Help with getting second server working with haproxy
-
I currently have a couple servers and I am hoping to get those servers operating via haproxy. I currently have a zoneminder server which I have successfully set up so that any device I use while on my LAN will successfully be forwarded to my zoneminder server by using zm.domain.com. I also have a wildcard cert and now I don't get the browser warning when connecting on my LAN.
My issue is that I am also trying to add another server (Truenas) and I would like it to be found by going to tn.domain.com. Unfortunately though I have copied the settings that I used to create the ZM proxy. It is not working for the Truenas server. Sometimes I get a 503 error, and other times I get a Redirected Too Many times error. Looking at the config, can anyone point me in the right direction to fix what I'm doing wrong?
# Automaticaly generated, dont edit manually. # Generated on: 2024-12-30 15:32 global maxconn 1000 log /var/run/log local0 debug stats socket /tmp/haproxy.socket level admin expose-fd listeners uid 80 gid 80 nbthread 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options ssl-min-ver TLSv1.3 no-tls-tickets ssl-default-server-options ssl-min-ver TLSv1.3 no-tls-tickets server-state-file /tmp/haproxy_server_state listen HAProxyLocalStats bind 127.0.0.1:10 name localstats mode http stats enable stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend http-to-https bind 0.0.0.0:80 name 0.0.0.0:80 mode http log global option http-keep-alive timeout client 30000 http-request redirect scheme https frontend https-frontend bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy/https-frontend.crt_list mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl zm-web var(txn.txnhost) -m str -i zm.domain.com acl tn-web var(txn.txnhost) -m str -i tn.domain.com acl aclcrt_https-frontend var(txn.txnhost) -m reg -i ^([^\.]*)\.servers\.com(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) use_backend zm_server_ipvANY if zm-web aclcrt_https-frontend use_backend tn_server_ipvANY if tn-web aclcrt_https-frontend backend zm_server_ipvANY mode http id 100 log global http-check send meth OPTIONS timeout connect 30000 timeout server 30000 retries 3 load-server-state-from-file global option httpchk server zm_server 192.168.1.15:80 id 101 check inter 1000 backend tn_server_ipvANY mode http id 102 log global http-check send meth OPTIONS timeout connect 30000 timeout server 30000 retries 3 load-server-state-from-file global option httpchk server tn_server 192.168.1.10:80 id 101 check inter 1000 -
@vMAC said in Help with getting second server working with haproxy:
Sometimes I get a 503 error, and other times I get a Redirected Too Many times error.
I'd consider these as different issues.
HAproxy give 503 if the backend state is offline or the backend does not respond as expected.
So first ensure, that HAproxy shows the backend as online in the stats. I'd switch over to basic health check for testing.However, "redirected to many times" might come from the browser. Best you use the browsers debugging mode to investigate, what's going on here.
-
@viragomann said in Help with getting second server working with haproxy:
@vMAC said in Help with getting second server working with haproxy:
Sometimes I get a 503 error, and other times I get a Redirected Too Many times error.
I'd consider these as different issues.
HAproxy give 503 if the backend state is offline or the backend does not respond as expected.
So first ensure, that HAproxy shows the backend as online in the stats. I'd switch over to basic health check for testing.However, "redirected to many times" might come from the browser. Best you use the browsers debugging mode to investigate, what's going on here.
Got it, so here is what I found. Truenas has a Http -> Https redirect built into settings. I had it checked, unchecking it has not stopped the too many redirects, and looks to have resolved my original issue. Thank you!
I am now trying to set one up for my Unifi Cloud Controller though and it is giving me a TLS mismatch error as I am trying to redirect to a 8443 port?
Bad Request
This combination of host and port requires TLS.