Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inbound Failover for HTTPS

    Routing and Multi WAN
    2
    23
    9.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skipper
      last edited by

      thnx for the fast reply man!!

      how can i create the Fall Back Pool??
      i am creating a pool with the just web1 on it and then a second pool with just the web2? is this what u mean?

      1 Reply Last reply Reply Quote 0
      • S
        skipper
        last edited by

        I think i got what you mean :)
        hope that will work  8)

        thnx a lot!!

        1 Reply Last reply Reply Quote 0
        • S
          skipper
          last edited by

          i tried it and it seems that it's working!

          however, the redirection is very slow,

          when i take apache down on web1 then from loadbalncer status i can see that the pool with the web1 is down and the pool with the web2 is up (green). however, the loadbalancer is still forwarding the http(s) requests to web1 for some minutes, and then after 2,3 minutes it switching to web2  ???

          is there a way to improve this and make it faster so it will not take so long?

          thnx

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Are you getting errors from client access or just seeing some traffic going(heath status check from firewall for example) to down server?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • S
              skipper
              last edited by

              from the client side i cannot access the web (This webpage is not available) and on the FW i can see that the requests are going to web1 even if the load balancer recognizes that it is down. After 2 or 3 minutes is redirecting the traffic to web2.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Did you tried the manual failover or haproxy before this fallback pool?

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • S
                  skipper
                  last edited by

                  thnx for your time and help marcelloc

                  yes i tried them,
                  the manual failover cannot do what i need, because i want the traffic to be forwarded automatically to web2 when web1 is down.
                  and haproxy didn't look to work for https traffic, thus i chose to stay at loadbalancer solution, just i need to improve the time that it takes for forwarding the requests to web2 when web1 is down.
                  isn't it there a way to make it faster?
                  the point is that the load balancer is recognizing very fast that the web1 is down, is just not changing the forwarding to web2.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Well, I use haproxy for https as I told you with no issues.

                    Can you try haproxy again using source as balance method, one pool for http and another pool for https?

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • S
                      skipper
                      last edited by

                      yeah i will give it a try with haproxy (legacy) again and see if it can work.

                      when i tried i used a virtual carp IP (internet IP) and there i could also access the stats, but i didn't like that the stats were accessible from internet.
                      is it possible to access the stats (and setup haproxy) in another IP and not in the external IP of haproxy?

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        I enable stats on internal pools only. Any stat page show stats for all pools.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • S
                          skipper
                          last edited by

                          haproxy doesn't seem to be working for me :/ it's not even forwarding the requests to web1 or web2, i don't know what i am doing wrong there  :-[

                          furthermore, after some tries to edit the configuration for the frontend is accepting the changes but is not updating the configuration, it seems like there is a bug in haproxy legacy (at least 2.0-RELEASE (amd64)).

                          as for the load balancer what i noticed is that when i take web1 down i can see from the pool tab that web1 is down (red) but on the virtual server tab it keeps "targeting" (forwarding) the requests to web1, which means that the virtual server is not refreshing the status right after the pool.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            Can you screenshot your haproxy config?

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • S
                              skipper
                              last edited by

                              here it's my configuration of haproxy…what am i doing wrong ???

                              the virtual IP is on the wan interface and it's CARP.
                              when the client is sending https request is not getting any answer
                              with http requests is going to pfsense web interface.

                              thnx once again man!!

                              listener1.png
                              listener1.png_thumb
                              listener2.png
                              listener2.png_thumb
                              listener3.png
                              listener3.png_thumb
                              pool1.png
                              pool1.png_thumb
                              pool2.png
                              pool2.png_thumb

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                Can you try this setup with legacy package?

                                I'm using it, so it will be easier to me to compare my setup with yours.

                                This week I`ll rename haproxy-lagacy to haproxy-full as it has more options then current 1.2 package.

                                Both(1.2 and 1.0) use the same 1.4.19 version of haproxy.

                                att,
                                Marcello Coutinho

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • S
                                  skipper
                                  last edited by

                                  i removed haproxy and installed haproxy legacy and then i configured it again.
                                  the results are same as before :/
                                  here is my configuration…

                                  frontend1.png
                                  frontend1.png_thumb
                                  frontend2.png
                                  frontend2.png_thumb
                                  frontend3.png
                                  frontend3.png_thumb
                                  backend1.png
                                  backend1.png_thumb
                                  backend2.png
                                  backend2.png_thumb

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    On backends I do not fill up Advanced pass thru and do not set cookies on Servers.

                                    The other settings looks similar here.

                                    Enable stats and try to see what happens.

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      skipper
                                      last edited by

                                      hey marcelloc,

                                      thanks a lot man!! i removed the "server cookies" from the backends and also "advanced pass thru" from the frontends and seems to be working great so far!! :)

                                      btw, as i don't want the stats to be accessible from internet.. is it possible to make the stats accessible just from VPN connection in some other internal IP address? or i should just disable the stats?

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        Publish another haproxy server config with internal address, stats enabled and assign the http backend just to get stats working.

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          skipper
                                          last edited by

                                          thnx once again!!

                                          i published haproxy in an internal ip address as well for the stats, it was not necessary to assign any backend.

                                          best regards

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.