HAProxy community

Local server error 503 service unavailable

i’m using haproxy 1.8.8-1ubuntu0.4. all is working well except (see configuration below) the following
https://foobar-dns.ddns.net which continues to forward to http://foobar-dns.ddns.net/admin versus
http://192.168.5.2/admin which is required … all other entries/back-ends work. what is wrong with my backend for https://foobar-dns.ddns.net … thanks in advance, dan

backend pihole-backend
    	mode http
    	server pi-hole 192.168.5.2 no-check
    	http-request redirect location /admin if { path / }
    	http-request set-header X-Forwarded-Port %[dst_port]
    	http-request add-header X-Forwarded-Proto https if { ssl_fc }

------------------------- full haproxy.cfg
global
maxconn 100
tune.ssl.default-dh-param 2048

defaults
	mode http
	log global
	timeout connect 20s
	timeout client 50s
	timeout server 50s
	timeout tunnel 1h

listen stats
	bind 192.168.1.235:9000
	mode http
	log global
	maxconn 10
	stats enable
	stats hide-version
	stats refresh 30s
	stats show-node
#	stats auth admin:password
	stats uri /haproxy?stats

frontend https
	bind *:443
	mode tcp
	tcp-request inspect-delay 5s
	tcp-request content accept if { req_ssl_hello_type 1 }
	use_backend openvpn-backend if { req_ssl_sni -i foobar.ddns.net }
	default_backend https-back

frontend https-front
	bind unix@/var/run/haproxy.sock ssl crt /etc/letsencrypt/live/foobar.ddns.net/haproxy.pem accept-proxy
	mode http

	use_backend home-assistant-backend if { ssl_fc_sni -i foobar-ha.ddns.net }
	use_backend nextcloud-backend if { ssl_fc_sni -i foobar-nc.ddns.net }
	use_backend blueiris-backend if { ssl_fc_sni -i foobar-bi.ddns.net }
	use_backend pihole-backend if { ssl_fc_sni -i foobar-dns.ddns.net }
	use_backend unifi-backend if { ssl_fc_sni -i foobar-unifi.ddns.net }
	use_backend unms-backend if { ssl_fc_sni -i foobar-unms.ddns.net }
	use_backend haproxy-backend if { ssl_fc_sni -i foobar-haproxy.ddns.net }
	default_backend blueiris-backend

frontend http
	bind :80
	acl letsencrypt-acl path_beg /.well-known/acme-challenge/
	use_backend letsencrypt-backend if letsencrypt-acl

backend letsencrypt-backend
	server letsencrypt 127.0.0.1:8888

backend https-back
	mode tcp
	server https-front unix@/var/run/haproxy.sock send-proxy-v2

backend openvpn-backend
	mode tcp
        timeout server 2h
	server openvpn 192.168.1.235:444

backend haproxy-backend
	mode http
	server haproxy 192.168.1.235:9000 no-ssl check
	http-request redirect location /haproxy?stats if { path / } 
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend pihole-backend
	mode http
	server pi-hole 192.168.5.2 no-check
	http-request redirect location /admin if { path / }
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend unifi-backend
	mode http
	server unifi 192.168.1.16:8443 ssl verify none check
	http-request redirect location /manage/site/kab9w4dv/dashboard if { path / } 
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend unms-backend
	mode http
	server unms 192.168.1.207 ssl verify none
	http-request redirect location /dashboard if { path / } 
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend home-assistant-backend
	mode http
	server home-assistant 192.168.1.123:8123 check
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend nextcloud-backend
	mode http
	server nextcloud 192.168.1.123:80 check
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend blueiris-backend
	mode http
	server blueiris 192.168.1.36:1050 check
	http-request set-header X-Forwarded-Port %[dst_port]
	http-request add-header X-Forwarded-Proto https if { ssl_fc }

i was receiving this message in the output … X-Frame-Options: DENY by adding
rspadd X-Frame-Options:\ SAMEORIGIN to (below) this backend now works (not clear why it’s needed)

backend pihole-backend
        mode http
        server pi-hole 192.168.5.2:80 check no-ssl
        rspadd X-Frame-Options:\ SAMEORIGIN
        http-request redirect location /admin/ if { path / }
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }