Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy-devel stopped working after update

    Cache/Proxy
    1
    2
    391
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • havastamasH
      havastamas
      last edited by havastamas

      Hi!

      After a package update, HAProxy-devel stopped working for me. The version im using is 0.62_4.

      I have a lot of backend servers configured, and a few fronteds. (Multiple domains with SSL offloading.)

      Before the update everything worked fine, but now, the loading speeds of the services behind the pFSense are slowed down, but i dont get any kind of error messages. Sometimes the websites did not load at all.

      The backend services running fine on the hosts, i have checked them without HAProxy.

      I dont see anything in the systems logs, so i have no idea how i can solve this problem.

      Anyone else faced this problem with HAProxy in the last few days?

      This is my configuration, but i cant figure out, what is the problem:

      # Automaticaly generated, dont edit manually.
# Generated on: 2021-07-01 15:26
global
	maxconn			5000
	log			/var/run/log	local0	info
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	gid			80
	nbproc			1
	nbthread			4
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats refresh 60
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

resolvers globalresolvers
	nameserver pfsense.skynet.zone 192.168.1.1:53
	resolve_retries 3
	timeout retry 1
	timeout resolve 10

frontend haproxy-merged
	bind			92.249.139.70:443 name 92.249.139.70:443   ssl crt-list /var/etc/haproxy/haproxy.crt_list  
	bind			2a01:36c:1300:8082:344b:50ff:feb7:efda:443 name 2a01:36c:1300:8082:344b:50ff:feb7:efda:443   ssl crt-list /var/etc/haproxy/haproxy.crt_list  
	mode			http
	log			global
	option			socket-stats
	option			dontlognull
	option			dontlog-normal
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	maxconn			5000
	timeout client		60000
	acl			src_is_ipv4	src 0.0.0.0/0
	acl			aclcrt_haproxy	var(txn.txnhost) -m reg -i ^([^\.]*)\.skynet\.zone(:([0-9]){1,5})?$
	acl			ACL10	var(txn.txnhost) -m str -i pfsense.skynet.zone
	acl			ACL20	var(txn.txnhost) -m str -i ilo.skynet.zone
	acl			ACL30	var(txn.txnhost) -m str -i esxi.skynet.zone
	acl			ACL40	var(txn.txnhost) -m str -i dsm.skynet.zone
	acl			ACL50	var(txn.txnhost) -m str -i linuxsrv.skynet.zone
	acl			ACL60	var(txn.txnhost) -m str -i ols.skynet.zone
	acl			ACL70	var(txn.txnhost) -m str -i phpmyadmin.skynet.zone
	acl			ACL80	var(txn.txnhost) -m str -i p2p.skynet.zone
	acl			ACL90	var(txn.txnhost) -m str -i plex.skynet.zone
	acl			ACL100	var(txn.txnhost) -m str -i ipcam.skynet.zone
	acl			ACL110	var(txn.txnhost) -m str -i photo.skynet.zone
	acl			ACL120	var(txn.txnhost) -m str -i drive.skynet.zone
	acl			ACL130	var(txn.txnhost) -m str -i file.skynet.zone
	acl			WEB10	var(txn.txnhost) -m str -i skynet.zone
	acl			aclcrt_skynet.zone	var(txn.txnhost) -m reg -i ^([^\.]*)\.skynet\.zone(:([0-9]){1,5})?$
	acl			WEB20	var(txn.txnhost) -m str -i tenguhse.com
	acl			aclcrt_tenguhse.com	var(txn.txnhost) -m reg -i ^tenguhse\.com(:([0-9]){1,5})?$
	acl			WEB30	var(txn.txnhost) -m str -i ebmas.hu
	acl			aclcrt_ebmas.hu	var(txn.txnhost) -m reg -i ^ebmas\.hu(:([0-9]){1,5})?$
	acl			WEB40	var(txn.txnhost) -m str -i wtwarrior.hu
	acl			aclcrt_wtwarrior.hu	var(txn.txnhost) -m reg -i ^wtwarrior\.hu(:([0-9]){1,5})?$
	acl			WEB50	var(txn.txnhost) -m str -i blacklotus.fit
	acl			aclcrt_blacklotus.fit	var(txn.txnhost) -m reg -i ^blacklotus\.fit(:([0-9]){1,5})?$
	acl			WEB60	var(txn.txnhost) -m str -i bvntech.hu
	acl			aclcrt_bvntech.hu	var(txn.txnhost) -m reg -i ^bvntech\.hu(:([0-9]){1,5})?$
	acl			WEB70	var(txn.txnhost) -m str -i evagyogytorna.hu
	acl			aclcrt_evagyogytorna.hu	var(txn.txnhost) -m reg -i ^evagyogytorna\.hu(:([0-9]){1,5})?$
	acl			WEB80	var(txn.txnhost) -m str -i retaljaegyesulet.hu
	acl			aclcrt_retaljaegyesulet.hu	var(txn.txnhost) -m reg -i ^retaljaegyesulet\.hu(:([0-9]){1,5})?$
	acl			WEB90	var(txn.txnhost) -m str -i korosliget.hu
	acl			aclcrt_korosliget.hu	var(txn.txnhost) -m reg -i ^korosliget\.hu(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend pfsense_ipv4  if  ACL10 aclcrt_skynet.zone src_is_ipv4
	use_backend ilo_ipv4  if  ACL20 aclcrt_skynet.zone src_is_ipv4
	use_backend esxi_ipv4  if  ACL30 aclcrt_skynet.zone src_is_ipv4
	use_backend dsm_ipv4  if  ACL40 aclcrt_skynet.zone src_is_ipv4
	use_backend linuxsrv_ipv4  if  ACL50 aclcrt_skynet.zone src_is_ipv4
	use_backend ols_ipv4  if  ACL60 aclcrt_skynet.zone src_is_ipv4
	use_backend phpmyadmin_ipv4  if  ACL70 aclcrt_skynet.zone src_is_ipv4
	use_backend p2p_ipv4  if  ACL80 aclcrt_skynet.zone src_is_ipv4
	use_backend plex_ipv4  if  ACL90 aclcrt_skynet.zone src_is_ipv4
	use_backend ipcam_ipv4  if  ACL100 aclcrt_skynet.zone src_is_ipv4
	use_backend photo_ipv4  if  ACL110 aclcrt_skynet.zone src_is_ipv4
	use_backend drive_ipv4  if  ACL120 aclcrt_skynet.zone src_is_ipv4
	use_backend file_ipv4  if  ACL130 aclcrt_skynet.zone src_is_ipv4
	use_backend skynet.zone_ipv4  if  WEB10 aclcrt_skynet.zone src_is_ipv4
	use_backend pfsense_ipv6  if  ACL10 aclcrt_skynet.zone !src_is_ipv4
	use_backend ilo_ipv6  if  ACL20 aclcrt_skynet.zone !src_is_ipv4
	use_backend esxi_ipv6  if  ACL30 aclcrt_skynet.zone !src_is_ipv4
	use_backend dsm_ipv6  if  ACL40 aclcrt_skynet.zone !src_is_ipv4
	use_backend linuxsrv_ipv6  if  ACL50 aclcrt_skynet.zone !src_is_ipv4
	use_backend ols_ipv6  if  ACL60 aclcrt_skynet.zone !src_is_ipv4
	use_backend phpmyadmin_ipv6  if  ACL70 aclcrt_skynet.zone !src_is_ipv4
	use_backend p2p_ipv6  if  ACL80 aclcrt_skynet.zone !src_is_ipv4
	use_backend plex_ipv6  if  ACL90 aclcrt_skynet.zone !src_is_ipv4
	use_backend ipcam_ipv6  if  ACL100 aclcrt_skynet.zone !src_is_ipv4
	use_backend photo_ipv6  if  ACL110 aclcrt_skynet.zone !src_is_ipv4
	use_backend drive_ipv6  if  ACL120 aclcrt_skynet.zone !src_is_ipv4
	use_backend file_ipv6  if  ACL130 aclcrt_skynet.zone !src_is_ipv4
	use_backend skynet.zone_ipv6  if  WEB10 aclcrt_skynet.zone !src_is_ipv4
	use_backend tenguhse.com_ipv4  if  WEB20 aclcrt_tenguhse.com src_is_ipv4
	use_backend tenguhse.com_ipv6  if  WEB20 aclcrt_tenguhse.com !src_is_ipv4
	use_backend ebmas.hu_ipv4  if  WEB30 aclcrt_ebmas.hu src_is_ipv4
	use_backend ebmas.hu_ipv6  if  WEB30 aclcrt_ebmas.hu !src_is_ipv4
	use_backend wtwarrior.hu_ipv4  if  WEB40 aclcrt_wtwarrior.hu src_is_ipv4
	use_backend wtwarrior.hu_ipv6  if  WEB40 aclcrt_wtwarrior.hu !src_is_ipv4
	use_backend blacklotus.fit_ipv4  if  WEB50 aclcrt_blacklotus.fit src_is_ipv4
	use_backend blacklotus.fit_ipv6  if  WEB50 aclcrt_blacklotus.fit !src_is_ipv4
	use_backend bvntech.hu_ipv4  if  WEB60 aclcrt_bvntech.hu src_is_ipv4
	use_backend bvntech.hu_ipv6  if  WEB60 aclcrt_bvntech.hu !src_is_ipv4
	use_backend evagyogytorna.hu_ipv4  if  WEB70 aclcrt_evagyogytorna.hu src_is_ipv4
	use_backend evagyogytorna.hu_ipv6  if  WEB70 aclcrt_evagyogytorna.hu !src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv4  if  WEB80 aclcrt_retaljaegyesulet.hu src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv6  if  WEB80 aclcrt_retaljaegyesulet.hu !src_is_ipv4
	use_backend korosliget.hu_ipv4  if  WEB90 aclcrt_korosliget.hu src_is_ipv4
	use_backend korosliget.hu_ipv6  if  WEB90 aclcrt_korosliget.hu !src_is_ipv4
	use_backend skynet.zone_ipv4  if   aclcrt_skynet.zone src_is_ipv4
	use_backend skynet.zone_ipv6  if   aclcrt_skynet.zone !src_is_ipv4
	use_backend tenguhse.com_ipv4  if   aclcrt_tenguhse.com src_is_ipv4
	use_backend tenguhse.com_ipv6  if   aclcrt_tenguhse.com !src_is_ipv4
	use_backend ebmas.hu_ipv4  if   aclcrt_ebmas.hu src_is_ipv4
	use_backend ebmas.hu_ipv6  if   aclcrt_ebmas.hu !src_is_ipv4
	use_backend wtwarrior.hu_ipv4  if   aclcrt_wtwarrior.hu src_is_ipv4
	use_backend wtwarrior.hu_ipv6  if   aclcrt_wtwarrior.hu !src_is_ipv4
	use_backend blacklotus.fit_ipv4  if   aclcrt_blacklotus.fit src_is_ipv4
	use_backend blacklotus.fit_ipv6  if   aclcrt_blacklotus.fit !src_is_ipv4
	use_backend bvntech.hu_ipv4  if   aclcrt_bvntech.hu src_is_ipv4
	use_backend bvntech.hu_ipv6  if   aclcrt_bvntech.hu !src_is_ipv4
	use_backend evagyogytorna.hu_ipv4  if   aclcrt_evagyogytorna.hu src_is_ipv4
	use_backend evagyogytorna.hu_ipv6  if   aclcrt_evagyogytorna.hu !src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv4  if   aclcrt_retaljaegyesulet.hu src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv6  if   aclcrt_retaljaegyesulet.hu !src_is_ipv4
	use_backend korosliget.hu_ipv4  if   aclcrt_korosliget.hu src_is_ipv4
	use_backend korosliget.hu_ipv6  if   aclcrt_korosliget.hu !src_is_ipv4

frontend http-to-https
	bind			92.249.139.70:80 name 92.249.139.70:80   
	bind			2a01:36c:1300:8082:344b:50ff:feb7:efda:80 name 2a01:36c:1300:8082:344b:50ff:feb7:efda:80   
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	maxconn			5000
	timeout client		60000
	http-request redirect scheme https 

backend pfsense_ipv4
	mode			http
	id			10100
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	server			pfsense.skynet.zone 192.168.1.1:443 id 10101 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend ilo_ipv4
	mode			http
	id			10102
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			ilo.skynet.zone 192.168.1.40:443 id 10103 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend esxi_ipv4
	mode			http
	id			10104
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			esxi.skynet.zone 192.168.1.45:443 id 10105 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend dsm_ipv4
	mode			http
	id			10106
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			dsm.skynet.zone 192.168.1.50:5001 id 10107 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend linuxsrv_ipv4
	mode			http
	id			10108
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			linuxsrv.skynet.zone 192.168.1.60:10000 id 10109 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend ols_ipv4
	mode			http
	id			10128
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			ols.skynet.zone 192.168.1.60:7443 id 10129 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend phpmyadmin_ipv4
	mode			http
	id			10136
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			phpmyadmin.skynet.zone 192.168.1.60:8443 id 10137 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend p2p_ipv4
	mode			http
	id			10130
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			p2p.skynet.zone 192.168.1.60:5100 id 10131 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend plex_ipv4
	mode			http
	id			10132
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			plex.skynet.zone 192.168.1.60:32400 id 10133 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend ipcam_ipv4
	mode			http
	id			10134
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			ipcam.skynet.zone 192.168.1.50:9901 id 10135 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend photo_ipv4
	mode			http
	id			10148
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			photo.skynet.zone 192.168.1.50:10005 id 10149 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend drive_ipv4
	mode			http
	id			10150
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			drive.skynet.zone 192.168.1.50:10003 id 10151 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend file_ipv4
	mode			http
	id			10152
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			file.skynet.zone 192.168.1.50:7001 id 10153 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend skynet.zone_ipv4
	mode			http
	id			10110
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			skynet.zone 192.168.1.60:8443 id 10111 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend pfsense_ipv6
	mode			http
	id			20100
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0

backend ilo_ipv6
	mode			http
	id			20102
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend esxi_ipv6
	mode			http
	id			20104
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend dsm_ipv6
	mode			http
	id			20106
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend linuxsrv_ipv6
	mode			http
	id			20108
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend ols_ipv6
	mode			http
	id			20128
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend phpmyadmin_ipv6
	mode			http
	id			20136
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend p2p_ipv6
	mode			http
	id			20130
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend plex_ipv6
	mode			http
	id			20132
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend ipcam_ipv6
	mode			http
	id			20134
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend photo_ipv6
	mode			http
	id			20148
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend drive_ipv6
	mode			http
	id			20150
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend file_ipv6
	mode			http
	id			20152
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend skynet.zone_ipv6
	mode			http
	id			20110
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend tenguhse.com_ipv4
	mode			http
	id			10116
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			tenguhse.com 192.168.1.60:8443 id 10117 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend tenguhse.com_ipv6
	mode			http
	id			20116
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend ebmas.hu_ipv4
	mode			http
	id			10118
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			ebmas.hu 192.168.1.60:8443 id 10119 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend ebmas.hu_ipv6
	mode			http
	id			20118
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend wtwarrior.hu_ipv4
	mode			http
	id			10120
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			wtwarrior.hu 192.168.1.60:8443 id 10121 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend wtwarrior.hu_ipv6
	mode			http
	id			20120
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend blacklotus.fit_ipv4
	mode			http
	id			10138
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			blacklotus.fit 192.168.1.60:8443 id 10139 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend blacklotus.fit_ipv6
	mode			http
	id			20138
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend bvntech.hu_ipv4
	mode			http
	id			10122
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			bvntech.hu 192.168.1.60:8443 id 10123 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend bvntech.hu_ipv6
	mode			http
	id			20122
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend evagyogytorna.hu_ipv4
	mode			http
	id			10124
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			evagyogytorna.hu 192.168.1.60:8443 id 10125 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend evagyogytorna.hu_ipv6
	mode			http
	id			20124
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend retaljaegyesulet.hu_ipv4
	mode			http
	id			10126
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			retaljaegyesulet.hu 192.168.1.60:8443 id 10127 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend retaljaegyesulet.hu_ipv6
	mode			http
	id			20126
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

backend korosliget.hu_ipv4
	mode			http
	id			10154
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv4@ usesrc clientip
	server			korosliget.hu 192.168.1.60:8443 id 10155 ssl  verify none resolvers globalresolvers resolve-prefer ipv4 

backend korosliget.hu_ipv6
	mode			http
	id			20154
	log			global
	timeout connect		60000
	timeout server		60000
	retries			0
	source ipv6@ usesrc clientip

      Thanks for the help!

      1 Reply Last reply Reply Quote 0
      • havastamasH
        havastamas
        last edited by

        I have tired tcp mode, but still the same, slow as hell. :(

        My tcp config:

        # Automaticaly generated, dont edit manually.
# Generated on: 2021-07-04 04:45
global
	maxconn			10000
	log			/var/run/log	local0	debug
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	gid			80
	nbproc			1
	nbthread			4
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	ssl-default-bind-ciphersuites	TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-server-ciphersuites	TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-bind-options	ssl-min-ver TLSv1.3 no-tls-tickets
	ssl-default-server-options	ssl-min-ver TLSv1.3 no-tls-tickets
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats refresh 60
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend frontend-merged
	bind			81.0.126.16:443 name 81.0.126.16:443   
	bind			2a01:36c:1300:80d7:344b:50ff:feb7:efda:443 name 2a01:36c:1300:80d7:344b:50ff:feb7:efda:443   
	mode			tcp
	log			global
	option			socket-stats
	option			tcplog
	maxconn			5000
	timeout client		60000
	tcp-request inspect-delay 5s
	tcp-request content accept if { req.ssl_hello_type 1 }
	acl			src_is_ipv4	src 0.0.0.0/0
	acl			ACL10	req.ssl_sni -i pfsense.skynet.zone
	acl			ACL20	req.ssl_sni -i ilo.skynet.zone
	acl			ACL30	req.ssl_sni -i esxi.skynet.zone
	acl			ACL40	req.ssl_sni -i dsm.skynet.zone
	acl			ACL50	req.ssl_sni -i linuxsrv.skynet.zone
	acl			ACL60	req.ssl_sni -i ols.skynet.zone
	acl			ACL70	req.ssl_sni -i phpmyadmin.skynet.zone
	acl			ACL80	req.ssl_sni -i p2p.skynet.zone
	acl			ACL90	req.ssl_sni -i plex.skynet.zone
	acl			ACL100	req.ssl_sni -i ipcam.skynet.zone
	acl			ACL110	req.ssl_sni -i photo.skynet.zone
	acl			ACL120	req.ssl_sni -i drive.skynet.zone
	acl			ACL130	req.ssl_sni -i file.skynet.zone
	acl			WEB10	req.ssl_sni -i skynet.zone
	acl			WEB20	req.ssl_sni -i tenguhse.com
	acl			WEB30	req.ssl_sni -i ebmas.hu
	acl			WEB40	req.ssl_sni -i wtwarrior.hu
	acl			WEB50	req.ssl_sni -i blacklotus.fit
	acl			WEB60	req.ssl_sni -i bvntech.hu
	acl			WEB70	req.ssl_sni -i evagyogytorna.hu
	acl			WEB80	req.ssl_sni -i retaljaegyesulet.hu
	acl			WEB90	req.ssl_sni -i korosliget.hu
	use_backend pfsense.skynet.zone_ipvANY  if  ACL10 
	use_backend ilo.skynet.zone_ipv4  if  ACL20 src_is_ipv4
	use_backend ilo.skynet.zone_ipv6  if  ACL20 !src_is_ipv4
	use_backend esxi.skynet.zone_ipv4  if  ACL30 src_is_ipv4
	use_backend esxi.skynet.zone_ipv6  if  ACL30 !src_is_ipv4
	use_backend dsm.skynet.zone_ipv4  if  ACL40 src_is_ipv4
	use_backend dsm.skynet.zone_ipv6  if  ACL40 !src_is_ipv4
	use_backend linuxsrv.skynet.zone_ipv4  if  ACL50 src_is_ipv4
	use_backend linuxsrv.skynet.zone_ipv6  if  ACL50 !src_is_ipv4
	use_backend ols.skynet.zone_ipv4  if  ACL60 src_is_ipv4
	use_backend ols.skynet.zone_ipv6  if  ACL60 !src_is_ipv4
	use_backend phpmyadmin.skynet.zone_ipv4  if  ACL70 src_is_ipv4
	use_backend phpmyadmin.skynet.zone_ipv6  if  ACL70 !src_is_ipv4
	use_backend p2p.skynet.zone_ipv4  if  ACL80 src_is_ipv4
	use_backend p2p.skynet.zone_ipv6  if  ACL80 !src_is_ipv4
	use_backend plex.skynet.zone_ipv4  if  ACL90 src_is_ipv4
	use_backend plex.skynet.zone_ipv6  if  ACL90 !src_is_ipv4
	use_backend ipcam.skynet.zone_ipv4  if  ACL100 src_is_ipv4
	use_backend ipcam.skynet.zone_ipv6  if  ACL100 !src_is_ipv4
	use_backend photo.skynet.zone_ipv4  if  ACL110 src_is_ipv4
	use_backend photo.skynet.zone_ipv6  if  ACL110 !src_is_ipv4
	use_backend drive.skynet.zone_ipv4  if  ACL120 src_is_ipv4
	use_backend drive.skynet.zone_ipv6  if  ACL120 !src_is_ipv4
	use_backend file.skynet.zone_ipv4  if  ACL130 src_is_ipv4
	use_backend file.skynet.zone_ipv6  if  ACL130 !src_is_ipv4
	use_backend skynet.zone_ipv4  if  WEB10 src_is_ipv4
	use_backend skynet.zone_ipv6  if  WEB10 !src_is_ipv4
	use_backend tenguhse.com_ipv4  if  WEB20 src_is_ipv4
	use_backend tenguhse.com_ipv6  if  WEB20 !src_is_ipv4
	use_backend ebmas.hu_ipv4  if  WEB30 src_is_ipv4
	use_backend ebmas.hu_ipv6  if  WEB30 !src_is_ipv4
	use_backend wtwarrior.hu_ipv4  if  WEB40 src_is_ipv4
	use_backend wtwarrior.hu_ipv6  if  WEB40 !src_is_ipv4
	use_backend blacklotus.fit_ipv4  if  WEB50 src_is_ipv4
	use_backend blacklotus.fit_ipv6  if  WEB50 !src_is_ipv4
	use_backend bvntech.hu_ipv4  if  WEB60 src_is_ipv4
	use_backend bvntech.hu_ipv6  if  WEB60 !src_is_ipv4
	use_backend evagyogytorna.hu_ipv4  if  WEB70 src_is_ipv4
	use_backend evagyogytorna.hu_ipv6  if  WEB70 !src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv4  if  WEB80 src_is_ipv4
	use_backend retaljaegyesulet.hu_ipv6  if  WEB80 !src_is_ipv4
	use_backend korosliget.hu_ipv4  if  WEB90 src_is_ipv4
	use_backend korosliget.hu_ipv6  if  WEB90 !src_is_ipv4

frontend http-to-https
	bind			81.0.126.16:80 name 81.0.126.16:80   
	bind			2a01:36c:1300:80d7:344b:50ff:feb7:efda:80 name 2a01:36c:1300:80d7:344b:50ff:feb7:efda:80   
	mode			http
	log			global
	option			socket-stats
	option			httplog
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	maxconn			5000
	timeout client		60000
	http-request redirect scheme https 

backend pfsense.skynet.zone_ipvANY
	mode			tcp
	id			100
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	server			pfsense.skynet.zone 192.168.1.1:443 id 101  

backend ilo.skynet.zone_ipv4
	mode			tcp
	id			10102
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			ilo.skynet.zone 192.168.1.40:443 id 10103  

backend ilo.skynet.zone_ipv6
	mode			tcp
	id			20102
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend esxi.skynet.zone_ipv4
	mode			tcp
	id			10104
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			esxi.skynet.zone 192.168.1.45:443 id 10105  

backend esxi.skynet.zone_ipv6
	mode			tcp
	id			20104
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend dsm.skynet.zone_ipv4
	mode			tcp
	id			10106
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			dsm.skynet.zone 192.168.1.50:5001 id 10107  

backend dsm.skynet.zone_ipv6
	mode			tcp
	id			20106
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend linuxsrv.skynet.zone_ipv4
	mode			tcp
	id			10108
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			linuxsrv.skynet.zone 192.168.1.60:10000 id 10109  

backend linuxsrv.skynet.zone_ipv6
	mode			tcp
	id			20108
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend ols.skynet.zone_ipv4
	mode			tcp
	id			10110
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			ols.skynet.zone 192.168.1.60:7443 id 10111  

backend ols.skynet.zone_ipv6
	mode			tcp
	id			20110
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend phpmyadmin.skynet.zone_ipv4
	mode			tcp
	id			10112
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			phpmyadmin.skynet.zone 192.168.1.60:8443 id 10113  

backend phpmyadmin.skynet.zone_ipv6
	mode			tcp
	id			20112
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend p2p.skynet.zone_ipv4
	mode			tcp
	id			10114
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			p2p.skynet.zone 192.168.1.60:5100 id 10115  

backend p2p.skynet.zone_ipv6
	mode			tcp
	id			20114
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend plex.skynet.zone_ipv4
	mode			tcp
	id			10116
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			plex.skynet.zone 192.168.1.60:32400 id 10117  

backend plex.skynet.zone_ipv6
	mode			tcp
	id			20116
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend ipcam.skynet.zone_ipv4
	mode			tcp
	id			10118
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			ipcam.skynet.zone 192.168.1.50:9901 id 10119  

backend ipcam.skynet.zone_ipv6
	mode			tcp
	id			20118
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend photo.skynet.zone_ipv4
	mode			tcp
	id			10120
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			photo.skynet.zone 192.168.1.50:10005 id 10121  

backend photo.skynet.zone_ipv6
	mode			tcp
	id			20120
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend drive.skynet.zone_ipv4
	mode			tcp
	id			10122
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			drive.skynet.zone 192.168.1.50:10003 id 10123  

backend drive.skynet.zone_ipv6
	mode			tcp
	id			20122
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend file.skynet.zone_ipv4
	mode			tcp
	id			10124
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			file.skynet.zone 192.168.1.50:7001 id 10125  

backend file.skynet.zone_ipv6
	mode			tcp
	id			20124
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend skynet.zone_ipv4
	mode			tcp
	id			10126
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			skynet.zone 192.168.1.60:8443 id 10127  

backend skynet.zone_ipv6
	mode			tcp
	id			20126
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend tenguhse.com_ipv4
	mode			tcp
	id			10128
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			tenguhse.com 192.168.1.60:8443 id 10129  

backend tenguhse.com_ipv6
	mode			tcp
	id			20128
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend ebmas.hu_ipv4
	mode			tcp
	id			10130
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			ebmas.hu 192.168.1.60:8443 id 10131  

backend ebmas.hu_ipv6
	mode			tcp
	id			20130
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend wtwarrior.hu_ipv4
	mode			tcp
	id			10132
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			wtwarrior.hu 192.168.1.60:8443 id 10133  

backend wtwarrior.hu_ipv6
	mode			tcp
	id			20132
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend blacklotus.fit_ipv4
	mode			tcp
	id			10134
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			blacklotus.fit 192.168.1.60:8443 id 10135  

backend blacklotus.fit_ipv6
	mode			tcp
	id			20134
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend bvntech.hu_ipv4
	mode			tcp
	id			10136
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			bvntech.hu 192.168.1.60:8443 id 10137  

backend bvntech.hu_ipv6
	mode			tcp
	id			20136
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend evagyogytorna.hu_ipv4
	mode			tcp
	id			10138
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			evagyogytorna.hu 192.168.1.60:8443 id 10139  

backend evagyogytorna.hu_ipv6
	mode			tcp
	id			20138
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend retaljaegyesulet.hu_ipv4
	mode			tcp
	id			10140
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			retaljaegyesulet.hu 192.168.1.60:8443 id 10141  

backend retaljaegyesulet.hu_ipv6
	mode			tcp
	id			20140
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

backend korosliget.hu_ipv4
	mode			tcp
	id			10142
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv4@ usesrc clientip
	server			korosliget.hu 192.168.1.60:8443 id 10143  

backend korosliget.hu_ipv6
	mode			tcp
	id			20142
	log			global
	timeout connect		60000
	timeout server		60000
	retries			3
	source ipv6@ usesrc clientip

        Hope somebody know what should i do..

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.