Ombi + Haproxy stuck on loading





  • i have encountered the same problem - do not know how to solve it(


  • LAYER 8 Global Moderator

    Not sure if related to your problem or not... But I run ombi behind haproxy doing ssl off loading.. And was running v3 on a VM without any issues. Recently I wanted to try the new v4 preview, and was just easier to fire up a docker.

    Thought this will be easy just point haproxy to the new backend, different port and IP.. easy peasy right... Not so much ;)

    Was getting 503 error.. And was just wtf.. docker was working fine when hit local IP and not running through the reverse proxy..

    Turns out setting the backend health check to none fixed the problem..

    Not sure if related to the issue your seeing.. But what I can tell you is haproxy does work with docker, and the v4 preview version.

    backend set to healthcheck http
    backendhttp.png

    set to none - works fine ;) Basic works fine too for healthcheck.. But I just leave it at none - really don't need it talking to my docker every few seconds ;)

    ombi.png



  • @johnpoz I'm just running v3 from windows server. I saw that solution posted somewhere else as well and that didn't not fix it for me. It might just be an ombi or ombi setting issue. Haproxy seems to be working as intended, but the full https page will not load.


  • LAYER 8 Global Moderator

    Yeah was prob me over on reddit ;)

    Figured give it a shot.. Good luck.. But I can flip the backend over to my v3 ombi and that works fine... Sure its not windows firewall? I was using ombi v3 on a ubuntu vm?

    What specific version you running on ombi v3?

    So your saying when you hit ombi locally, not through the reverse proxy it works?



  • @johnpoz Very possible it was you. Disabling firewall doesn't help. Latest 3.0.4892 version. Yes it works locally fine with the lan ip/port I have as my backend.


  • LAYER 8 Global Moderator

    Lets me see if can duplicate on mine... I just switched flipped my backend over to the v3 ombi, but its running 3.0.5164 on ubuntu... That works fine.. Lets see if when I update it breaks. brb

    Looks like might have to switch over to the stable branch
    Version 3.0.5164
    Branch develop

    Not seeing any update to this... brb.

    It doesn't want to downgrade - why not just update to the develop version which is newer than stable.
    https://ci.appveyor.com/project/tidusjar/requestplex/branch/develop/artifacts



  • version 5164 same thing


  • LAYER 8 Global Moderator

    Well can not duplicate.. So not sure how it could be a haproxy thing.. You running dev version of haproxy right?



  • I've tried both versions of haproxy.


  • LAYER 8 Global Moderator

    Odd for sure - but I am unable to duplicate this problem.. Have you tried with haproxy and not doing ssl offload? Does that work?



  • Not sure exactly how to test that. But just unchecking the box for ssl offloading and typing http in front of my current domain name doesn't work at all.


  • LAYER 8 Global Moderator

    Well you should prob do a sniff and see what is going on.. Sniff on your server and pfsense.



  • What application and base URL do you have on ombi?

    Also are you basically doing this? I have tried the ACL in the single front end and as a separate one like this guide shows with no change.
    https://blog.devita.co/pfsense-to-proxy-traffic-for-websites-using-pfsense/



  • Hey @johnpoz

    I don't have exact same situation but a very similar one... I have a setup of 2 physical servers (Test and Prod). Along with this, I have a high spec laptop which has got VMWare in it where I run 4 different servers (Win, Ubuntu & Kali) but at any given point of time, I connect a maximum of 2 such VMs. So in a worst-case scenario, I can have 2 physical servers and 2 VMs connected on 4 different backends.

    And this has been working perfectly fine for the last 3-4 months... I am pretty sure that I have not made any changes (I did not even upgrade to 2.4.5_1) but for some reason, I keep getting 503 error and I can literally see my backend going down and coming up and this has become so frequent that it is now getting painful.

    Along with this my traffic graph is also looking very weird... there is a lot more colours on the dashboard than what I have ever seen or would like to see. PFA few screenshots at different time, do you think it is dodgy or is it only me who is panicking? (Opt port is Server, LAN is connected with home/office devices).

    Traffic-3.JPG Traffic-2.JPG Traffic or Attack.JPG

    Having said that, the only 2 changed that I have done in recent past are (I don't think anyone of them has got any relation to regular 503 error):
    1.> I have enabled scheduled backup which happens late night

    2.> I port forwarded port 22 and after 2 weeks few of my automated mail did not come... after investigation, I found out that there were 1000s of DoS and bots trying to access my SSH and Postfix server and my mail log file which should be less than 50 Kb was more than 100 MB... so I disabled the natting, cleared log and after 24 hours... things have got better.

    So finally, as per your suggestion above, I have changed the health check of my backend from HTTP to None and then Basic...

    But won't you consider it as a compromise? "HTTP" gives you a standard health check, "Basic" is almost nothing and "None" is like I am closing my eyes because I don't care. So a real solution should actually work with HTTP. Right now we are only putting a workaround. Isn't it?

    I am monitoring the server now and if I see any changes (+ve or -ve), I will update you accordingly.

    Many Thanks,
    Rav


  • LAYER 8 Global Moderator

    How you monitor your backend is up to you.. I have zero use for monitoring this specific backend.. Zero.. Why should I send packets to it every X seconds be it ping, http get or whatever..

    If you want to monitor it, http works just fine.. I personally don't have need for monitoring this system.. Do you monitor that your dishwasher is off or on? ;)

    The system runs with my nas, which is always ON.. And if not would know it for sure.. My plex is monitored - and would know within 5 minutes if off.. This sub system that runs as a docker, have zero need to monitor ;)

    No its not a compromise - its a choice..



  • Logic... ehh?

    I did not know the details, so I asked and now that you have explained me what it is for, I am tempted to agree with you... it is not a compromise, it is a choice. Good one Sir Johnpoz.

    Any insight on my why my traffic shape is so weird? Do you see anything fishy there or is it standard stuff? I read somewhere mirror image is not a good sign - is that true? Should I be worried?

    Many Thanks,
    Rav



  • @rekd0514 said in Ombi + Haproxy stuck on loading:

    What application and base URL do you have on ombi?

    Also are you basically doing this? I have tried the ACL in the single front end and as a separate one like this guide shows with no change.
    https://blog.devita.co/pfsense-to-proxy-traffic-for-websites-using-pfsense/

    Sorry, can you answer my question? You seem to be very professional!
    How to Connect Ombi with Radarr??


Log in to reply