Hi,
I’m using pfsense and Haproxy built in ( v 2.7.8-58c657f ) . I use haproxy as SSL offloading and redirecting to different servers behind in http the different sites.
Checked some post and I look to be aligned with good practices and samples I found.
I’m having issues browsing a Joomla website ( name in conf is “stream” ) and can not find the issue. 502 seems to appear when a form submission is done.
Here is the config automatically generated below
# Automaticaly generated, dont edit manually.
# Generated on: 2024-05-03 09:36
global
maxconn 5000
log /var/run/log syslog debug
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
log-send-hostname MAIN
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats refresh 10
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend Main_FrontEnd
bind MY_PUBLIC_IP:443 name MY_PUBLIC_IP:443 ssl crt-list /var/etc/haproxy/Main_FrontEnd.crt_list
mode http
log global
option httplog
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl Direct var(txn.txnhost) -m str -i cleafy.MY_DOMAIN.com
acl Stream var(txn.txnhost) -m str -i cleafystream.MY_DOMAIN.com
acl Wordpress var(txn.txnhost) -m str -i wordpress.MY_DOMAIN.com
acl MoodleSSL var(txn.txnhost) -m str -i moodle.MY_DOMAIN.com
acl aclcrt_Main_FrontEnd var(txn.txnhost) -m reg -i ^([^\.]*)\.MY_DOMAIN\.com(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend Direct_ipvANY if Direct aclcrt_Main_FrontEnd
use_backend Stream_ipvANY if Stream aclcrt_Main_FrontEnd
use_backend Wordpress_ipvANY if Wordpress aclcrt_Main_FrontEnd
use_backend Moodle-SSL_ipvANY if MoodleSSL aclcrt_Main_FrontEnd
backend Direct_ipvANY
mode http
id 110
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.114:80 id 101 check inter 1000
backend Stream_ipvANY
mode http
id 111
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.175:80 id 101 check inter 1000
backend Wordpress_ipvANY
mode http
id 112
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.119:80 id 101 check inter 1000
backend Moodle-SSL_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server Moodle-SSL X.Y.Z.145:80 id 101 check inter 1000
I don’t think I’m doign someting exotic, so any option that I would be missing ?
Thanks for your insights