Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with HAProxy config

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yuljkY
      yuljk
      last edited by

      Hi guys - Please see my config below

      # Automaticaly generated, dont edit manually.
      # Generated on: 2017-07-07 18:29
      global
      	maxconn			100
      	stats socket /tmp/haproxy.socket level admin
      	uid			80
      	gid			80
      	nbproc			1
      	chroot			/tmp/haproxy_chroot
      	daemon
      	server-state-file /tmp/haproxy_server_state
      
      listen HAProxyLocalStats
      	bind 127.0.0.1:2200 name localstats
      	mode http
      	stats enable
      	stats admin if TRUE
      	stats uri /haproxy/haproxy_stats.php?haproxystats=1
      	timeout client 5000
      	timeout connect 5000
      	timeout server 5000
      
      frontend HTTP-Edge
      	bind			86.16.238.175:443 name 86.16.238.175:443   
      	bind			86.16.238.175:80 name 86.16.238.175:80   
      	mode			tcp
      	log			global
      	option			dontlog-normal
      	timeout client		30000
      	tcp-request inspect-delay	5s
      	acl			mail-acl	req.ssl_sni -i mail.apollon-domain.co.uk
      	acl			filter-acl	req.ssl_sni -i filter.apollon-domain.co.uk
      	tcp-request content accept if { req.ssl_hello_type 1 }
      
      	use_backend mail_https_ipvANY  if  mail-acl 
      	use_backend filter_https_ipvANY  if  filter-acl 
      
      backend mail_https_ipvANY
      	mode			tcp
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	option			httpchk OPTIONS / 
      	server			CERBERUS 192.168.50.183:443 check-ssl check inter 1000  verify none 
      
      backend filter_https_ipvANY
      	mode			tcp
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	option			httpchk OPTIONS / 
      	server			GLAUCUS 192.168.50.185:80 check inter 1000
      

      If I navigate to https://mail.apollon-domain.co.uk externally it times out.  Stats page shows my mail server as UP.

      Basically I just want a single frontend supporting http and https.  Where am I going wrong here?

      Many thanks

      1 Reply Last reply Reply Quote 0
      • S
        Soyokaze
        last edited by

        Your front-end is configured in TCP mode, but you asking for HTTP processing (ACLs based on HTTP Hostname).
        Switch front-end to HTTP mode.

        Need full pfSense in a cloud? PM for details!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.