• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need help with HAProxy config

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Y
    yuljk
    last edited by Jul 7, 2017, 5:32 PM

    Hi guys - Please see my config below

    # Automaticaly generated, dont edit manually.
    # Generated on: 2017-07-07 18:29
    global
    	maxconn			100
    	stats socket /tmp/haproxy.socket level admin
    	uid			80
    	gid			80
    	nbproc			1
    	chroot			/tmp/haproxy_chroot
    	daemon
    	server-state-file /tmp/haproxy_server_state
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 name localstats
    	mode http
    	stats enable
    	stats admin if TRUE
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    frontend HTTP-Edge
    	bind			86.16.238.175:443 name 86.16.238.175:443   
    	bind			86.16.238.175:80 name 86.16.238.175:80   
    	mode			tcp
    	log			global
    	option			dontlog-normal
    	timeout client		30000
    	tcp-request inspect-delay	5s
    	acl			mail-acl	req.ssl_sni -i mail.apollon-domain.co.uk
    	acl			filter-acl	req.ssl_sni -i filter.apollon-domain.co.uk
    	tcp-request content accept if { req.ssl_hello_type 1 }
    
    	use_backend mail_https_ipvANY  if  mail-acl 
    	use_backend filter_https_ipvANY  if  filter-acl 
    
    backend mail_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			CERBERUS 192.168.50.183:443 check-ssl check inter 1000  verify none 
    
    backend filter_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			GLAUCUS 192.168.50.185:80 check inter 1000
    

    If I navigate to https://mail.apollon-domain.co.uk externally it times out.  Stats page shows my mail server as UP.

    Basically I just want a single frontend supporting http and https.  Where am I going wrong here?

    Many thanks

    1 Reply Last reply Reply Quote 0
    • S
      Soyokaze
      last edited by Jul 7, 2017, 11:00 PM

      Your front-end is configured in TCP mode, but you asking for HTTP processing (ACLs based on HTTP Hostname).
      Switch front-end to HTTP mode.

      Need full pfSense in a cloud? PM for details!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received