issue with backend on HAPROXY

mervincm · Nov 14, 2023, 9:31 PM

I moved the app to a new host and I can't seem to get HAProxy happy again. It complains about the backend and the front end forwards to a 503 Service unavailable.

I want to access the app at https://sonarr.5mars.ca without cert complaints
I use HAPROXY to do so for about 20 apps using a wildcard let's encrypt cert.
I use 10.0.0.5 as a VIP for the front end of HAPROXY (same as all 20 apps)
I use 10.0.0.31 as the host IP on the docker host the app is running on, and port 8989 for the app on http protocol (unique for this app)
I have DNS resolver setup to resolve sonarr.5mars.ca to the VIP (10.0.0.5)

I have the haproxy backend setup to http check (tried others) frontend to my common shared front end (all 20 apps) forward to 10.0.0.31 port 8989 encrypt:no ssl check:no and I get an error on save: WARNING] (42507) : config : Server sonarr_ipvANY/sonarr is DOWN, changed from server-state after a reload. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

I have the (common for all 20 apps) haproxy front-end setup on the listen address 10.0.0.5 on 443 w SSL offloading, type http/https(offloading) and with sonarr host match to sonarr.5mars.ca. with action use backend and conditional ACL sonarr w backend:sonarr

troubleshooting
test PC can ping 10.0.0.5 and 10.0.0.31
pfsense can ping 10.0.0.5 and 10.0.0.31
pfsense can ping sonarr.5mars.ca (and return from 10.0.0.5 as expected)

test pc can open the app at http://10.0.0.31:8989
after adding host entry of 10.0.0.31 sonarr.5mars.ca test pc can open the app at http://sonarr.5mars.ca:8989/ (with invalid cert message as expected.

similar to this problem but now I have no luck changing the health check method.
Re: Troubleshoot HAProxy entry 503 - solved - invalid health check selected

viragomann · Nov 14, 2023, 8:45 PM

@mervincm said in issue with backend on HAPROXY:

I use 10.0.0.39 as the host IP on the docker host the app is running on, and port 8989 for the app on http protocol (unique for this app)
I have the haproxy backend setup to http check (tried others) frontend to my common shared front end (all 20 apps) forward to 10.0.0.31 port 8989 encrypt:no ssl check:no and I get an error on save: WARNING] (42507) : config : Server sonarr_ipvANY/sonarr is DOWN, changed from server-state after a reload. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

Now, which IP has the backend host?
A typo?

If you check the HAproxy Stats the backend must not be shown up as 'down' at all events.
You can try to disable the health check if there is an issue with it.

mervincm · Nov 14, 2023, 9:36 PM

@viragomann
Thanks for pointing out the typo. It has been corrected to .31 on both.

mervincm · Nov 14, 2023, 10:22 PM

This seems to be working now/resolved.

I bounced the whole firewall and my (pihole) dns servers and came back to it 30 minutes later and now it is working.

I don't understand what bouncing the pihole servers, or the full firewall ( given I previously bounced the dns resolver / haproxy services) might have done but with the haproxy backend happy, everything is now working.

hopefully this helps the next guy :)