HAProxy community

HAProxy 1.8.4 504 Gateway Time-out


#1

Hi.
I’ve try to make LB and HA of internal web-service.
Backend web-servers is MS IIS.
But I get 504 message when try to open main page.

global
   log localhost local0
   log localhost local1 notice
   chroot /var/lib/haproxy
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:etc
    ssl-default-bind-options no-sslv3 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:etc
    ssl-default-server-options no-sslv3 no-tls-tickets

defaults
   log global
   mode http
   option httplog
   option dontlognull
   retries 3
   option redispatch
   option forwardfor
   timeout connect 20s
   timeout client 1m
   timeout server 1m

frontend http
   bind *:80
   acl is_domainname hdr(Host) -i domainname
   redirect scheme https if { hdr(host) -i domainname } !{ ssl_fc }
   use_backend domainname_backend if is_domainname

frontend https
   bind *:443 ssl crt /etc/pki/tls/certs/domainname.pem
   acl is_domainname_https hdr(host) -i domainname
   use_backend domainname_backend if is_domainname_https

backend domainname_backend
   balance roundrobin
   http-request set-header X-Forwarded-Port %[dst_port]
   http-request add-header X-Forwarded-Proto https if { ssl_fc }
   cookie srvweb insert
   server srvweb1 10.10.2.150:443 cookie s1 check
   server srvweb2 10.10.2.152:443 cookie s2 check

haproxy.log

Apr 12 12:36:16 localhost haproxy[15110]: 10.1.1.154:48145 [12/Apr/2018:12:35:16.917] https~ domainname_backend/srvweb1 0/0/0/-1/60002 504 194 - - sHNN 2/2/1/0/0 0/0 "GET / HTTP/1.1"
Apr 12 12:36:16 localhost haproxy[15110]: 10.1.1.154:48145 [12/Apr/2018:12:35:16.917] https~ domainname_backend/srvweb1 0/0/0/-1/60002 504 194 - - sHNN 2/2/1/0/0 0/0 "GET / HTTP/1.1"
Apr 12 12:36:16 localhost haproxy[15110]: 10.1.1.154:48146 [12/Apr/2018:12:35:16.921] https~ domainname_backend/srvweb2 0/0/0/-1/60000 504 194 - - sHNN 1/1/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"
Apr 12 12:36:16 localhost haproxy[15110]: 10.1.1.154:48146 [12/Apr/2018:12:35:16.921] https~ domainname_backend/srvweb2 0/0/0/-1/60000 504 194 - - sHNN 1/1/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"

Where is my mistake?


#2

Your servers are not responding within 60 seconds, the request therefor times out.

However understand that you have configured haproxy to access the backend servers with regular HTTP (not HTTPS) on port 443. That’s probably not what you want.

  • Either you want to talk to your backend server in plaintext on port 80: change :443 to :80 in your server lines.
  • Or you want to talk to your backend servers in HTTPS, which requires to add the ssl keyword and either the CA certificate (ca-file /path/to/ca-cert.pem) or disable cert verification (verify none).

#3

The second point works. Million thanks!