I have a number of backend servers as well as different domain names available.
Let’s say for my frontend I have three backends configured:
server1 domain1.com
server2 two.domain1.com
server3 three.domain1.com
When I have it setup like this, everything works.
However if I change server3 to go to domain2.com instead (of three.domain1.com) it then decides to serve up the default 503 error for haproxy. (I’ve also setup a specific error page for server3 backend, and it still serves up the default backend 503 error instead).
DNS all setup correctly, I can verify that the correct IP gets resolved and returned for both me the client and router/haproxy.
What am I missing? Why is haproxy not serving up server3 when I try to go to domain2.com?
I’ve looked through the logging and not seeing any sort of error or info as to why/how it’s serving up which backend per URL/domain request it receives.
One thing that may be messing with it is the certificate config, but I’d hope to at least get a certificate error if that were the case (and still return the desired server3 backend). No cert error though.
HAproxy version: 2.2.29-c5b927c
pfsense 2.7.0 Release.
# Automaticaly generated, dont edit manually.
# Generated on: 2023-08-06 13:27
global
maxconn 50000
log /var/run/log local0 info
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend frontend
bind <redacted>:443 name <redacted>:443 ssl crt-list /var/etc/haproxy/frontend.crt_list
bind <redacted>:80 name <redacted>:80
mode http
log global
option log-separate-errors
option http-keep-alive
timeout client 30000
errorfile 503 /var/etc/haproxy/errorfile_frontend_503_Error1
acl server1 var(txn.txnhost) -m str -i <redacted>.com
acl server2 var(txn.txnhost) -m str -i <redacted>.<redacted>.com
acl server3 var(txn.txnhost) -m str -i <redactedTwo>.com
acl server4 var(txn.txnhost) -m str -i <redacted>.<redacted>.com
acl aclcrt_frontend var(txn.txnhost) -m reg -i ^CloudFlare Origin Certificate(:([0-9]){1,5})?$
acl aclcrt_frontend var(txn.txnhost) -m reg -i ^([^\.]*)\.<redacted>\.com(:([0-9]){1,5})?$
acl aclcrt_frontend var(txn.txnhost) -m reg -i ^<redacted>\.com(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend server1_ipvANY if server1 aclcrt_frontend
use_backend server2_ipvANY if server2 aclcrt_frontend
use_backend server3_ipvANY if server3 aclcrt_frontend
use_backend server4_ipvANY if server4 aclcrt_frontend
backend server1_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
server server1 <redacted>:443 id 103 ssl verify none
backend server2_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
server server2 <redacted>:80 id 101
backend server3_ipvANY
mode http
id 104
log global
errorfile 503 /var/etc/haproxy/errorfile_server3_ipvANY_503_Error2
timeout connect 30000
timeout server 30000
retries 3
server server3 <redacted>:80 id 105
backend server4_ipvANY
mode http
id 107
log global
timeout connect 30000
timeout server 30000
retries 3
server server4 <redacted>:80 id 101