Hi
I’m hosting different web-based services on the same machine and
using haproxy as a reverse proxy, so based on the request hostname I
forward the request into different services on different ports.
bck01.myhost.local → myhost.local:8081
bck02.myhost.local → myhost.local:8082
etc
Which woks correclty but the ‘myhost.local:8081’ url is not available from the outside world.
Only the urls that match the current ACL rules
How could I make those available?
current configuration:
frontend http-in
bind *:80
acl is_bck01 hdr_end(host) -i bck01.myhost.local
use_backend bck01 if is_bck01
…
backend bck01
balance roundrobin
option httpclose
option forwardfor
server s2 127.0.0.1:8081 maxconn 32 check
…
Regards:
Bence
You mean using that in ‘frontend http-in’ section or ‘defaults’ section?
The frontend is bound to the 80 port so what will happen with 80xx ports?
What about the ‘default_server’ keyword?
Ok, I checked what you suggested but do not work.
For requests like ‘myhost.local:8081’ only timeout occurs.
Actual code:
frontend http-in
bind *:80
acl is_bck01 hdr_end(host) -i bck01.myhost.local
use_backend bck01 if is_bck01
...
default_backend other
backend bck01
balance roundrobin
option httpclose
option forwardfor
server s2 127.0.0.1:8081 maxconn 32 check
...
backend other
server local 127.0.0.1
So what’s wrong?
You missed the port, it should be 8081 right? So:
backend other
server local 127.0.0.1:8081
There is a slight misunderstanding: I would like to access all the backends on both kinds of urls: bck01.myhost.local and myhost.local:8081
In other words: why the original ports (8081-8xxx) are not accessible from the outside world and how can I make them accessible?
I would need a solution for every port or at least a port range (e.g. from 8081 to 8200).
Haproxy is doing exactly what you configured it to do.
I cannot possibly tell you why your “original” backends ports don’t respond “from the outside world”, it has nothing to do with haproxy.
I see, then it’s not a haproxy issue.
So haproxy will only listen to
frontend http-in
bind *:80
and
listen stats *:9000
and does not affect other ports.
Thanks. Then I will check then what else is behind this issue…
Right you are
ACCEPT tcp – anywhere anywhere tcp dpt:http
ACCEPT tcp – anywhere anywhere tcp dpt:websm
…
REJECT all – anywhere anywhere reject-with icmp-host-prohibited
It was my fault… 80 and 9090 was enabled explicitly but everything else was rejected.