Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy passthrough not working

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geocast
      last edited by

      Hi everyone

      I was settings up HAProxy on my PfSense (SG-8860 newest Version). And I already ran into a certain problem what I showed in this topic

      https://forum.pfsense.org/index.php?topic=137483.msg752004#msg752004

      It works now sometimes. But some Users say they have to load the page 2-10 times until it works. Towards that I was settings up Direct Access from Mircosoft and it is not connecting. HTTP is working fine only HTTPS is not working reliable. Now I'm wondering if passthrough is not setup correctly. Attached I have my Config file from PfSense (anonymised)

      # Automaticaly generated, dont edit manually.
      # Generated on: 2017-10-05 17:24
      global
      	maxconn			100000
      	stats socket /tmp/haproxy.socket level admin
      	uid			80
      	gid			80
      	nbproc			1
      	chroot			/tmp/haproxy_chroot
      	daemon
      	server-state-file /tmp/haproxy_server_state
      
      listen HAProxyLocalStats
      	bind 127.0.0.1:8082 name localstats
      	mode http
      	stats enable
      	stats admin if TRUE
      	stats uri /haproxy/haproxy_stats.php?haproxystats=1
      	timeout client 5000
      	timeout connect 5000
      	timeout server 5000
      
      frontend Front-End-https
      	bind			publicIP:443 name publicIP:443   
      	mode			tcp
      	log			global
      	timeout client		30000
      	tcp-request inspect-delay	5s
      	acl			fc	req.ssl_sni -m sub -i fc.contoso.com
      	acl			franch	req.ssl_sni -m sub -i contoso.dyndns.org
      	acl			moe	req.ssl_sni -m sub -i moe.contoso.com
      	tcp-request content accept if { req.ssl_hello_type 1 }
      
      	use_backend fc.contoso.com_https_ipvANY  if  fc 
      	use_backend contoso.dyndns.org_https_ipvANY  if  franch
      	use_backend moe.contoso.com_https_ipvANY  if  moe.da 
      
      frontend Front-End-http
      	bind			publicIP:80 name publicIP:80   
      	mode			http
      	log			global
      	option			http-keep-alive
      	timeout client		30000
      	acl			fc.contoso.com	hdr_sub(host) -i fc.contoso.com
      	acl			contoso.dyndns.org	hdr_sub(host) -i contoso.dyndns.org
      	acl			testa.dyndns.org	hdr_sub(host) -i testa.dyndns.org
      	acl			moe.contoso.com	hdr_sub(host) -i moe.contoso.com
      	http-request redirect scheme https  if  fc.contoso.com 
      	http-request redirect scheme https code 301  if  contoso.dyndns.org
      	use_backend testa.dyndns.org_http_ipvANY  if  testa.dyndns.org
      	use_backend moe.contoso.com_http_ipvANY  if  moe.contoso.com
      
      backend fc.contoso.com_https_ipvANY
      	mode			tcp
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			http-fc.contoso.com 192.168.13.37:80  
      	server			https-contoso.dyndns.org 192.168.13.37:443 check-ssl  verify none 
      
      backend contoso.dyndns.org_https_ipvANY
      	mode			tcp
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			http-contoso.dyndns.org 192.168.13.37:443 check-ssl  verify none 
      	server			https-contoso.dyndns.org 192.168.13.37:80  
      
      backend moe.contoso.com_https_ipvANY
      	mode			tcp
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			https-moe.contoso.com 192.168.13.35:80  
      	server			http-moe.contoso.com 192.168.13.35:443 check-ssl  verify none 
      
      backend testa.dyndns.org_http_ipvANY
      	mode			http
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	option			httpchk OPTIONS / 
      	server			testa.dyndns.org 192.168.13.10:7588 check inter 1000  
      
      backend moe.contoso.com_http_ipvANY
      	mode			http
      	log			global
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			https-moe.contoso.com 192.168.13.35:80  
      	server			http-moe.contoso.com 192.168.13.35:443 ssl  verify none
      

      Any advice what could be wrong?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.