Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Varnish or HAproxy help

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rajbps
      last edited by

      Hi Team,

      I have varnist setup and working fine for http request with a few servers each a different website. But now I have a few servers running https and this does not work with varnish if I am right.

      So I installed HAproxy full but having some issues with it.

      Here are the config:

      Under settings I have

      Maximun connections : 10000 per Backend
      Remote syslog host  127.0.0.1

      Frondend settings I have

      Name : WEBLB
      Description : WEBLB
      Connection timeout : 30000
      Server timeout : 30000
      Retries : 3
      Type : HTTP
      Balance : Source
      Stats Enable : Checked
      Stats Realm : Haproxy\ Statistics
      Stats Uri : /haproxy?stats
      Stats Username : admin
      Stats Password : "Set my own password"
      Stats Refresh : 10
      Monitor Uri : /index.php
      Port : 443
      Max connections : 10000
      Client Timeout : 30000
      Use forward option : Checked
      Use httpclose option : checked
      Advance pass thru : cookie SERVERID insert indirect

      Under servers I have

      Name : serverA (Actual name not put on the forum)
      Frontend : WEBLB
      ip address : X.X.X.X ( Ip of serverA )
      Port : 443
      Status : Active
      Cookie : serverA
      Weight : 1

      Also when I go to http://X.X.X.X/haproxy?stats I get "404 page not found"

      Could anyone advise pls?

      Cheers,

      Raj

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        are you sure the haproxy process is running? ps -A | grep haproxy

        can you check the config with console command:
        haproxy -c -V -f /var/etc/haproxy.cfg

        can you post the contents of 'haproxy.cfg' ?

        1 Reply Last reply Reply Quote 0
        • R
          rajbps
          last edited by

          haproxy -c -V -f /var/etc/haproxy.cfg
          [WARNING] 079/075307 (42686) : config : cookie will be ignored for proxy 'WEBLB' (needs 'mode http').
          [WARNING] 079/075307 (42686) : config : 'cookie' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
          [WARNING] 079/075307 (42686) : config : 'stats' statement ignored for proxy 'WEBLB' as it requires HTTP mode.
          [WARNING] 079/075307 (42686) : config : 'option forwardfor' ignored for proxy 'WEBLB' as it requires HTTP mode.
          [WARNING] 079/075307 (42686) : config : 'option httpclose' ignored for proxy 'WEBLB' as it requires HTTP mode.
          [ALERT] 079/075307 (42686) : config : proxy 'WEBLB' : server cannot have cookie or redirect prefix in non-HTTP mode.
          [ALERT] 079/075307 (42686) : Fatal errors found in configuration.

          If I change the settings in the front end fron https to hhp then i get :

          haproxy -c -V -f /var/etc/haproxy.cfg
          [WARNING] 079/075618 (675) : Proxy 'WEBLB': in multi-process mode, stats will be limited to process assigned to the current request.
          Configuration file is valid

          and in the logs i get :

          haproxy[3445]: Proxy WEBLB started.
          Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
          Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
          Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
          Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
          Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
          Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!
          Mar 21 07:57:04 haproxy[3445]: Server WEBLB/BPSCLOUD is DOWN, reason: Layer7 invalid response, info: "<3C>!DOCTYPE HTML PUBLIC <22>-//IETF//DTD HTML 2.0//EN<22><3E><0A><3C>html<3E><3C>head<3E><0A><3C>title<3E>400 Bad Request<3C>/title<3E><0A><3C>/head<3E><3C>body<3E><0A><3C>h1<3E>Bad Request<3C>/h", check duration: 3ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
          Mar 21 07:57:04 haproxy[3445]: proxy WEBLB has no server available!

          Cheers,

          Raj

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            It seams you are trying to mix a few features of haproxy that cannot be used together.
            https < cannot use cookies or any other method that 'modifies' the traffic.
            http < should not run on port 443 but on port 80, but does not support https traffic in the haproxy1.4

            I suppose you do want the endusers to use your website securely, so that listening on port 443 is 'correct'.

            Do you really need the cookie? and the stats

            I you do there might be another option in the new haproxy-devel 1.5dev17 package that fits your needs.
            It allows using 'http mode' which allows for the cookie setting with SSL-offloading possibly even combined with a SSL backend. But this does require configuring the certificates on the haproxy settings. Though the package is still in active development and options might change without notice..

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.