• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAproxy multiple FQDN's?

Scheduled Pinned Locked Moved Cache/Proxy
17 Posts 2 Posters 1.7k Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U Offline
    unf0rg0tt3n
    last edited by Aug 17, 2020, 11:14 AM

    Hey Guys,

    Hope you all doing well!

    I was wondering if it's possible to get multiple domains into HAproxy frontend to different backends?
    Like:
    abc.com and xyz.com both pointing to a backend.
    I have sub-domains working like web.abc.com points to a backend without a problem. but other than my main domain isn't working.

    With kind regards!

    1 Reply Last reply Reply Quote 0
    • J Offline
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Aug 17, 2020, 12:25 PM Aug 17, 2020, 11:29 AM

      The whole point of the reverse proxy is to do exactly that xyz.com domain and abc.com domain, etc. etc.

      But without you showing what you did, its impossible for anyone to help point out what your not doing right.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

      U 1 Reply Last reply Aug 17, 2020, 12:16 PM Reply Quote 0
      • U Offline
        unf0rg0tt3n @johnpoz
        last edited by Aug 17, 2020, 12:16 PM

        @johnpoz yeah sorry my bad.

        Frontend:
        frontend-01.JPG

        Host NC works as the rest does. fmsv.nl doesn't work
        frontend-02.JPG

        frontend-03.JPG

        Backend:

        Example of NC --> the one which does work.
        Backend-01.JPG

        The doamin which doesn't work
        Backend-02.JPG

        Both domains are pointed to my pfsense with no-ip
        Did I forgot to mention something? If so, let me know

        1 Reply Last reply Reply Quote 0
        • J Offline
          johnpoz LAYER 8 Global Moderator
          last edited by Aug 17, 2020, 12:27 PM

          So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          U 1 Reply Last reply Aug 17, 2020, 12:29 PM Reply Quote 0
          • U Offline
            unf0rg0tt3n @johnpoz
            last edited by Aug 17, 2020, 12:29 PM

            @johnpoz said in HAproxy multiple FQDN's?:

            So the port 80 isn't working.. So you made sure pfsense isn't listening on 80 already? You ca not have multiple things listening on the same port.. Out of the box pfsense web gui would be using 80, and yes listening on your wan IP.

            Port 80 is working for my other sub-domain (p1) is working from port 80. The pfsense webgui listens on another port :). so port 80 listening is working properly

            1 Reply Last reply Reply Quote 0
            • J Offline
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz Aug 17, 2020, 12:49 PM Aug 17, 2020, 12:45 PM

              Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

              Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

              validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

              Getting 503 error when hit that fqdn you list.. That points to backend normally.

              is your backend checking working? does your backend show up?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

              U 1 Reply Last reply Aug 17, 2020, 1:19 PM Reply Quote 0
              • U Offline
                unf0rg0tt3n @johnpoz
                last edited by unf0rg0tt3n Aug 17, 2020, 1:32 PM Aug 17, 2020, 1:19 PM

                @johnpoz said in HAproxy multiple FQDN's?:

                Well if 80 is working and sending to other backends.. Then you have something wrong with the fqdn your using to send traffic to your wan.

                Or you have something wrong on your backend be it the server or your or your acl to send it to that backend.

                validate with simple sniff that your traffic hits your wan.. And where it being sent if anywhere on your backend side.

                Getting 503 error when hit that fqdn you list.. That points to backend normally.

                is your backend checking working? does your backend show up?

                When I navigate to my FQDN it gives 503. When I check in stats it says everything is working properly. The server (which is web) is up and running, I can reach it by navigating to it's IP and it then shows up. I'm wrapping my head around this for several days
                fmsv.JPG

                Edit: Also when I add a sub-domain on my main address (ie. web.abc.com) it navigates to the correct backend right away. but when I navigate to the fmsv.nl domain it won't work

                1 Reply Last reply Reply Quote 0
                • J Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz Aug 17, 2020, 1:36 PM Aug 17, 2020, 1:34 PM

                  503 Service not available is normally returned with the backend fails health check.

                  I had sim issue with trying to run ombi v4 behind haproxy. v3 worked fine - but when changed to v4 something odd changed and would give 503, I changed the healthcheck to basic and started working.. set your backend check to off or change what it does for the check.

                  is the traffic behind sent on to your backend? What does the haproxy log say when you try and access that fqdn?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                  U 1 Reply Last reply Aug 17, 2020, 1:59 PM Reply Quote 0
                  • U Offline
                    unf0rg0tt3n @johnpoz
                    last edited by Aug 17, 2020, 1:59 PM

                    @johnpoz No idea where the traffic is sent. Where do I find the haproxy logs?
                    it only doesn't work for this particular domain. When I add a new domain to pfsense.
                    other than dynamic dns is there another place where I need to specify the domain?

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz Aug 17, 2020, 2:32 PM Aug 17, 2020, 2:31 PM

                      No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

                      For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

                      Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                      U 2 Replies Last reply Aug 17, 2020, 5:44 PM Reply Quote 0
                      • U Offline
                        unf0rg0tt3n @johnpoz
                        last edited by Aug 17, 2020, 5:44 PM

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • U Offline
                          unf0rg0tt3n @johnpoz
                          last edited by unf0rg0tt3n Aug 17, 2020, 5:58 PM Aug 17, 2020, 5:57 PM

                          @johnpoz said in HAproxy multiple FQDN's?:

                          No - if the fqdn points to your wan IP.. Then the traffic will get there.. I am getting 503 when I hit it..

                          For the Haproxy log, did you enable it in settings? You can point it to local, but you prob want to send it to remote syslog for better info..

                          Sniff on the interface that is connected to your backend.. do you see traffic being sent to it on port 80?

                          It looks like there is no traffic towards backend. Or i'm nog doing it right.
                          Knipsel.JPG

                          I did enable the logging.

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            johnpoz LAYER 8 Global Moderator
                            last edited by johnpoz Aug 17, 2020, 6:03 PM Aug 17, 2020, 5:59 PM

                            Well if there is no traffic towards the backend, then haproxy thinks its down.. Or you have something not right for matching on where to send it, or traffic is never hitting your wan IP (your frontend)..

                            The 503 would seem to me that its not matching or the backend is down from haproxy point of view.

                            You really need to send to a syslog to get informational info on what might be going on from haproxy log.

                            When I hit it, get 503 and "No server is available to handle this request. "

                            So either non of your matches worked, or backend is down from haproxy point of view and no point in sending on the traffic. So its sends back - sorry no server available to handle your request.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                            U 1 Reply Last reply Aug 17, 2020, 8:20 PM Reply Quote 0
                            • U Offline
                              unf0rg0tt3n @johnpoz
                              last edited by Aug 17, 2020, 8:20 PM

                              @johnpoz thanks for the information!
                              What would the best way to sniff? Kinda new to this level of power from a firewall/router.

                              I also think the problem doesn't lie in the backend or front-end but purely the name.

                              When changing the hostnames and domain nothing is wrong amd I get forwarded correctly.

                              My main domain is dkict.com and I host various services which all work and forward to the correct backend.
                              So I set up a turnkey Linux WordPress container.
                              I wanted it to get fmsv.nl which gave 503 message.
                              When i changed the name value to: web.dkict.com it just worked and forwarded to the right backend (only a name change). Isn't that strange?

                              1 Reply Last reply Reply Quote 0
                              • J Offline
                                johnpoz LAYER 8 Global Moderator
                                last edited by Aug 17, 2020, 8:28 PM

                                Your name resolves to a 83.82.x.x address I take it that is correct.. I don't want to post up the IP or the full name, unless your ok with it - but you did list it in the screenshots.

                                But if the fqdn is resolving, and pointing to your IP your having the frontend listen on with port. Then you prob have something wrong with the acl and or action..

                                Try turning off your backend check.. Maybe that is what is failing..

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                                U 2 Replies Last reply Aug 17, 2020, 8:31 PM Reply Quote 0
                                • U Offline
                                  unf0rg0tt3n @johnpoz
                                  last edited by Aug 17, 2020, 8:31 PM

                                  @johnpoz I'm offering several public services so I thought why not actually post it. Ima check the other thing in the morning :)

                                  Thanks!

                                  1 Reply Last reply Reply Quote 0
                                  • U Offline
                                    unf0rg0tt3n @johnpoz
                                    last edited by Aug 18, 2020, 7:06 AM

                                    @johnpoz okay... I feel so stupid!

                                    I created a new frontend, selected shared frontend and it works now.
                                    Thanks for your help!

                                    1 Reply Last reply Reply Quote 0
                                    17 out of 17
                                    • First post
                                      17/17
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                      This community forum collects and processes your personal information.
                                      consent.not_received