• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy Seems to Forward to wrong Backend Port

Scheduled Pinned Locked Moved Cache/Proxy
8 Posts 6 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sammiorelli
    last edited by Nov 27, 2023, 7:45 PM

    I'm setting up HAProxy and running into a very strange problem.

    I'm pretty confident in my front end and back end configuration, with the back end needing to point to port 8000 on the target internal server. But, consistently HAProxy said the server was down, which was really strange to me, since running a curl command to the destination returned the webpage in the command prompt of the pfsense.

    So I looked at the HAProxy report, and this is where my suspicions that something is wrong popped up. When I cursor over the backend that's "down," the IP address it shows in the mousover is :443, not :8000.
    haproxy stats screenshot.png

    But as you can see, very clearly I've got it set to port 8000, not 443. Has anyone run into this?
    haproxy backend settings.png

    S 1 Reply Last reply Nov 27, 2023, 9:48 PM Reply Quote 0
    • S
      sammiorelli @sammiorelli
      last edited by Nov 27, 2023, 9:48 PM

      @sammiorelli update: uninstalled the normal version, installed -dev, rebooted everything, and it no longer is trying to go to port 443 internally and is going to 8000. Seems it was something stuck from the install.

      K 1 Reply Last reply Nov 29, 2023, 12:21 PM Reply Quote 0
      • K
        kiokoman LAYER 8 @sammiorelli
        last edited by Nov 29, 2023, 12:21 PM

        @sammiorelli
        for me, dev have a bug,
        let's say you create a backend that point to port 8000
        if you change the port from 8000 to something else it does not work, it's still redirecting to port 8000
        i always have to delete the backend and reconfigure it to make it work

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • E
          Elan67
          last edited by Nov 29, 2023, 2:15 PM

          I can confirm a similar issue with my (not dev) installation. Changing the BE port is ignored unless I stop HaProxy then change the port and start haproxy again! Completely impractical in a production scenario!

          Another issue that arose with HAProxy version 2.8.2-61a0f57, released 2023/08/09 is that SSL (self-signed certificate) BE are ok (ie green on stats) but accessing the from FE return in an endless loop.
          Still investigating in the meanwhile I had to switch to not -SSL BE to get it work again.

          E 1 Reply Last reply Jan 17, 2024, 11:09 AM Reply Quote 0
          • G
            gmpreussner
            last edited by Jan 11, 2024, 10:37 PM

            I have the same problem, except it goes to port 80 instead of 443 (because my backends are HTTP, not HTTPS, on non-standard ports, such as 8080, 8081, 7860, etc.).

            pfSense 2.7.2
            haproxyy 0.63_1 (haproxy-2.8.3)

            Currently, the workaround is to reboot pfSense after HAProxy settings changes.
            See also https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed

            1 Reply Last reply Reply Quote 0
            • E
              Elan67 @Elan67
              last edited by Jan 17, 2024, 11:09 AM

              I solved the empty response behavior from an SSL BE. The BE name of the BE must match the FDQN and cannot be arbitrary anymore, ie:
              e4d3ed7a-1ea9-4008-b5c6-c90288a9b949-image.png
              the Field explanations do not help at all:
              ef37ea06-c628-4117-a5cb-c22c64854d1c-image.png

              1 Reply Last reply Reply Quote 0
              • F
                fedesoundsystem
                last edited by Apr 12, 2025, 12:07 PM

                Yeah, same problem here, I was hitting the wall for days, messing with certificates, and it was this exact bug. april 2025 recent pfsense/haproxy devel install, and still nothing.

                1 Reply Last reply Reply Quote 0
                • P
                  PauloPedrozo
                  last edited by 8 days ago

                  Hi, a few weeks ago the same problem, HAProxy was working fine about 3 years ago.

                  I try pfsense version 2.6, 2.7, 2.8beta and now 2.8. Haproxy and haproxy-devel. no success.

                  Its like a cache, when request the first acl rule, the next use the same rule.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received