A bit confused about HAProxy single frontend to multiple domains

Mastiff

I have set up HAproxy likt this:
Backend named Example (no, not really, but we'll use that...as an example... (sorry, I'm struggling here...)) with forwardto set to adress+port, the correct address I'm sending to (192.168.1.50), port 80 (for http) and no SSL. In addition I have health check set to basic.

The frontend is set to WAN (and I see my WAN address in the list) with port 80, type is http and Backend is Example. Max connections is 100, type is http/https offloading. On the frontend ACL I have tried both host contains example and host matches www.example.com. Actions is use backend Example, parameters shows "see below", and the condition ACL names is Example. The rest is set to the default settings. But nothing happens.

Should I have changed anything in firewall or NAT to get this to work? I have disabled the NAT rule I had for HTTP.

Mastiff

Oh, I followed the guide here to set it up this far: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/Single-frontend-serving-multiple-different-domains-using-http

PiBa

You did make a firewall rule to allow the traffic? Does the stats page show your backends as 'up'?

Mastiff

Yes, it seems like both ends are up. But I think the firewall rule can be the problem. The thing is that I didn't understand how to allow the traffic, since I couldn't choose the proxy as the destination. What should I set it to?

Mastiff

I have now added a firewall rule that allows port 80 to 192.168.1.50, but it doesn't seem to change anything yet.

Edit: And in the previous answer I didn't mean the proxy as destination, but as an interface. I thought I had to do it on the proxy interface. That is wrong?

PiBa

If haproxy is listening on the wan ip then you need to allow traffic to that wan-ip.

Mastiff

Thanks! I have done that now. Suddenly my webserver started to say error 10054, "An existing connection was forcibly closed by the remote host." Any idea why that's happening? It stops when I deactivate the frontend.

Mastiff

Found the reason! The server did not like the health check (it's a home automation software, not a regular webserver). I still can't seem to get to the server from outside, though. But there's some contact since the health check made it go bananas.

Mastiff

Finally! For some reason it didn't work to set a rule allowing traffic to the destination IP for the proxy. Opening for port 80 to any destination fixed it!