Configuration help for haproxy 1.8.9


#1

I thought I had my configuration mostly working, but now I’m having issues. I’m running haproxy 1.8.9 on CentOS 7.5.

  1. server4 is NextCloud on CentOS 7.5. It was working and then stopped with no config file changes. I think it broke after updates were applied on both servers. I am able to access the NextCloud web interface from inside the network.
  2. I have not been able to get my Windows 2012 R2 Essentials web page (server1) to forward through HA Proxy. It is accessible locally.
  3. server2 and server3 are accessible from the web, but when I tried to renew a LetsEncrypt cert it wouldn’t work through haproxy. I had to give the server direct access to the web.

How do I fix these issues? My config is a follows:

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

defaults
   log global
   mode tcp
   option tcplog
   option dontlognull
   timeout connect 5000ms
   timeout client 50000ms
   timeout server 50000ms

frontend https
  bind *:443
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  use_backend server1 if { req_ssl_sni -i subdomain1.domain1.com }
  use_backend server2 if { req_ssl_sni -i subdomain2.domain2.net }
  use_backend server3 if { req_ssl_sni -i subdomain2.domain3.com }
  use_backend server4 if { req_ssl_sni -i subdomain3.domain2.net }


backend server1
  mode tcp
  option ssl-hello-chk
  server server1 192.168.10.31:443 check

backend server2
  mode tcp
  option ssl-hello-chk
  server server2 10.0.40.3:443 check

backend server3
  mode tcp
  option ssl-hello-chk
  server server3 10.0.40.4:443 check

backend server4
  mode tcp
  option ssl-hello-chk
  server server4 10.0.40.6:443 check


frontend http-in
  bind *:80
  mode http

  use_backend server1_http if { hdr(host) -i subdomain1.domain1.com }
  use_backend server2_http if { hdr(host) -i subdomain2.domain2.net }
  use_backend server3_http if { hdr(host) -i subdomain2.domain3.com }
  use_backend server4_http if { hdr(host) -i subdomain3.domain2.net }

backend server1_http
  mode http
  server server1 192.168.10.31:80 check

backend server2_http
  mode http
  server server2 10.0.40.3:80 check

backend server3_http
  mode http
  server server3 10.0.40.4:80 check

backend server4_http
  mode http
  server server4 10.0.40.6:80 check