HAProxy community

Behind haproxy cannot logon to e-mail

Hello,

I’d appreciate some help because I’m stuck.
I have a public IP, where behind haproxy i have two servers (VM-s).
server1.mydomain.com
nc.mydomain.com

The problem that the I cannot log in on the e-mail on VM-s, nor log in phpmyadmin if I go withe DNS name.
With the “192.168.97.50/SoGo/” i can connect on the SoGo (and also on the phpmyadmin)
It is as if x does not send data to the VM.

Here is my haproxy.conf
#

global

log /dev/log local0

log /dev/log local1 notice

chroot /var/lib/haproxy

stats socket /run/haproxy/admin.sock mode 660 level admin

stats timeout 30s

user haproxy

group haproxy

daemon

    # Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL).

ssl-default-bind-ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5$

#ssl-default-bind-options no-sslv3 no-tls-tickets #disable SSLv3

tune.ssl.default-dh-param 2048 #tune DH to 2048

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

en ttem beke, elotte is benne volt de nem mukodott fentebb

    log 127.0.0.1:514  local0  info

tune.ssl.default-dh-param 2048

frontend public

    # Listen on port 80
    bind *:80

    # Listen on port 443
    bind *:443 ssl crt /etc/ssl/certs/mydomain.com.pem

    mode http
   # Define ACLs for each domain
    acl server1 hdr(host) -i server1.mydomain.com
    acl nc hdr(host) -i nc.mydomain.com

    # Figure out which backend (= VM) to use
    use_backend server1_server if server1
    use_backend nc_server if nc

backend server1_server

    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    rspadd Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable HSTS header for this backend
    rspadd X-XSS-Protection:\ 1;\ mode=block #enable XSS protection for this backend

    balance leastconn
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix

    # Redirect to server1 VM on port 80
    server server1_server 192.168.97.50:80 cookie A check
    # sajat  Redirect to server1 VM  on port 443 with SSL

server server1_server 192.168.97.50:443 weight 1 maxconn 100 check ssl verify none
http-request del-header Authorization

backend nc_server

    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    rspadd Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable HSTS header for this backend
    rspadd X-XSS-Protection:\ 1;\ mode=block #enable XSS protection for this backend

    balance leastconn
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix

    # Redirect to nc (nextcloud) VM on port 443 with SSL
    server srv01 192.168.97.60:80 cookie A check

#letorolve a v egerol

weight 1 maxconn 100 check ssl verify none

My sogo.log:
" Oct 28 14:09:46 sogod [3211]: SOGoRootPage Login from ‘192.168.97.1, 192.168.97.10’ for user ‘(null)’ might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
Oct 28 14:09:46 sogod [3211]: 192.168.97.1, 192.168.97.10 “GET /SOGo/connect HTTP/1.1” 403 34/0 0.002 - - 0
"
Thank you,