Haproxy and Vhost

Help!
1

Hello everyone .

Thank you for your wonderful work, and such a great community. this is my first time using haproxy and and trying to create a load balancer on https.
The main domain points to Haproxy and 2 subdomains point to the upload servers. www1 and www2, everything works fine in the 2 load servers with valid ssl certificates, all correct.
Only that when loading the web by Haproxy instead of loading the domain it is pointed to the server’s empty page and does not load the domain with the app from within the servers.
I’m going to upload a photo so you can see that the home page of the CWP server is loading and it does not point to the domain www1, www2.

I don’t know what was wrong in the configuration or if something is missing.
Thank you.

# Default SSL material locations

        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE>
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend www-http
   bind *:80
   #reqadd X-Forwarded-Proto:\ http
   default_backend www-backend


frontend www-https
    bind www.dominio.dev:443 ssl crt /etc/letsencrypt/live/vmi4455.contaboserver.net/1.pem
    mode http
    stats enable
    stats auth  cda:cda
    balance roundrobin

    option http-server-close
    option forwardfor
    http-request add-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-Port 443
    http-response add-header Strict-Transport-Security max-age=15768000

    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  # use_backend letsencrypt-backend if letsencrypt-acl
    http-request redirect scheme https unless { ssl_fc }
    default_backend www-backend


backend www-backend
   redirect scheme https if !{ ssl_fc }
   #http-request redirect scheme https if http
   server www-1 www1.dominio.dev:443 ssl verify none
   server www-2 www2.dominio.dev:443 ssl verify none maxconn 5000
   server www-3 www3.dominio.dev:443 check
2

Hi,
I’m not sure to understand what you’re trying to achieve, but if you expect to send a request to your haproxy frontend, and it will route it to the appropriate backend, your configuration is wrong.

You should:

  • Define the routing conditions in you frontend (an acl on the domain for example)
  • Create as many backend as different domain you host (3 in your example)
  • Route the traffic to those backend in your frontend (look at use_backend keyword)
3

i am changen this and not working.

use_backend www-backend if { hdr(host) -i appnet.dev }
default_backend www-backend

backend www-backend
redirect scheme https if !{ ssl_fc }
#http-request redirect scheme https if http
server www-1 2xx.xxx.xx.xx:443 ssl verify none