy_chroot
    	daemon
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 name localstats
    	mode http
    	stats enable
    	stats refresh 10
    	stats admin if TRUE
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    frontend SharedFront
    	bind			58.182.70.241:80 name 58.182.70.241:80   
    	mode			http
    	log			global
    	option			http-keep-alive
    	option			forwardfor
    	acl https ssl_fc
    	http-request set-header		X-Forwarded-Proto http if !https
    	http-request set-header		X-Forwarded-Proto https if https
    	timeout client		30000
    	acl			ACL1	hdr(host) -i aaa.ddns.net
    	acl			ACL2	hdr(host) -i bbb.ddns.net
    	use_backend aaa_http_ipv4  if  ACL1 
    	use_backend bbb_http_ipv4  if  ACL2 
    
    backend aaa_http_ipv4
    	mode			http
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	source ipv4@ usesrc clientip
    	option			httpchk GET / 
    	server			aaa 192.168.1.23:80 check inter 1000  
    
    backend bbb_http_ipv4
    	mode			http
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	source ipv4@ usesrc clientip
    	option			httpchk GET / 
    	server			bbb 192.168.1.24:80 check inter 1000
    

    Where else should I start looking?



  • Can you uncheck the "transparent-client-ip" setting in the backend, and see if that helps.?.



  • @PiBa:

    Can you uncheck the "transparent-client-ip" setting in the backend, and see if that helps.?.

    Thanks, that did help for bbb.ddns.net, but I am getting ERR_NAME_NOT_RESOLVED errors from aaa.ddns.net

    I noticed that aaa.ddns.net is not pointing to the right IP address unlike bbb.ddns.net and have already fixed it but the errors still persist

    Ok, aaa.ddns.net is up too; I just needed more time for the DNS to propagate.

    Now, I wonder if similar issues will occur when directing HTTPS traffic in a similar setup…



  • Ok, I managed to change my setup to use HTTPS instead, here's my config:

    global
    	maxconn			1000
    	stats socket /tmp/haproxy.socket level admin
    	uid			80
    	gid			80
    	nbproc			1
    	chroot			/tmp/haproxy_chroot
    	daemon
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 name localstats
    	mode http
    	stats enable
    	stats refresh 10
    	stats admin if TRUE
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    frontend SharedFront
    	bind			58.182.70.241:443 name 58.182.70.241:443   
    	mode			tcp
    	log			global
    	timeout client		30000
    	tcp-request inspect-delay	5s
    	acl			ACL1	req.ssl_sni -i aaa.ddns.net
    	acl			ACL2	req.ssl_sni -i bbb.ddns.net
    	tcp-request content accept if { req.ssl_hello_type 1 }
    
    	use_backend aaa_https_ipvANY  if  ACL1 
    	use_backend bbb_https_ipvANY  if  ACL2 
    
    backend aaa_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk GET / 
    	server			aaa 192.168.1.23:443 check-ssl check inter 1000  verify none 
    
    backend bbb_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk GET / 
    	server			bbb 192.168.1.24:443 check-ssl check inter 1000  verify none
    

    Can someone help check if there will be potential issues?