I want to redirect certbot challenges so they can be handelt by their standalone server, but it does not seem to work. So I built this test where the path_beg does not redirect the url, what am I doing wrong.
Start a test webserver at port 2468
python3 -m http.server 2468
Open the firewall
sudo firewall-cmd --add-port=2468/tcp --permanent
sudo firewall-cmd --reload
start haproxy with this config
global
log 127.0.0.1:514 local0
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
defaults
log global
mode http
option log-health-checks
option log-separate-errors
option dontlog-normal
option dontlognull
option httplog
option socket-stats
retries 3
option redispatch
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s
backend nginx
listen stats
bind 0.0.0.0:80
bind :::80 v6only
stats enable
stats uri /
stats refresh 5s
backend nginx_backend
mode http
balance roundrobin
option forwardfor
option httpchk HEAD /
http-check send ver HTTP/1.1 hdr Host localhost
server nginx 127.0.0.1:82 check
timeout connect 4s
timeout server 4s
backend letsencrypt-backend
server letsencrypt 0.0.0.0:2468
log 127.0.0.1:514 local0 debug
log global
#server nginx 127.0.0.1:82 check
frontend http
bind *:80
mode http
log 127.0.0.1:514 local0 debug
use_backend letsencrypt-backend if { path_beg /.well-known/acme-challenge/ }
default_backend nginx_backend
timeout client 4s
But when I do
wget http://192.168.50.139/.well-known/acme-challenge/ --no-proxy
Where 192.168.50.139 is the local ip address, haproxy just returns the haproxy stats and not something like a list of the files in the directory the python server was started from.
wget http://192.168.50.139:2468
Shows this page with the directories
What am I doing wrong?