• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy 502 error when using POST method

Scheduled Pinned Locked Moved Cache/Proxy
haproxybad gatewayerror
10 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Berick
    last edited by Sep 11, 2023, 7:48 AM

    Hi there

    I have setup HAProxy to offload my internal domains. The SSL offloading works fine, except that as soon as a POST method is being used, I get a 502 Bad gateway error.

    My setup:
    I have an internal wildcard certificate through let's encrypt and cloudflare which goes on my top level domain. e.g. *.home.mydomain.com
    Then I have my backends setup without ssl.
    The frontend terminates on 2 virtual IPs, 1 for each VLAN I have backends in. They are configured separately.
    Then I have the action which routes this to the backends.

    DNS resolves are there. Those work.

    This all works fine, except for the POST methods. The weird thing is, it is only for the second virtual IP, it seems the first works fine, although they are both setup the same way.

    Screenshot 2023-09-11 094544.png Screenshot 2023-09-11 094405.png Screenshot 2023-09-11 094733.png

    Anyone got an idea why?

    V 1 Reply Last reply Sep 13, 2023, 5:28 PM Reply Quote 0
    • V
      viragomann @Berick
      last edited by Sep 13, 2023, 5:28 PM

      @Berick
      Did you redirect non-SSL request to HTTPS. If yes, how did you do that?

      B 1 Reply Last reply Sep 17, 2023, 8:55 PM Reply Quote 0
      • B
        Berick @viragomann
        last edited by Sep 17, 2023, 8:55 PM

        @viragomann I did, as you can see with a frontend redirect rule.

        V 1 Reply Last reply Sep 18, 2023, 11:56 AM Reply Quote 0
        • V
          viragomann @Berick
          last edited by Sep 18, 2023, 11:56 AM

          @Berick
          All I can see there, are frontend names beginning with "redirect", the listening IPs and the types.
          But the question was, how you did the redirects. This is sadly not explained by that screenshot.

          B 1 Reply Last reply Sep 19, 2023, 6:03 PM Reply Quote 0
          • B
            Berick @viragomann
            last edited by Sep 19, 2023, 6:03 PM

            @viragomann sorry, sure thing here it is:
            c998d2cf-8d97-4833-9d12-0623300d0f7d-image.png

            V 1 Reply Last reply Sep 19, 2023, 6:14 PM Reply Quote 0
            • V
              viragomann @Berick
              last edited by viragomann Sep 19, 2023, 6:15 PM Sep 19, 2023, 6:14 PM

              @Berick
              Your're missing an ACL for this action.
              Is that even accepted by the GUI this way, with the 'unless' directly in the rule?

              In my settings I have this ACL
              be7b1b36-636b-4f46-8071-19456709ecda-grafik.png
              (note that 'not' is checked)
              and this action
              e5a9c5b1-c0d0-465c-b301-30a5f24a9279-grafik.png
              to achieve https redirect.

              B 1 Reply Last reply Sep 19, 2023, 6:47 PM Reply Quote 0
              • B
                Berick @viragomann
                last edited by Sep 19, 2023, 6:47 PM

                @viragomann changed it to your config, but unfortunately, no improvement, still bad gateway error.

                V 1 Reply Last reply Sep 19, 2023, 7:45 PM Reply Quote 0
                • V
                  viragomann @Berick
                  last edited by Sep 19, 2023, 7:45 PM

                  @Berick
                  Maybe you get more details on the issue from the HAproxy log after enabling logging.

                  B 1 Reply Last reply Sep 19, 2023, 8:26 PM Reply Quote 0
                  • B
                    Berick @viragomann
                    last edited by Sep 19, 2023, 8:26 PM

                    @viragomann This is what I have in the logs even on debugging level:

                    Sep 19 22:25:01 pfSense haproxy[99796]: 172.16.10.11:65470 [19/Sep/2023:22:25:01.856] offload-network~ gs305ep_ipvANY/gs305ep 0/0/5/-1/66 502 209 - - SH-- 1/1/0/0/0 0/0 "POST /login.cgi HTTP/1.1"
                    V 1 Reply Last reply Sep 19, 2023, 9:16 PM Reply Quote 0
                    • V
                      viragomann @Berick
                      last edited by Sep 19, 2023, 9:16 PM

                      @Berick
                      That's not really much.
                      Maybe you can find more details, when running the browser debugging mode.

                      I got a similar problem solved by adding this response header:

                      http-response header set > name: content-security-policy, fmt: upgrade-insecure-requests

                      You can try, but not sure if this helps.

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received