Need help with HAProxy config



  • Hi guys - Please see my config below

    # Automaticaly generated, dont edit manually.
    # Generated on: 2017-07-07 18:29
    global
    	maxconn			100
    	stats socket /tmp/haproxy.socket level admin
    	uid			80
    	gid			80
    	nbproc			1
    	chroot			/tmp/haproxy_chroot
    	daemon
    	server-state-file /tmp/haproxy_server_state
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 name localstats
    	mode http
    	stats enable
    	stats admin if TRUE
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    frontend HTTP-Edge
    	bind			86.16.238.175:443 name 86.16.238.175:443   
    	bind			86.16.238.175:80 name 86.16.238.175:80   
    	mode			tcp
    	log			global
    	option			dontlog-normal
    	timeout client		30000
    	tcp-request inspect-delay	5s
    	acl			mail-acl	req.ssl_sni -i mail.apollon-domain.co.uk
    	acl			filter-acl	req.ssl_sni -i filter.apollon-domain.co.uk
    	tcp-request content accept if { req.ssl_hello_type 1 }
    
    	use_backend mail_https_ipvANY  if  mail-acl 
    	use_backend filter_https_ipvANY  if  filter-acl 
    
    backend mail_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			CERBERUS 192.168.50.183:443 check-ssl check inter 1000  verify none 
    
    backend filter_https_ipvANY
    	mode			tcp
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			GLAUCUS 192.168.50.185:80 check inter 1000
    

    If I navigate to https://mail.apollon-domain.co.uk externally it times out.  Stats page shows my mail server as UP.

    Basically I just want a single frontend supporting http and https.  Where am I going wrong here?

    Many thanks



  • Your front-end is configured in TCP mode, but you asking for HTTP processing (ACLs based on HTTP Hostname).
    Switch front-end to HTTP mode.


Log in to reply