HAProxy returns 404 sometimes even though the backend server is running

Help!
1

I am getting infrequent 404 errors even though the backend servers are running. I even tried to set only one backend server, and the result is the same.

backend keycloak_servers
timeout connect 10s
timeout server 120s
mode http
balance roundrobin
#cookie SERVER insert indirect nocache
#http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Host %[req.hdr(Host)]

http-check expect status 200  
	http-check send meth GET uri /Keycloak
    server micro1 myip1:8443 ssl verify none check inter 5s fall 3 rise 2
    server micro2 myip2:8443 ssl verify none check inter 5s fall 3 rise 2
2

Haproxy never generates 404 errors. Common errors that haproxy emits are in the 5xx range, when backend servers cannot be reached, etc, but not 404 (unless very specific configurations are applied like a specific error files with a 404 header).

Enable http logging and check what actually happens, so you can confirm whether this 404 comes from micro1 or micro2.

3

Here some log entries, one 404 out of 4 calls. I also tested the Keycloak call from Postman, and some calls were receiving 404 even though the calls should be identical

Call from app
2025-02-22T12:28:00.091358+00:00 myproxyserver haproxy[378612]: myip:39630 [22/Feb/2025:12:28:00.089] cms-main~ appservers/app2 0/0/1/1/2 404 400 - - --NI 2/2/1/1/0 0/0 “POST /realms/Keycloak/protocol/openid-connect/token HTTP/1.1”

Some others
2025-02-21T23:11:07.875811+00:00 myproxyserver haproxy[429750]: ip1:45952 [21/Feb/2025:23:11:07.866] cms-main~ keycloak_servers/micro2 0/0/4/5/9 200 3201 - - ---- 2/2/0/0/0 0/0 “GET /realms/Keycloak/protocol/openid-connect/certs HTTP/1.1”
2025-02-21T23:21:11.800887+00:00 myproxyserver haproxy[434104]: ip2:56934 **1/Feb/2025:23:21:11.778] cms-main~ keycloak_servers/micro2 0/0/5/16/21 404 2307 - - ---- 1/1/0/0/0 0/0 “GET https://myproxyserver.corp.x.com/realms HTTP/2.0”
2025-02-21T23:21:21.929074+00:00 myproxyserver haproxy[434104]: ip2:56934 [21/Feb/2025:23:21:21.910] cms-main~ keycloak_servers/micro2 0/0/0/17/17 200 903 - - ---- 1/1/0/0/0 0/0 “GET https://myproxyserver.corp.x.com/realms/Keycloak HTTP/2.0”
2025-02-21T23:21:42.683563+00:00 myproxyserver haproxy[434104]: ip2:56934 [21/Feb/2025:23:21:42.631] cms-main~ keycloak_servers/micro2 0/0/0/51/51 200 3760 - - ----

4

All of those log lines clearly indicate that it is the backend server that is returning the 404 response.

appservers/app2 as well as keycloak_servers/micro2.