Just started using HAProxy or trying to. I think I have it all setup but the stats page is showing MAINT for the frontends and DOWN for the backends. Not sure why. Also I can’t get it to even startup without putting init-addr in the default-server value. Running self compiled version on CentOS. Version 2.2.2 Below are my settings:
global
log /dev/log local0
log /dev/log local1 notice
# chroot /var/lib/haproxy
stats socket /var/lib/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
##ca-base /etc/ssl/certs
##crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
# never fail on address resolution
default-server init-addr libc,none
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_redirect_https
bind *:80
mode http
acl host_one hdr(host) -i remote.REMOVED.net
acl host_two hdr(host) -i jrsmarthome.REMOVED.net
redirect scheme https if !host_one !host_two
maxconn 10000
frontend ssl_relay
bind *:443
mode tcp
option clitcpka
option tcplog
option socket-stats
# option nolinger
maxconn 300
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend ssl_remote if { req_ssl_sni -i remote.REMOVED.net }
use_backend ssl_jrsmarthome if { req_ssl_sni -i jrsmarthome.REMOVED.net }
default_backend ssl_remote
backend ssl_remote
timeout server 12h
# timeout client 12h
mode tcp
#option nolinger
option tcplog
#balance roundrobin
hash-type consistent
option srvtcpka
# maximum SSL session ID length is 32 bytes.
stick-table type binary len 32 size 30k expire 30m
# make sure we cover type 1 (fallback)
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
# use tcp content accepts to detects ssl client and server hello.
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
# no timeout on response inspect delay by default.
tcp-response content accept if serverhello
# SSL session ID (SSLID) may be present on a client or server hello.
# Its length is coded on 1 byte at offset 43 and its value starts
# at offset 44.
# Match and learn on request if client hello.
stick on payload_lv(43,1) if clienthello
# Learn on response if server hello.
stick store-response payload_lv(43,1) if serverhello
#option ssl-hello-chk
server x_remote remote.REMOVED.net:443 check
backend ssl_jrsmarthome
timeout server 12h
mode tcp
#option nolinger
option tcplog
#balance roundrobin
hash-type consistent
option srvtcpka
# maximum SSL session ID length is 32 bytes.
stick-table type binary len 32 size 30k expire 30m
# make sure we cover type 1 (fallback)
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
# use tcp content accepts to detects ssl client and server hello.
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
# no timeout on response inspect delay by default.
tcp-response content accept if serverhello
# SSL session ID (SSLID) may be present on a client or server hello.
# Its length is coded on 1 byte at offset 43 and its value starts
# at offset 44.
# Match and learn on request if client hello.
stick on payload_lv(43,1) if clienthello
# Learn on response if server hello.
stick store-response payload_lv(43,1) if serverhello
#option ssl-hello-chk
server x_jrsmarthome jrsmarthome.REMOVED.net:8123 check
#view stats on UI
listen stats
bind :1936
mode http
log global
maxconn 10
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats refresh 30s
stats show-node
stats auth <username>:<Password>
stats uri /