ACL Re-direction wrong at times

Help!
1

Hello,

Apologies if i’m completely misusing HA Proxy. However, I’ve started to host some websites for friends but down to the lack of public facing IP’s i’ve been trying to use the one IP and then HA proxy decided which backend it should go to.

I’m currently using ACLs with “if this url then point to this backend”. However, looks like it’s sometimes bouncing between whatever backend is available instead of the single one that i’ve specified.

# Configuration for HTTP site
frontend http-in
    bind *:80
    acl owlmagic hdr(host)  owlmagic.mydomain.com
    acl JamesT hdr(host)   jamest.mydomain.com

 use_backend OwlMagic if owlmagic
    use_backend JamesTay if JamesT


backend OwlMagic
 mode http
 server WEB1 192.168.10.12:80 

backend JamesTay
mode http
        server WEB2 192.168.10.16:80

However, whenever i access JamesT.mydomain.com it sometimes points to the correct backend and then others it will point to OwlMagic and vice versa.

Is this a config problem on my end or am I not using this correctly at all?

Thanks,

2

Provide the full configuration you are using, the output of haproxy -vv and the output of the logs in httplog format.

3

As requested:

global
    log 127.0.0.1 local0 notice
    maxconn 50000
    daemon
defaults
    log global
    mode http
    option httplog
    option dontlognull
    option forwardfor
    option http-server-close
    timeout client 30s
    timeout connect 4s
    timeout server 30s

# Configuration for HTTP site
frontend http-in
    bind *:80
    acl owlmagic hdr(host)  owlmagic.adamsitsolutions.co.uk
    acl JamesT hdr(host)   jamest.adamsitsolutions.co.uk
   # acl MonitoringAdamsIT url_beg /monitoring.adamsit
 use_backend OwlMagic if owlmagic
    use_backend JamesTaylor if JamesT


#frontend https-in
 #   bind 192.168.1.114:443
#       acl MonitoringAdamsIT url_beg /monitoring.adamsit
#       use_backend Monitoring if MonitoringAdamsIT

backend OwlMagic
 mode http
 #balance roundrobin  # Load Balancing algorithm
option httpchk
option forwardfor
 server WEB1 192.168.10.12:80 weight 1 maxconn 512 check

backend JamesTaylor
mode http
        server WEB2 192.168.10.16:80

AProxy version 2.4.12-1ppa1~focal 2022/01/11 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.12.html
Running on: Linux 5.4.0-99-generic #112-Ubuntu SMP Thu Feb 3 13:50:55 UTC 2022 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = cc
  CFLAGS  = -O2 -g -O2 -fdebug-prefix-map=/build/haproxy-b7TO7s/haproxy-2.4.12=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
  OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 USE_SYSTEMD=1 USE_PROMEX=1
  DEBUG   =

Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT +PCRE2 +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -CLOSEFROM -ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC +PROMEX -MEMORY_PROFILING

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.1.1f  31 Mar 2020
Running on OpenSSL version : OpenSSL 1.1.1f  31 Mar 2020
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE2 version : 10.34 2019-11-21
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with gcc compiler version 9.3.0

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTTP       side=FE|BE     mux=H2       flags=HTX|CLEAN_ABRT|HOL_RISK|NO_UPG
            fcgi : mode=HTTP       side=BE        mux=FCGI     flags=HTX|HOL_RISK|NO_UPG
       <default> : mode=HTTP       side=FE|BE     mux=H1       flags=HTX
              h1 : mode=HTTP       side=FE|BE     mux=H1       flags=HTX|NO_UPG
       <default> : mode=TCP        side=FE|BE     mux=PASS     flags=
            none : mode=TCP        side=FE|BE     mux=PASS     flags=NO_UPG

Available services : prometheus-exporter
Available filters :
        [SPOE] spoe
        [CACHE] cache
        [FCGI] fcgi-app
        [COMP] compression
        [TRACE] trace

Sorry, where would i be able to locate the logs for httplog ? I cannot locate under /var/logs/

4

So been playing about with this further and it will connect to the correct back end at times. Then it will 503 then bounce back to the incorrect back end.

So I’m not sure where I’m going wrong here.

Screenshot below for how i want to do this

chrome_MSk0XwZkdm
chrome_MSk0XwZkdm567×523 15.4 KB