HAProxy community

Frontend MAINT back end DOWN

Just started using HAProxy or trying to. I think I have it all setup but the stats page is showing MAINT for the frontends and DOWN for the backends. Not sure why. Also I can’t get it to even startup without putting init-addr in the default-server value. Running self compiled version on CentOS. Version 2.2.2 Below are my settings:

global
        log /dev/log local0
        log /dev/log local1 notice
#        chroot /var/lib/haproxy
        stats socket /var/lib/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ##ca-base /etc/ssl/certs
        ##crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL).
        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        ssl-default-bind-options no-sslv3

defaults
       # never fail on address resolution
        default-server init-addr libc,none
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000


frontend http_redirect_https
    bind *:80
    mode http
    acl host_one hdr(host) -i remote.REMOVED.net
    acl host_two hdr(host) -i jrsmarthome.REMOVED.net
    redirect scheme https if !host_one !host_two
    maxconn 10000

frontend ssl_relay
    bind *:443
    mode tcp
    option clitcpka
    option tcplog
    option socket-stats
    # option nolinger
    maxconn  300

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }

    use_backend ssl_remote if { req_ssl_sni -i remote.REMOVED.net }
    use_backend ssl_jrsmarthome if { req_ssl_sni -i jrsmarthome.REMOVED.net }

    default_backend ssl_remote



backend ssl_remote
   timeout server 12h
#   timeout client 12h
   mode tcp
   #option nolinger
   option tcplog
   #balance roundrobin
   hash-type consistent
   option srvtcpka

    # maximum SSL session ID length is 32 bytes.
    stick-table type binary len 32 size 30k expire 30m

    # make sure we cover type 1 (fallback)
    acl clienthello req_ssl_hello_type 1
    acl serverhello rep_ssl_hello_type 2

    # use tcp content accepts to detects ssl client and server hello.
    tcp-request inspect-delay 5s
    tcp-request content accept if clienthello

    # no timeout on response inspect delay by default.
    tcp-response content accept if serverhello

    # SSL session ID (SSLID) may be present on a client or server hello.
    # Its length is coded on 1 byte at offset 43 and its value starts
    # at offset 44.
    # Match and learn on request if client hello.
    stick on payload_lv(43,1) if clienthello

    # Learn on response if server hello.
    stick store-response payload_lv(43,1) if serverhello

    #option ssl-hello-chk

    server x_remote remote.REMOVED.net:443 check

backend ssl_jrsmarthome
   timeout server 12h
   mode tcp
   #option nolinger
   option tcplog
   #balance roundrobin
   hash-type consistent
   option srvtcpka

    # maximum SSL session ID length is 32 bytes.
    stick-table type binary len 32 size 30k expire 30m

    # make sure we cover type 1 (fallback)
    acl clienthello req_ssl_hello_type 1
    acl serverhello rep_ssl_hello_type 2

    # use tcp content accepts to detects ssl client and server hello.
    tcp-request inspect-delay 5s
    tcp-request content accept if clienthello

    # no timeout on response inspect delay by default.
    tcp-response content accept if serverhello

    # SSL session ID (SSLID) may be present on a client or server hello.
    # Its length is coded on 1 byte at offset 43 and its value starts
    # at offset 44.
    # Match and learn on request if client hello.
    stick on payload_lv(43,1) if clienthello

    # Learn on response if server hello.
    stick store-response payload_lv(43,1) if serverhello

    #option ssl-hello-chk

    server x_jrsmarthome jrsmarthome.REMOVED.net:8123 check


#view stats on UI
listen stats
    bind :1936
    mode http
    log global
    maxconn 10
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    stats show-node
    stats auth <username>:<Password>
    stats uri /