Hello,
I’d appreciate some help because I’m stuck.
I have a public IP, where behind haproxy i have two servers (VM-s).
server1.mydomain.com
nc.mydomain.com
The problem that the I cannot log in on the e-mail on VM-s, nor log in phpmyadmin if I go withe DNS name.
With the “192.168.97.50/SoGo/” i can connect on the SoGo (and also on the phpmyadmin)
It is as if x does not send data to the VM.
Here is my haproxy.conf
#
globallog /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL).
ssl-default-bind-ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5$
#ssl-default-bind-options no-sslv3 no-tls-tickets #disable SSLv3
tune.ssl.default-dh-param 2048 #tune DH to 2048
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.httpen ttem beke, elotte is benne volt de nem mukodott fentebb
log 127.0.0.1:514 local0 info
tune.ssl.default-dh-param 2048
frontend public
# Listen on port 80 bind *:80 # Listen on port 443 bind *:443 ssl crt /etc/ssl/certs/mydomain.com.pem mode http # Define ACLs for each domain acl server1 hdr(host) -i server1.mydomain.com acl nc hdr(host) -i nc.mydomain.com # Figure out which backend (= VM) to use use_backend server1_server if server1 use_backend nc_server if nc
backend server1_server
http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } rspadd Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable HSTS header for this backend rspadd X-XSS-Protection:\ 1;\ mode=block #enable XSS protection for this backend balance leastconn option httpclose option forwardfor cookie JSESSIONID prefix # Redirect to server1 VM on port 80 server server1_server 192.168.97.50:80 cookie A check # sajat Redirect to server1 VM on port 443 with SSL
server server1_server 192.168.97.50:443 weight 1 maxconn 100 check ssl verify none
http-request del-header Authorizationbackend nc_server
http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } rspadd Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable HSTS header for this backend rspadd X-XSS-Protection:\ 1;\ mode=block #enable XSS protection for this backend balance leastconn option httpclose option forwardfor cookie JSESSIONID prefix # Redirect to nc (nextcloud) VM on port 443 with SSL server srv01 192.168.97.60:80 cookie A check
#letorolve a v egerol
weight 1 maxconn 100 check ssl verify none
My sogo.log:
" Oct 28 14:09:46 sogod [3211]: SOGoRootPage Login from ‘192.168.97.1, 192.168.97.10’ for user ‘(null)’ might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
Oct 28 14:09:46 sogod [3211]: 192.168.97.1, 192.168.97.10 “GET /SOGo/connect HTTP/1.1” 403 34/0 0.002 - - 0
"
Thank you,