(Solved) HAProxy "routing" problem



  • Hello,

    I have a problem that my frontend do not rout the traffic to the correct backend.
    Even if I typ in https://zwave.host.tdl I get https://galaxy.host.tdl
    Is there a way to read a log what happens ?

    # Automaticaly generated, dont edit manually.
    # Generated on: 2018-11-15 12:36
    global
    	maxconn			50
    	log			/var/run/log	kern	err
    	stats socket /tmp/haproxy.socket level admin 
    	uid			80
    	gid			80
    	nbproc			1
    	hard-stop-after		15m
    	chroot				/tmp/haproxy_chroot
    	daemon
    	tune.ssl.default-dh-param	2048
    	server-state-file /tmp/haproxy_server_state
    	lua-load		/var/etc/haproxy/luascript_acme-http01-webroot.lua
    	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 name localstats
    	mode http
    	stats enable
    	stats admin if TRUE
    	stats show-legends
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    resolvers globalresolvers
    	nameserver local localhost:53
    	resolve_retries 3
    	timeout retry 1s
    	hold valid 10s
    
    frontend ACME
    	bind			1.20.183.121:80 name 1.20.183.121:80   
    	mode			http
    	log			global
    	option			http-keep-alive
    	option			forwardfor
    	acl https ssl_fc
    	http-request set-header		X-Forwarded-Proto http if !https
    	http-request set-header		X-Forwarded-Proto https if https
    	timeout client		30000
    	acl			url_acme_http01	var(txn.txnpath) -m beg -i /.well-known/acme-challenge
    	acl			varazir	var(txn.txnhost) -m end -i host.tdl
    	http-request set-var(txn.txnpath) path
    	http-request set-var(txn.txnhost) hdr(host)
    	http-request use-service lua.acme-http01  if  METH_GET url_acme_http01 
    	use_backend ToHTTPS_ipvANY  if  varazir 
    
    frontend MAIN
    	bind			0.0.0.0:443 name 0.0.0.0:443   
    	bind /tmp/haproxy_chroot/MAIN.socket name unixsocket uid 80 accept-proxy  
    	mode			tcp
    	log			global
    	timeout client		30000
    	tcp-request inspect-delay	5s
    	acl			openvpn	req.ssl_sni -i zedde.host.tdl
    	acl			galaxy	req.ssl_sni -i galaxy.host.tdl
    	acl			domoticz	req.ssl_sni -i zwave.host.tdl
    	acl			octoprint	req.ssl_sni -i octoprint.host.tdl
    	tcp-request content accept if { req.ssl_hello_type 1 }
    	use_backend Openvpn_ipvANY  if  !{ req.ssl_hello_type 1 } !{ req.len 0 } 
    	use_backend Galaxy_ipvANY  if  galaxy 
    	use_backend SSLredirect_ipvANY  if  domoticz 
    	use_backend SSLredirect_ipvANY  if  octoprint 
    	default_backend SSLredirect_ipvANY
    
    frontend SSL
    	bind			127.0.0.1:7443 name 127.0.0.1:7443   ssl crt-list /var/etc/haproxy/SSL.crt_list  
    	bind /tmp/haproxy_chroot/SSL.socket name unixsocket uid 80 accept-proxy   ssl crt-list /var/etc/haproxy/SSL.crt_list 
    	mode			http
    	log			global
    	option			http-keep-alive
    	timeout client		30000
    	acl			zwave	var(txn.txnhost) -m beg -i zwave.
    	acl			octoprint	var(txn.txnhost) -m beg -i octoprint.
    	http-request set-var(txn.txnhost) hdr(host)
    	use_backend Domoticz_ipvANY  if  zwave 
    	use_backend Octoprint_ipvANY  if  octoprint 
    
    backend ToHTTPS_ipvANY
    	mode			http
    	id			105
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	server			toHTTPs /MAIN.socket send-proxy-v2-ssl-cn id 106  resolvers globalresolvers 
    
    backend Openvpn_ipvANY
    	mode			tcp
    	id			103
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	server			zedde 192.168.0.20:1194 id 101  resolvers globalresolvers 
    
    backend Galaxy_ipvANY
    	mode			tcp
    	id			104
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	server			galaxy 192.168.0.20:9443 id 101  maxconn 10 resolvers globalresolvers 
    
    backend SSLredirect_ipvANY
    	mode			tcp
    	id			107
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	server			ssl-redirect /SSL.socket send-proxy-v2-ssl-cn id 108  resolvers globalresolvers 
    
    backend Domoticz_ipvANY
    	mode			http
    	id			100
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			zwave 192.168.0.22:8080 id 101 check inter 1000  resolvers globalresolvers 
    
    backend Octoprint_ipvANY
    	mode			http
    	id			102
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	option			httpchk OPTIONS / 
    	server			octoprint 192.168.0.113:80 id 101 check inter 1000  resolvers globalresolvers
    


  • Notice if I login to https://galaxy.host.tdl amd then try to access the other backends they get routed to https://galaxy.host.tdl



  • I moved the galaxy backend to the ssl offload fronted.