HAProxy issue with FireFox
-
Hello all.
I'm experiencing a very strange problem with FireFox browsers and my PFSense 2.0.1 box.
Network is configured as follow:
NIC_1=LAN
NIC_2=WAN
NIC_3=DMZ
NIC_4=Internet Gateway 1 (with dedicated line and static public IP)
NIC_5=ADSL backup lineServers are of course on DMZ. Web Servers are 2 machines that run Apache 2.2.
On server_1 there are 5 websites, on server_2 there are 3 websites.
I configured HAProxy with 1 frontend and 2 servers. Connecting from internal LAN to DMZ all works because nothing passes thru proxy; when I connect from Internet to DMZ, I experience the issue with FireFox:
Scenario of the sites is:
http://www.site_1.com -> on server_1
http://www.site_2.com -> on server_1
http://www.site_3.com -> on server_1
http://www.site_4.com ->on server_2
http://www.site_5.com -> on server_2With IE and Chrome, except site_3, all sites reach correct destination, and all seems to work fine; with Firefox, instead, it happens the following:
http://www.site_1.com -> it goes on server_2, showing the default apache webpage "it works"
http://www.site_4.com -> It goes on server_1, showing the default apache webpage "it works"
The same with other websites.I don't understand how it can happen. To HAProxy is assigned a Virtual IP created as CARP type (as recomended in another post here in the forum). I attach here the configuration generated by PFSense GUI:
global maxconn 9999999 uid 80 gid 80 nbproc 4 chroot /var/empty daemon listen Server1 bind 192.168.2.5:80 cookie SERVERID insert indirect httpchk HEAD /index.html HTTP/1.0 mode http log global option dontlognull option httpclose option forwardfor maxconn 10000 clitimeout 30000 balance roundrobin contimeout 60000 srvtimeout 60000 retries 3 option httpchk HEAD / HTTP/1.0 stats enable stats uri /haproxy?stats stats realm Haproxy\ Statistics stats auth stats refresh 5 server Server_1 192.168.2.31:80 cookie server1 check inter 1000 weight 1 server Server_2 192.168.2.40:80 cookie DEV_Server check inter 1000 weight 1
I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?
Where I can check for this strange issue with FireFox? I'm becoming crazy to find the cause, but I don't found nothing yet. I hope that someone can help me.
Thanks in advance.
-
I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?
That's the point, haproxy balance based on ip addresses not based on host names.
If you need hostname balance, then you need to use varnish or apache2+mod_security
take a look on package description to choose between both.
I prefer varnish ;)