haproxy-devel (2.0.14) bug: automagic additional server entries for each backend
-
I think this is a bug, but I'd like to discuss it here first.
Running 2.4.5-RELEASE-p1 on an XCP-ng virtual machine. haproxy-devel (2.0.14) has been working well in my IPv4 environment for some time without fault.
I've recently gone dual-stack and added a listener to my frontend on the WAN IPv6 address. At this point, pfSense seems to have added an additional
serverentry to each backend:backend grafana_ipvANY mode http id 124 log global timeout connect 60000 timeout server 60000 retries 3 option httpchk GET /api/health server grafana_0 172.16.4.7:8087 check inter 1000 server grafana_1 2403:5800:5000:db:561:3810:3941:1c03:8087 check inter 1000In this example, the server
grafana_1was not specified by me in the GUI. The address is the pfSense machine's address.Obviously, this creates a server that is constantly down for haproxy.
I can't see an obvious GUI configuration option that would cause this.
Interestingly, if I disable IPv6 entirely on the pfSense box (remove it from the interfaces, remove the listeners in haproxy) so that it doesn't show up at all in the GUI, the
haproxy.cfgstill has the "loopback" server pointing at it's no longer used IPv6 address.Am I missing something, or does this need a bug report?
-
tested it on my pfsense but i don't have this behavior
i'm using he.net tunnel and on mine the ipv6 wan interface does not show up so i can only test with custom address or localhost ipv6
in any case i don't have any automagic additionfrontend any-merged bind 151.3.xxx.xxx:443 name 151.3.xxx.xxx:443 ssl crt-list /var/etc/haproxy/any.crt_list bind 2001:470:xx:xxx::x:443 name 2001:470:xx:xx::x:443 ssl crt-list /var/etc/haproxy/any.crt_list mode http log global option http-keep-alive timeout client 30000 acl src_is_ipv4 src 0.0.0.0/0 acl aclcrt_any var(txn.txnhost) -m reg -i ^pfSense-5bf30ab89ffdf(:([0-9]){1,5})?$ acl test1 var(txn.txnhost) -m beg -i test http-request set-var(txn.txnhost) hdr(host) use_backend test_ipv4 if test1 src_is_ipv4 use_backend test_ipv6 if test1 !src_is_ipv4 backend test_ipv4 mode http id 10100 log global timeout connect 30000 timeout server 30000 retries 3 source ipv4@ usesrc clientip option httpchk OPTIONS / server server 172.16.0.100:443 id 10101 ssl check inter 1000 verify none backend test_ipv6 mode http id 20100 log global timeout connect 30000 timeout server 30000 retries 3 source ipv6@ usesrc clientip option httpchk OPTIONS / -
I've uninstalled haproxy-devel, manually removed any haproxy config from
config.xmland set things up again: same problem. I'm getting an additionalserverline added with the IPv6 address of the pfSense box (not the server) being added. I think I'll report a bug – something's not doing the right thing here. -
Jti I also never had such bug while I had many pfsense with haproxy in various setups
