Ssl backends return 503

vra5107 · June 28, 2023, 11:43am

global
    log         stdout format raw local0 debug
    # stats socket /var/lib/haproxy/stats

defaults
    mode                    http
	monitor-uri				/health
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
    

frontend main
    bind 	*:8080 
	# route to a backend based on path's prefix
	
    #default_backend web01
    http-request capture req.hdr(Host) len 64
    http-request capture req.hdr(Referer) len 64
    http-request capture req.hdr(Content-Lenght) len 64
    http-request capture req.hdr(User-Agent) len 64
	
	use_backend tage1-publish if { path /tage1/publish } || { path_beg /tage1/publish/ }
	use_backend tage1-carp if { path /tage1/carp } || { path_beg /tage1/carp/ }
	use_backend tage1-lhc if { path /tage1/lhc } || { path_beg /tage1/lhc/ }

backend tage1-publish
	http-request replace-path /tage1/publish(/)?(.*) /\2
	server tage1-publish-1 10.607.554.100:8080 

backend tage1-carp
    option forwardfor
    option log-health-checks
    http-request add-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-Port 443

    http-request replace-path /tage1/carp(/)?(.*) /\2
    server tage1-carp-1 team-acptage1-carppedicare.lhc.com ssl verify none 

backend tage1-lhc
    option forwardfor
    option log-health-checks
    http-request add-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-Port 443
    
    http-request replace-path /tage1/lhc(/)?(.*) /\2
    server tage1-uhc-1 team-acptage1-lhcpedicare.lhc.com ssl verify none


listen stats
    bind  *:8888   
    stats enable                      
    stats hide-version              
    stats refresh 30s               
    stats show-node                 
    stats auth rproxy:P@ssw0rd     
    stats uri /stats

Part of my config works but the other part doesn’t.

I am using the example.com instead of the actual hostname. Sorry if that makes the urls unreadable.

[Works In Browser] http://www.example.com/health
[Works In Browser] http://www.example.com/tage1/publish

[Browser returns 503] http://www.example.com/tage1/carp
[Browser returns 503] http://www.example.com/tage1/lhc

When I log into the pod and run a curl command the following are the results.

[503] http://localhost:8080/tage1/carp
[503] http://localhost:8080/tage1/lhc
[200] team-acptage1-carppedicare.lhc.com
[200] team-acptage1-lhcpedicare.lhc.com

So, from the pod curl to the backend urls works fine. So it is haproxy where the issue lies and by extension the issue is in my configuration.

However, I don’t know what is it that is misconfigured.

Topic		Replies	Views
Reverse SSL Termination Help!	2	518	April 4, 2019
L6rsp health-check error and 503 error from backend Help!	5	1100	June 29, 2020
SSL connections with non-SSL backend Help!	3	6292	December 4, 2017
Frontend MAINT back end DOWN Help!	0	371	October 2, 2020
Use tcp backend based on map and ssl_c_s_dn Help!	3	872	October 30, 2020

Ssl backends return 503

Related Topics