HAProxy stooped after upgrade
-
A little background. I've been happily using pfsense and learning a lot.
I've been using HAProxy for quite sometime without issue. But now fit completely stopped working, I'll include the config.
It stopped after upgrade of HAProxy and pfsense to the newest versions. Thanks. If any of the code layout is wrong it was from renaming the domain.# Automaticaly generated, dont edit manually. # Generated on: 2019-04-11 07:11 global maxconn 100 stats socket /tmp/haproxy.socket level admin expose-fd listeners uid 80 gid 80 nbproc 1 nbthread 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon tune.ssl.default-dh-param 2048 server-state-file /tmp/haproxy_server_state ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK tune.ssl.default-dh-param 2048 # Time-to-first-Byte (TTFB) value needs to be optimized based on # the actual public certificate chain see # https://www.igvita.com/2013/10/24 # /optimizing-tls-record-size-and-buffering-latency/ tune.ssl.maxrecord 1370 listen HAProxyLocalStats bind 127.0.0.1:444 name localstats mode http stats enable stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend shared-frontend-merged bind 2.1.2.1:443 name 2.1.2.1:443 ssl crt-list /var/etc/haproxy/shared-frontend.crt_list mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 70000 # Remove headers that expose security-sensitive information. rspidel ^Server:.*$ rspidel ^X-Powered-By:.*$ rspidel ^X-AspNet-Version:.*$ acl plexpass var(txn.txnhost) -m str -i plexpass.domain.com acl nextcloud var(txn.txnhost) -m str -i nextcloud.domain.com acl tautulli var(txn.txnhost) -m str -i tautulli.domain.com acl onlyoffice var(txn.txnhost) -m str -i onlyoffice.domain.com acl ombi var(txn.txnhost) -m str -i ombi.domain.com acl community var(txn.txnhost) -m str -i community.domain.com acl sonarr var(txn.txnhost) -m str -i sonarr.domain.com acl couchpotato var(txn.txnhost) -m str -i couchpotato.domain.com acl torrent var(txn.txnhost) -m str -i torrent.domain.com acl homelab var(txn.txnhost) -m str -i homelab.domain.com acl radarr var(txn.txnhost) -m str -i radarr.domain.com acl ladarr var(txn.txnhost) -m str -i lidarr.domain.com acl emby var(txn.txnhost) -m str -i emby.domain.com acl vnc var(txn.txnhost) -m str -i vnc.domain.com acl vpn var(txn.txnhost) -m str -i vpn.domain.com acl rdp var(txn.txnhost) -m str -i rdp.domain.com acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^pfsense\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^community\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^couchpotato\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^homelab\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^lidarr\.pdomain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^nextcloud\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^ombi\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^onlyoffice\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^plexpass\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^radarr\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^sonarr\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^tautulli\.domain\.com(:([0-9]){1,5})?$ acl aclcrt_shared-frontend var(txn.txnhost) -m reg -i ^torrent\.domain\.com(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) use_backend nextcloud_ipvANY if nextcloud use_backend plexpass_ipvANY if plexpass use_backend tautulli_ipvANY if tautulli use_backend onlyoffice_ipvANY if onlyoffice use_backend ombi_ipvANY if ombi use_backend community_ipvANY if community use_backend sonarr_ipvANY if sonarr use_backend couchpotato_ipvANY if couchpotato use_backend torrent_ipvANY if torrent use_backend homelab_ipvANY if homelab use_backend Radarr_ipvANY if radarr use_backend Lidarr_ipvANY if ladarr use_backend Emby_ipvANY if emby use_backend vnc_ipvANY if vnc use_backend vpn_ipvANY if vpn use_backend rpd_ipvANY if rdp frontend http-https-frontend bind 2.1.2.1:80 name 2.1.2.1:80 mode http log global option http-keep-alive timeout client 30000 http-request redirect scheme https backend nextcloud_ipvANY mode http id 102 log global timeout connect 30000 timeout server 30000 retries 3 server nextcloud 192.168.102.212:80 id 104 check inter 1000 backend plexpass_ipvANY mode http id 100 log global timeout connect 30000 timeout server 30000 retries 3 server plexpass 192.168.102.104:32400 id 101 check inter 1000 backend tautulli_ipvANY mode http id 105 log global timeout connect 30000 timeout server 30000 retries 3 server tautulli 192.168.102.104:8181 id 103 check inter 1000 backend onlyoffice_ipvANY mode http id 106 log global timeout connect 30000 timeout server 30000 retries 3 server onlyoffice 192.168.102.218:80 id 103 check inter 1000 backend ombi_ipvANY mode http id 107 log global timeout connect 30000 timeout server 30000 retries 3 server ombi 192.168.102.104:3579 id 103 check inter 1000 backend community_ipvANY mode http id 108 log global timeout connect 30000 timeout server 30000 retries 3 server community 192.168.102.219:80 id 103 check inter 1000 backend sonarr_ipvANY mode http id 109 log global timeout connect 30000 timeout server 30000 retries 3 server sonarr 192.168.102.104:8989 id 103 check inter 1000 backend couchpotato_ipvANY mode http id 110 log global timeout connect 30000 timeout server 30000 retries 3 server couchpotato 192.168.102.219:5050 id 103 check inter 1000 backend torrent_ipvANY mode http id 111 log global timeout connect 30000 timeout server 30000 retries 3 server torrent 192.168.102.106:8181 id 103 ssl check-ssl check inter 1000 verify none backend homelab_ipvANY mode http id 112 log global timeout connect 30000 timeout server 30000 retries 3 server homelab 192.168.102.104:80 id 103 check inter 1000 backend Radarr_ipvANY mode http id 113 log global timeout connect 30000 timeout server 30000 retries 3 server radarr 192.168.102.104:7878 id 103 check inter 1000 backend Lidarr_ipvANY mode http id 114 log global timeout connect 30000 timeout server 30000 retries 3 server lidarr 192.168.102.104:8686 id 103 check inter 1000 backend Emby_ipvANY mode http id 115 log global timeout connect 30000 timeout server 30000 retries 3 server emby 192.168.102.104:8096 id 103 check inter 1000 backend vnc_ipvANY mode http id 116 log global timeout connect 30000 timeout server 30000 retries 3 server emby 192.168.102.107:5900 id 103 check inter 1000 domain.com backend vpn_ipvANY mode http id 117 log global timeout connect 30000 timeout server 30000 retries 3 server emby 192.168.102.107:5900 id 103 check inter 1000 backend rpd_ipvANY mode http id 118 log global timeout connect 30000 timeout server 30000 retries 3 server emby 192.168.102.107:5900 id 103 check inter 1000 -
@treybeatty
Can you define what 'stooped' means exactly?- Error while starting haproxy?
- Haproxy starts and stats page works, but client traffic does not reach the (web)servers ?
- Any error message shown in the browser?
- Can you 'curl' to haproxy locally on the pfSense box itself?
- Does the stats page show the (web)servers as 'up' ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.