entry point that’s not working is synology.xxxxxxx.org → synology-backend any ideas what may be wrong …
haproxy -vv
HAProxy version 2.4.24-0ubuntu0.22.04.1 2023/10/31 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.24.html
Running on: Linux 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -O2 -g -O2 -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 USE_SYSTEMD=1 USE_PROMEX=1
DEBUG =
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL +EPOLL -EVPORTS +FUTEX +GETADDRINFO -KQUEUE +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PRIVATE_CACHE -PROCCTL +PROMEX -PTHREAD_PSHARED -QUIC +RT +SLZ -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 3.0.2 15 Mar 2022
Running on OpenSSL version : OpenSSL 3.0.2 15 Mar 2022
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.6
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE2 version : 10.39 2021-10-29
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with gcc compiler version 11.4.0
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using ‘proto’ keyword)
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|CLEAN_ABRT|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
: mode=HTTP side=FE|BE mux=H1 flags=HTX
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
: mode=TCP side=FE|BE mux=PASS flags=
Available services : prometheus-exporter
Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[COMP] compression
[TRACE] trace
here’s my config file …
global
maxconn 100
daemon
tune.ssl.default-dh-param 2048
chroot /var/empty
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 600 expose-fd listeners level user
defaults
mode http
log global
option tcplog
option httplog
option logasap
option http-keep-alive
timeout connect 5000
timeout client 50000
timeout server 50000
timeout tunnel 1h
userlist AuthUsers
user dan password xxxxxxxxxxxxxxxxxxxxxxxxxxxx
listen stats
bind 192.168.1.167:9000
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
stats uri /haproxy?stats
frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend stunnel-openvpn-backend if { req.ssl_sni -i openvpn.xxxxxxxxxxxx.org }
use_backend synology-backend if { req.ssl_sni -i synology.xxxxxxxxxxxx.org }
default_backend https-back
frontend https-front
bind 127.0.0.1:9001 ssl crt /etc/letsencrypt/live/xxxxxxxxxxxx.org/haproxy.pem accept-proxy
mode http
use_backend haproxy-backend if { ssl_fc_sni -i haproxy.xxxxxxxxxxxx.org }
use_backend genmon-backend if { ssl_fc_sni -i genmon.xxxxxxxxxxxx.org }
use_backend home-assistant-backend if { ssl_fc_sni -i ha.xxxxxxxxxxxx.org }
use_backend open-webui-backend if { ssl_fc_sni -i openwebui.xxxxxxxxxxxx.org }
use_backend roon-arc-backend if { ssl_fc_sni -i roonarc.xxxxxxxxxxxx.org }
use_backend nextcloud-backend if { ssl_fc_sni -i nc.xxxxxxxxxxxx.org }
backend https-back
mode tcp
server https-front 127.0.0.1:9001 send-proxy-v2
Roon ARC
backend roon-arc-backend
mode http
timeout server 2h
server roon-core 192.168.1.160:55000 check
Openvpn with stunnel
backend stunnel-openvpn-backend
mode tcp
timeout server 2h
server stunnel-openvpn 192.168.1.167:444 check
Synology Openvpn
backend synology-backend
mode tcp
timeout server 2h
server synology-openvpn 192.168.1.234:1194 check
Haproxy Stats
backend haproxy-backend
mode http
timeout server 2h
server haproxy 192.168.1.167:9000 no-ssl check
http-request redirect location /haproxy?stats if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
acl auth_ok http_auth(AuthUsers)
http-request auth realm haproxy-stats unless auth_ok
Nextcloud
backend nextcloud-backend
mode http
option forwardfor
option httpchk HEAD /
http-check send ver HTTP/1.1 hdr Host localhost
server nextcloud 192.168.1.116:81 check
timeout connect 4s
timeout server 4s
timeout server 2h
server nextcloud 192.168.1.116:80 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Open WebUI
backend open-webui-backend
mode http
server OI 192.168.1.75:3000
timeout server 2h
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Home Assistant
backend home-assistant-backend
mode http
server HA 192.168.1.116:8123 check
timeout server 2h
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Genmon
backend genmon-backend
mode http
timeout server 2h
server genmon 192.168.1.54:443 ssl verify none check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }