[Solved] Basic usage of HAProxy



  • Hi,

    I have a nginx server running in my LAN with an ip address of 192.168.1.10. The nginx server is reachable via https on the LAN and has 'lets encrypt' certificates installed. I want to reach this server from the WAN side. I defined the backend for this ip address, but the stats show it as Down with the status  "L7STS/405 in 1ms". If i change the backend port to 80, it does show up as Online.

    Any idea how can i make it to work?

    My HAProxy config is as follows

    
    global
            maxconn                 1000
            stats socket /tmp/haproxy.socket level admin
            uid                     80
            gid                     80
            nbproc                  1
            chroot                  /tmp/haproxy_chroot
            daemon
    
    listen HAProxyLocalStats
            bind 127.0.0.1:2200 name localstats
            mode http
            stats enable
            stats admin if TRUE
            stats uri /haproxy_stats.php?haproxystats=1
            timeout client 5000
            timeout connect 5000
            timeout server 5000
    
    frontend frontend
            bind                    xx.175.101.zz:443 name xx.175.101.zz:443
            mode                    tcp
            log                     global
            maxconn                 100
            timeout client          30000
            default_backend site1_https_ipvANY
    
    backend site1_https_ipvANY
            mode                    tcp
            log                     global
            timeout connect         30000
            timeout server          30000
            retries                 3
            option                  httpchk OPTIONS /
            server                  mywebsite 192.168.1.10:443 check-ssl check inter 1000  weight 10 verify none
    
    


  • If you get a "405 Method not allowed", then changing the method might help. Try HEAD instead of OPTIONS, or one of the others like GET.



  • I add the following to nginx.conf and the problem went away.

    
     location / {
    
        if ($request_method = OPTIONS ) {
            add_header Access-Control-Allow-Origin "https://cloud.example.com";
            add_header Access-Control-Allow-Methods "GET, OPTIONS";
            add_header Access-Control-Allow-Headers "Authorization";
            add_header Access-Control-Allow-Credentials "true";
            add_header Content-Length 0;
            add_header Content-Type text/plain;
            return 200;
        }
    
    

Log in to reply