HAproxy multiple FQDN's?

unf0rg0tt3n

Hey Guys,

Hope you all doing well!

I was wondering if it's possible to get multiple domains into HAproxy frontend to different backends?
Like:
abc.com and xyz.com both pointing to a backend.
I have sub-domains working like web.abc.com points to a backend without a problem. but other than my main domain isn't working.

With kind regards!

johnpoz

The whole point of the reverse proxy is to do exactly that xyz.com domain and abc.com domain, etc. etc.

But without you showing what you did, its impossible for anyone to help point out what your not doing right.

unf0rg0tt3n

@johnpoz yeah sorry my bad.

Frontend:

Host NC works as the rest does. fmsv.nl doesn't work

Backend:

Example of NC --> the one which does work.

The doamin which doesn't work

Both domains are pointed to my pfsense with no-ip
Did I forgot to mention something? If so, let me know

johnpoz

So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

unf0rg0tt3n

@johnpoz said in HAproxy multiple FQDN's?:

So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

Port 80 is working for my other sub-domain (p1) is working from port 80. The pfsense webgui listens on another port :). so port 80 listening is working properly

johnpoz

Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

Getting 503 error when hit that fqdn you list.. That points to backend normally.

is your backend checking working? does your backend show up?

unf0rg0tt3n

@johnpoz said in HAproxy multiple FQDN's?:

Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

Getting 503 error when hit that fqdn you list.. That points to backend normally.

is your backend checking working? does your backend show up?

When I navigate to my FQDN it gives 503. When I check in stats it says everything is working properly. The server (which is web) is up and running, I can reach it by navigating to it's IP and it then shows up. I'm wrapping my head around this for several days

Edit: Also when I add a sub-domain on my main address (ie. web.abc.com) it navigates to the correct backend right away. but when I navigate to the fmsv.nl domain it won't work

johnpoz

503 Service not available is normally returned with the backend fails health check.

I had sim issue with trying to run ombi v4 behind haproxy. v3 worked fine - but when changed to v4 something odd changed and would give 503, I changed the healthcheck to basic and started working.. set your backend check to off or change what it does for the check.

is the traffic behind sent on to your backend? What does the haproxy log say when you try and access that fqdn?

unf0rg0tt3n

@johnpoz No idea where the traffic is sent. Where do I find the haproxy logs?
it only doesn't work for this particular domain. When I add a new domain to pfsense.
other than dynamic dns is there another place where I need to specify the domain?

johnpoz

No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

unf0rg0tt3n

This post is deleted!

unf0rg0tt3n

@johnpoz said in HAproxy multiple FQDN's?:

No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

It looks like there is no traffic towards backend. Or i'm nog doing it right.

I did enable the logging.

johnpoz

Well if there is no traffic towards the backend, then haproxy thinks its down.. Or you have something not right for matching on where to send it, or traffic is never hitting your wan IP (your frontend)..

The 503 would seem to me that its not matching or the backend is down from haproxy point of view.

You really need to send to a syslog to get informational info on what might be going on from haproxy log.

When I hit it, get 503 and "No server is available to handle this request. "

So either non of your matches worked, or backend is down from haproxy point of view and no point in sending on the traffic. So its sends back - sorry no server available to handle your request.

unf0rg0tt3n

@johnpoz thanks for the information!
What would the best way to sniff? Kinda new to this level of power from a firewall/router.

I also think the problem doesn't lie in the backend or front-end but purely the name.

When changing the hostnames and domain nothing is wrong amd I get forwarded correctly.

My main domain is dkict.com and I host various services which all work and forward to the correct backend.
So I set up a turnkey Linux WordPress container.
I wanted it to get fmsv.nl which gave 503 message.
When i changed the name value to: web.dkict.com it just worked and forwarded to the right backend (only a name change). Isn't that strange?

johnpoz

Your name resolves to a 83.82.x.x address I take it that is correct.. I don't want to post up the IP or the full name, unless your ok with it - but you did list it in the screenshots.

But if the fqdn is resolving, and pointing to your IP your having the frontend listen on with port. Then you prob have something wrong with the acl and or action..

Try turning off your backend check.. Maybe that is what is failing..

unf0rg0tt3n

@johnpoz I'm offering several public services so I thought why not actually post it. Ima check the other thing in the morning :)

Thanks!

unf0rg0tt3n

@johnpoz okay... I feel so stupid!

I created a new frontend, selected shared frontend and it works now.
Thanks for your help!