• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy Seems to Forward to wrong Backend Port

Scheduled Pinned Locked Moved Cache/Proxy
7 Posts 5 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sammiorelli
    last edited by Nov 27, 2023, 7:45 PM

    I'm setting up HAProxy and running into a very strange problem.

    I'm pretty confident in my front end and back end configuration, with the back end needing to point to port 8000 on the target internal server. But, consistently HAProxy said the server was down, which was really strange to me, since running a curl command to the destination returned the webpage in the command prompt of the pfsense.

    So I looked at the HAProxy report, and this is where my suspicions that something is wrong popped up. When I cursor over the backend that's "down," the IP address it shows in the mousover is :443, not :8000.
    haproxy stats screenshot.png

    But as you can see, very clearly I've got it set to port 8000, not 443. Has anyone run into this?
    haproxy backend settings.png

    S 1 Reply Last reply Nov 27, 2023, 9:48 PM Reply Quote 0
    • S
      sammiorelli @sammiorelli
      last edited by Nov 27, 2023, 9:48 PM

      @sammiorelli update: uninstalled the normal version, installed -dev, rebooted everything, and it no longer is trying to go to port 443 internally and is going to 8000. Seems it was something stuck from the install.

      K 1 Reply Last reply Nov 29, 2023, 12:21 PM Reply Quote 0
      • K
        kiokoman LAYER 8 @sammiorelli
        last edited by Nov 29, 2023, 12:21 PM

        @sammiorelli
        for me, dev have a bug,
        let's say you create a backend that point to port 8000
        if you change the port from 8000 to something else it does not work, it's still redirecting to port 8000
        i always have to delete the backend and reconfigure it to make it work

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • E
          Elan67
          last edited by Nov 29, 2023, 2:15 PM

          I can confirm a similar issue with my (not dev) installation. Changing the BE port is ignored unless I stop HaProxy then change the port and start haproxy again! Completely impractical in a production scenario!

          Another issue that arose with HAProxy version 2.8.2-61a0f57, released 2023/08/09 is that SSL (self-signed certificate) BE are ok (ie green on stats) but accessing the from FE return in an endless loop.
          Still investigating in the meanwhile I had to switch to not -SSL BE to get it work again.

          E 1 Reply Last reply Jan 17, 2024, 11:09 AM Reply Quote 0
          • G
            gmpreussner
            last edited by Jan 11, 2024, 10:37 PM

            I have the same problem, except it goes to port 80 instead of 443 (because my backends are HTTP, not HTTPS, on non-standard ports, such as 8080, 8081, 7860, etc.).

            pfSense 2.7.2
            haproxyy 0.63_1 (haproxy-2.8.3)

            Currently, the workaround is to reboot pfSense after HAProxy settings changes.
            See also https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed

            1 Reply Last reply Reply Quote 0
            • E
              Elan67 @Elan67
              last edited by Jan 17, 2024, 11:09 AM

              I solved the empty response behavior from an SSL BE. The BE name of the BE must match the FDQN and cannot be arbitrary anymore, ie:
              e4d3ed7a-1ea9-4008-b5c6-c90288a9b949-image.png
              the Field explanations do not help at all:
              ef37ea06-c628-4117-a5cb-c22c64854d1c-image.png

              1 Reply Last reply Reply Quote 0
              • F
                fedesoundsystem
                last edited by Apr 12, 2025, 12:07 PM

                Yeah, same problem here, I was hitting the wall for days, messing with certificates, and it was this exact bug. april 2025 recent pfsense/haproxy devel install, and still nothing.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received