Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy multiple FQDN's?

    Scheduled Pinned Locked Moved Cache/Proxy
    17 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unf0rg0tt3n
      last edited by

      Hey Guys,

      Hope you all doing well!

      I was wondering if it's possible to get multiple domains into HAproxy frontend to different backends?
      Like:
      abc.com and xyz.com both pointing to a backend.
      I have sub-domains working like web.abc.com points to a backend without a problem. but other than my main domain isn't working.

      With kind regards!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        The whole point of the reverse proxy is to do exactly that xyz.com domain and abc.com domain, etc. etc.

        But without you showing what you did, its impossible for anyone to help point out what your not doing right.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        U 1 Reply Last reply Reply Quote 0
        • U
          unf0rg0tt3n @johnpoz
          last edited by

          @johnpoz yeah sorry my bad.

          Frontend:
          frontend-01.JPG

          Host NC works as the rest does. fmsv.nl doesn't work
          frontend-02.JPG

          frontend-03.JPG

          Backend:

          Example of NC --> the one which does work.
          Backend-01.JPG

          The doamin which doesn't work
          Backend-02.JPG

          Both domains are pointed to my pfsense with no-ip
          Did I forgot to mention something? If so, let me know

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            U 1 Reply Last reply Reply Quote 0
            • U
              unf0rg0tt3n @johnpoz
              last edited by

              @johnpoz said in HAproxy multiple FQDN's?:

              So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

              Port 80 is working for my other sub-domain (p1) is working from port 80. The pfsense webgui listens on another port :). so port 80 listening is working properly

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

                Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

                validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

                Getting 503 error when hit that fqdn you list.. That points to backend normally.

                is your backend checking working? does your backend show up?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                U 1 Reply Last reply Reply Quote 0
                • U
                  unf0rg0tt3n @johnpoz
                  last edited by unf0rg0tt3n

                  @johnpoz said in HAproxy multiple FQDN's?:

                  Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

                  Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

                  validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

                  Getting 503 error when hit that fqdn you list.. That points to backend normally.

                  is your backend checking working? does your backend show up?

                  When I navigate to my FQDN it gives 503. When I check in stats it says everything is working properly. The server (which is web) is up and running, I can reach it by navigating to it's IP and it then shows up. I'm wrapping my head around this for several days
                  fmsv.JPG

                  Edit: Also when I add a sub-domain on my main address (ie. web.abc.com) it navigates to the correct backend right away. but when I navigate to the fmsv.nl domain it won't work

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    503 Service not available is normally returned with the backend fails health check.

                    I had sim issue with trying to run ombi v4 behind haproxy. v3 worked fine - but when changed to v4 something odd changed and would give 503, I changed the healthcheck to basic and started working.. set your backend check to off or change what it does for the check.

                    is the traffic behind sent on to your backend? What does the haproxy log say when you try and access that fqdn?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    U 1 Reply Last reply Reply Quote 0
                    • U
                      unf0rg0tt3n @johnpoz
                      last edited by

                      @johnpoz No idea where the traffic is sent. Where do I find the haproxy logs?
                      it only doesn't work for this particular domain. When I add a new domain to pfsense.
                      other than dynamic dns is there another place where I need to specify the domain?

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

                        For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

                        Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        U 2 Replies Last reply Reply Quote 0
                        • U
                          unf0rg0tt3n @johnpoz
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • U
                            unf0rg0tt3n @johnpoz
                            last edited by unf0rg0tt3n

                            @johnpoz said in HAproxy multiple FQDN's?:

                            No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

                            For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

                            Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

                            It looks like there is no traffic towards backend. Or i'm nog doing it right.
                            Knipsel.JPG

                            I did enable the logging.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by johnpoz

                              Well if there is no traffic towards the backend, then haproxy thinks its down.. Or you have something not right for matching on where to send it, or traffic is never hitting your wan IP (your frontend)..

                              The 503 would seem to me that its not matching or the backend is down from haproxy point of view.

                              You really need to send to a syslog to get informational info on what might be going on from haproxy log.

                              When I hit it, get 503 and "No server is available to handle this request. "

                              So either non of your matches worked, or backend is down from haproxy point of view and no point in sending on the traffic. So its sends back - sorry no server available to handle your request.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              U 1 Reply Last reply Reply Quote 0
                              • U
                                unf0rg0tt3n @johnpoz
                                last edited by

                                @johnpoz thanks for the information!
                                What would the best way to sniff? Kinda new to this level of power from a firewall/router.

                                I also think the problem doesn't lie in the backend or front-end but purely the name.

                                When changing the hostnames and domain nothing is wrong amd I get forwarded correctly.

                                My main domain is dkict.com and I host various services which all work and forward to the correct backend.
                                So I set up a turnkey Linux WordPress container.
                                I wanted it to get fmsv.nl which gave 503 message.
                                When i changed the name value to: web.dkict.com it just worked and forwarded to the right backend (only a name change). Isn't that strange?

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  Your name resolves to a 83.82.x.x address I take it that is correct.. I don't want to post up the IP or the full name, unless your ok with it - but you did list it in the screenshots.

                                  But if the fqdn is resolving, and pointing to your IP your having the frontend listen on with port. Then you prob have something wrong with the acl and or action..

                                  Try turning off your backend check.. Maybe that is what is failing..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  U 2 Replies Last reply Reply Quote 0
                                  • U
                                    unf0rg0tt3n @johnpoz
                                    last edited by

                                    @johnpoz I'm offering several public services so I thought why not actually post it. Ima check the other thing in the morning :)

                                    Thanks!

                                    1 Reply Last reply Reply Quote 0
                                    • U
                                      unf0rg0tt3n @johnpoz
                                      last edited by

                                      @johnpoz okay... I feel so stupid!

                                      I created a new frontend, selected shared frontend and it works now.
                                      Thanks for your help!

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.