I’m facing an issue related to setting up a health check in HAProxy when pointing to Supabase Cloud.
Do you have any suggestions or recommendations for handling this?
I’ve included the HAProxy config below for reference:
global
log /dev/log local0
maxconn 4096
stats socket /var/run/haproxy/admin.sock mode 600 level admin
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-server-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11
# Redirect all HTTP to HTTPS
frontend http_in
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
# HTTPS frontend
frontend https_in
bind *:443 ssl crt /etc/ssl/aatuckercarlsonnetwork.com.pem
mode http
default_backend supabase_backends
# ---------------------------
# Backend with health checks
backend supabase_backends
mode http
option httpchk GET /auth/v1/health?apikey=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im92Y2VtcmxqcGN3d3JmeW9xaGtlIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTEyNTQxMTUsImV4cCI6MjA2NjgzMDExNX0.7gQYn4AB_SB1dvVMJoGM4GTcrJXVsS2LedSkl3XesKw
http-check expect status 200
default-server inter 3s fall 3 rise 5
server primary ovcemrljpcwwrfyoqhke.supabase.co:443 ssl verify none check
server secondary 23.230.68.222:8000 check backup
And this is the error that I meet (Primary server down)
root@HAProxy:~# echo "show stat" | socat stdio /var/run/haproxy/admin.sock | grep supabase_backends
supabase_backends,primary,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,7,7,,1,4,1,,0,,2,0,,0,L6RSP,,7,0,0,0,0,0,0,,,,0,0,0,,,,,-1,SSL handshake failure,,0,0,0,0,,,,Layer6 invalid response,,5,3,0,,,,172.64.149.246:443,,http,,,,,,,,0,0,0,,,0,,0,0,0,0,0,0,0,0,1,1,,,,0,,,,,,,,,,-,0,0,3,0,0,,,,,,,,,,,,,,,,,,,,,,
supabase_backends,secondary,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,0,1,0,0,7,0,,1,4,2,,0,,2,0,,0,L7OK,200,6,0,0,0,0,0,0,,,,0,0,0,,,,,-1,,,0,0,0,0,,,,Layer7 check passed,,5,3,7,,,,23.230.68.222:8000,,http,,,,,,,,0,0,0,,,0,,0,0,0,0,0,0,0,0,1,1,,,,0,,,,,,,,,,-,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,,,
supabase_backends,BACKEND,0,0,0,0,410,0,0,0,0,0,,0,0,0,0,UP,1,0,1,,0,7,0,,1,4,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,0,0,0,0,0,0,0,-1,,,0,0,0,0,,,,,,,,,,,,,,http,roundrobin,,,,,,,0,0,0,0,0,,,0,0,0,0,0,,,,,1,0,0,0,,,,,,,,,,,-,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,702,496,0,0,
root@HAProxy:~#
root@HAProxy:~# journalctl -u haproxy -f
Jul 11 07:23:04 HAProxy haproxy[599806]: | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Jul 11 07:23:04 HAProxy haproxy[591881]: [NOTICE] (591881) : Loading success.
Jul 11 07:23:04 HAProxy haproxy[598697]: [WARNING] (598697) : Proxy local_http stopped (cumulated conns: FE: 0, BE: 0).
Jul 11 07:23:04 HAProxy haproxy[598697]: Proxy local_http stopped (cumulated conns: FE: 0, BE: 0).
Jul 11 07:23:04 HAProxy haproxy[598697]: [WARNING] (598697) : Proxy supabase_backends stopped (cumulated conns: FE: 0, BE: 0).
Jul 11 07:23:04 HAProxy haproxy[598697]: Proxy supabase_backends stopped (cumulated conns: FE: 0, BE: 0).
Jul 11 07:23:04 HAProxy haproxy[599806]: [WARNING] (599806) : Server supabase_backends/primary is DOWN, reason: Layer6 invalid response, info: "SSL handshake failure", check duration: 7ms. 0 active and 1 backup servers left. Running on backup. 0 sessions active, 0 requeued, 0 remaining in queue.
Jul 11 07:23:04 HAProxy haproxy[591881]: [NOTICE] (591881) : haproxy version is 3.2.3-1844da7
Jul 11 07:23:04 HAProxy haproxy[591881]: [NOTICE] (591881) : path to executable is /usr/local/sbin/haproxy
Jul 11 07:23:04 HAProxy haproxy[591881]: [WARNING] (591881) : Former worker (598697) exited with code 0 (Exit)
Just give more context info
HAProxy Version: HAProxy version 3.2.3-1844da7
API health check working fine when call from postman
curl --location 'https://ovcemrljpcwwrfyoqhke.supabase.co/auth/v1/health?apikey=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im92Y2VtcmxqcGN3d3JmeW9xaGtlIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTEyNTQxMTUsImV4cCI6MjA2NjgzMDExNX0.7gQYn4AB_SB1dvVMJoGM4GTcrJXVsS2LedSkl3XesKw'