HAProxy community

HAProxy on PFSense - 503 Service Unavailable / No server is available to handle this request

I just can’t to figure it out !

I want to listen at 443 port (frontend), use SSL offloading and use a Backend server that is outside of our LAN (In Internet) and connect on 443 port with SSL connection as well.

But whatever I try I am getting “503 Service Unavailable”
Btw I test accessing the IP, not the hostname

This is my haproxy.cfg

Automaticaly generated, dont edit manually.

Generated on: 2019-07-17 15:30

global
maxconn 10000
stats socket /tmp/haproxy.socket level admin
uid 80
gid 80
nbproc 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000

resolvers globalresolvers
nameserver Google 8.8.8.8:53
resolve_retries 3
timeout retry 1s
hold valid 10s

frontend WAN_HTTPS
bind 94.100.100.135:443 name 94.100.100.135:443 ssl crt-list /var/etc/haproxy/WAN_HTTPS.crt_list
mode http
log global
option http-keep-alive
timeout client 30000
acl aclcrt_WAN_HTTPS var(txn.txnhost) -m reg -i ^seznam.cz.cz(:([0-9]){1,5})? acl aclcrt_WAN_HTTPS var(txn.txnhost) -m reg -i ^www\.seznam\.cz(:([0-9]){1,5})?
http-request set-var(txn.txnhost) hdr(host)
use_backend Proxy-old_ipvANY if aclcrt_WAN_HTTPS

backend Proxy-old_ipvANY
mode http
id 103
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server SERVER1 77.75.74.172:443 id 105 ssl check inter 1000 weight 1 verify none resolvers globalresolvers

The way pfSense generates the configuration, requires that the proper Host HTTP header must be set on the request. I.e. by using the IP in the browser would not work.