Content delivery to a docker container?

Hey folks,

I’m using filestash (GitHub - mickael-kerjean/filestash: 🦄 A modern web client for SFTP, S3, FTP, WebDAV, Git, Minio, LDAP, CalDAV, CardDAV, Mysql, Backblaze, ...) with docker, default listening port is 8334, working great locally and on the same network => http://192.168.1.100:8334

Haproxy is intalled on Debian (not into a docker container)

I made my content delivery rules like all my others self hosted services:

global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3
	tune.ssl.default-dh-param 2048

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http
	bind :5080
	option http-server-close
	option forwardfor

frontend https
    bind :5443 ssl crt /etc/ssl/private/mykeyxxxxxxx.pem
	option http-server-close
	option forwardfor
	rspirep ^Location:\ http://(.*)$    Location:\ https://\1
	rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains

use_backend filestash if { hdr_beg(Host) -i filestash. }

backend filestash
	server filestash 127.0.0.1:8334 check

But it doesnt work, page return to me a 504 Gateway Time-out whe using external address: https://filestash.domain.com

Haproxy log:

Feb 4 15:49:56 haproxy[17071]: 192.168.1.254:50115 [04/Feb/2021:15:49:06.584] https~ filestash/filestash 0/0/0/-1/50001 504 195 - - sH-- 1/1/0/0/0 0/0 “GET / HTTP/1.1”
Feb 4 15:50:46 haproxy[17071]: 192.168.1.254:50177 [04/Feb/2021:15:49:56.775] https~ filestash/filestash 0/0/0/-1/50002 504 195 - - sH-- 1/1/0/0/0 0/0 “GET /favicon.ico HTTP/1.1”

(I’m NATed, 192.168.1.254 is my default gateway)

I know Docker create it’s own network rules and interfaces and that can be messy, but if it works locally with http://192.168.1.100:8334, why it’s not working with Haproxy in front ?

I have no issue at all with my others hosted services (no docker) when using same settings in Haproxy configuration.

I guess something is wrong with my Haproxy configuration when using it to delivery content to a docker container ?

Thank you

What does curl -vv http://127.0.0.1:8334/ from the haproxy box show?

Are you sure 8334 is reachable on 127.0.0.1 also? Couldn’t it just be bound to 192.168.1.100:8334?

Thank you Lukastribus,

I already tried to bind 192.168.1.100:8334 => same issue.

And curl on the server box give me:

So you see that there is nothing responding on port 8334 here. Haproxy cannot reach your backend server just as curl can’t reach it.

I don’t know what the root cause is, but it’s not your haproxy configuration.

Thnak you,

I find that server only listening with IPV6 on 8334 ?
Maybe that’s the answer

root@LINOLOGY:~# netstat --listen | grep 8334
tcp6 0 0 [::]:8334 [::]:* LISTEN

But other services which are working great when using only ipv6.

This issue is very weird…

Does curl -vvg "http://[::1]/" work?

Then server filestash ::1:8334 check should too.

No chance, same as ipv4

I think the issue is route related between containers and local machine.

Does curl -vv http://192.168.1.100:8334/ work then?

I changed haproxy configuration to server filestash 192.168.1.100:8334 check

And tried curl -vv http://192.168.1.100:8334/

Same issue => timeout
But working great from another computer on the same local network.

No issue with my other services running locally without docker.
It’s related to the docker network with bridge, etc…
But can’t figure out the issue