Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    issue with backend on HAPROXY

    Scheduled Pinned Locked Moved
    Cache/Proxy
    2
    4
    671
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mervincm
      last edited by mervincm

      I moved the app to a new host and I can't seem to get HAProxy happy again. It complains about the backend and the front end forwards to a 503 Service unavailable.

      I want to access the app at https://sonarr.5mars.ca without cert complaints
      I use HAPROXY to do so for about 20 apps using a wildcard let's encrypt cert.
      I use 10.0.0.5 as a VIP for the front end of HAPROXY (same as all 20 apps)
      I use 10.0.0.31 as the host IP on the docker host the app is running on, and port 8989 for the app on http protocol (unique for this app)
      I have DNS resolver setup to resolve sonarr.5mars.ca to the VIP (10.0.0.5)

      I have the haproxy backend setup to http check (tried others) frontend to my common shared front end (all 20 apps) forward to 10.0.0.31 port 8989 encrypt:no ssl check:no and I get an error on save: WARNING] (42507) : config : Server sonarr_ipvANY/sonarr is DOWN, changed from server-state after a reload. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

      I have the (common for all 20 apps) haproxy front-end setup on the listen address 10.0.0.5 on 443 w SSL offloading, type http/https(offloading) and with sonarr host match to sonarr.5mars.ca. with action use backend and conditional ACL sonarr w backend:sonarr

      troubleshooting
      test PC can ping 10.0.0.5 and 10.0.0.31
      pfsense can ping 10.0.0.5 and 10.0.0.31
      pfsense can ping sonarr.5mars.ca (and return from 10.0.0.5 as expected)

      test pc can open the app at http://10.0.0.31:8989
      after adding host entry of 10.0.0.31 sonarr.5mars.ca test pc can open the app at http://sonarr.5mars.ca:8989/ (with invalid cert message as expected.

      similar to this problem but now I have no luck changing the health check method.
      Re: Troubleshoot HAProxy entry 503 - solved - invalid health check selected

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mervincm
        last edited by

        @mervincm said in issue with backend on HAPROXY:

        I use 10.0.0.39 as the host IP on the docker host the app is running on, and port 8989 for the app on http protocol (unique for this app)
        I have the haproxy backend setup to http check (tried others) frontend to my common shared front end (all 20 apps) forward to 10.0.0.31 port 8989 encrypt:no ssl check:no and I get an error on save: WARNING] (42507) : config : Server sonarr_ipvANY/sonarr is DOWN, changed from server-state after a reload. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

        Now, which IP has the backend host?
        A typo?

        If you check the HAproxy Stats the backend must not be shown up as 'down' at all events.
        You can try to disable the health check if there is an issue with it.

        M 1 Reply Last reply Reply Quote 0
        • M
          mervincm @viragomann
          last edited by

          @viragomann
          Thanks for pointing out the typo. It has been corrected to .31 on both.

          1 Reply Last reply Reply Quote 0
          • M
            mervincm
            last edited by

            This seems to be working now/resolved.

            I bounced the whole firewall and my (pihole) dns servers and came back to it 30 minutes later and now it is working.

            I don't understand what bouncing the pihole servers, or the full firewall ( given I previously bounced the dns resolver / haproxy services) might have done but with the haproxy backend happy, everything is now working.

            hopefully this helps the next guy :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post