HAProxy Web site OWA collision

  • Hello all, I am using pfSense 2.43. with HaProxy 0.54_2. I have it setup pointing to 2 different servers on my lan. The server with Apache works fine. The other server is iis 8.5 on 2012r2 server with exchange 2010 (it hosts 2 web sites along with exchange). The back-end that points to the 2012r2 server seems to try and connect with the default web site that has exchange on it. (I determined this by looking at the log files). What did I forget to do to get it to point to the other web site?
    I hope I have given enough info


    Automaticaly generated, dont edit manually.

    Generated on: 2018-04-24 09:18

    maxconn 1000
    stats socket /tmp/haproxy.socket level admin
    gid 80
    nbproc 1
    chroot /tmp/haproxy_chroot
    server-state-file /tmp/haproxy_server_state

    listen HAProxyLocalStats
    bind name localstats
    mode http
    stats enable
    stats admin if TRUE
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

    frontend incoming
    bind 24..1.:80 name 24..1.:80 
    mode http
    log global
    option http-keep-alive
    timeout client 30000
    acl pest hdr(host) -i www.1st.com
    acl rebel hdr(host) -i www.2nd.com
    use_backend Pestilentone_http_ipv4  if  pest
    use_backend rebelhuskys_http_ipv4  if  rebel

    backend Pestilentone_http_ipv4
    mode http
    log global
    timeout connect 30000
    timeout server 30000
    retries 3
    source ipv4@ usesrc clientip
    option httpchk OPTIONS /
    server backupR7 check inter 1000  weight 1 (I suspect this maybe my problem)

    backend rebelhuskys_http_ipv4
    mode http
    log global
    timeout connect 30000
    timeout server 30000
    retries 3
    source ipv4@ usesrc clientip
    option httpchk OPTIONS /
    server pupcam check inter 1000  weight 1

  • Looks like a client request to www.1st.com should end up fine on the first webserver.. And as haproxy doesnt change any headers u less asked to do so the virtualhost 'www.1st.com' would be requested from the iis server.. Sofar that should work ok.. The thing that might end up on the default-site of the iis machine is the health-check, you can/should add a host header there to check the right site health. (there is a little example also for the healthcheck version field on the webgui)

  • Thanks, that got it working ,except on my  (Adobe media server 5) on the Apache box  (rebel  hdr(host) -i www.2nd.com). My live streams do not pass through:

    http://www.2nd.com/StrobeMediaPlayback/for Flash Player 10.1/StrobeMediaPlayback.swf

    I have this rule in nat firewall " WAN  TCP  WAN address  1935  1935  pupcam flash" (If I have Haproxy turned off and go back to my original port 80  nat fire wall rule  " WAN  TCP  *  *  WAN address  80 (HTTP)  80 (HTTP)  Web on pupcam " everything works)

    Any suggestions on what I have forgotten?

  • Cant tell atm, could share a link to a similar working livestream perhaps if you know of one.?

    For testing i made a little haproxy config and used my hosts file to point the domain to it for this url.. http://qthttp.apple.com.edgesuite.net/1010qwoeiuryfg/sl.m3u8 that seemed to go fine.. Healthcheck needed a little work to get going with http checks.. But other than that.. Just point and go.. p.s. i used VLC as a client..

    Can you perhaps share the details of what url your really using? Is there something similar on the web i can test against.? (perhaps PM me your real domain .m3u8 link ?)

  • I sent you (PiBa) a PM with Addresses.

  • It looks like the m3u8 file link is pointing to '2nd.com' instead of 'www.2nd.com'.

    Should perhaps allow both hostnames to be used.?:

       acl         rebel   hdr(host) -i www.2nd.com
       acl         rebel   hdr(host) -i 2nd.com

  • You my friend are officially on my Christmas card list. Thank You !!
    If you like Siberian Husky puppys, there will be a live stream of them in June.
    If you have a donation button somewhere point me to it.

Log in to reply