This is my config:
https://pastebin.com/PQ4w1DNc
And this is the errors I get…
https://pastebin.com/nA3ZKsg5
It is mostly the no such ACL errors that I don’t grasp.
There are subdomains setup for those, the servers on the inside is up and running.
Still I have no idea. So please help.
The ACL’s are usable only in the forentend / backend / listen section they were defined in.
Thus the error you receive is for the usage in the frontend https_homes
section, because the ACL in question is_unifi
is actually defined in frontend homes
.
Thus, you’ll have to re-define the is_unifi
ACL also in the second frontend.
That said, I would strongly suggest merging the two frontends in a single one, with the two bind
statements. (To my knowledge in HAProxy this is the recommended way as opposed to NGinx/Apache.)
By quickly looking at your config, I think you can safely just merge the two sections without an issue.
Ciprian.
Thank you!
I have done as you told me but I still get errors… different this time though!
The thing is it complains about that it can’t find the .pem file.
defined like this:
bind *:443 ssl crt /etc/haproxy/certs/domain.internet.pem
That uri is exactly where that .pem file is located.
It is root permissions. on it but is that the problem?
Because you are using chroot /var/lib/haproxy
, any paths inside your config file must take into account that they are “under” the /var/lib/haproxy
folder.
I.e. move that file under /var/lib/haproxy/domain.internet.pem
and use it as crt /domain.internet.pem
.
Also I think they should be owned at least by the group haproxy
, and it should be readable at least by the group. Namely chown root:haproxy /var/lib/haproxy/domain.internet.pem
and chmod 0640 /var/lib/haproxy/domain.internet.pem
.
However if you don’t have a high-value / high-risk deployment I would just skip the chroot
setting.
Ive made those changes. Now I need to figure out why only the https requests work and not the http ones… should be something simple.