Www.example.com works but example.com doesn't on https

Help!
1

I’m hosting a site for a buddy of mine and while the site works perfectly well at http://www.embr.live http://embr.live and https://www.embr.live we get a 503 error everytime on https://embr.live. We can’t figure out if the problem is in my HAproxy setup or on his PHP config somewhere. Is there anything in this config that would result in https://embr.live not working?

Automaticaly generated, dont edit manually.

Generated on: 2021-01-06 10:44

global
maxconn 1000
log /var/run/log syslog err
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
log-send-hostname HaproxyMasterNode
server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000

frontend HTTPS
bind 135.84.222.92:443 name 135.84.222.92:443 ssl crt-list /var/etc/haproxy/HTTPS.crt_list
mode http
log global
option log-separate-errors
option httplog
option http-keep-alive
timeout client 30000
acl nextcloud var(txn.txnhost) -m str -i nextcloud.mcnair.tech
acl embr var(txn.txnhost) -m sub -i embr.live
acl aclcrt_HTTPS var(txn.txnhost) -m reg -i ^mcnair.tech(:([0-9]){1,5})? acl aclcrt_HTTPS var(txn.txnhost) -m reg -i ^nextcloud\.mcnair\.tech(:([0-9]){1,5})?
acl aclcrt_HTTPS var(txn.txnhost) -m reg -i ^([^.]*).embr.live(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend nextcloud_ipvANY if nextcloud aclcrt_HTTPS
use_backend embr_ipvANY if embr aclcrt_HTTPS

frontend HTTP
bind 135.84.222.92:80 name 135.84.222.92:80
mode http
log global
option httplog
option http-keep-alive
timeout client 30000
acl embr var(txn.txnhost) -m sub -i embr.live
http-request set-var(txn.txnhost) hdr(host)
use_backend embr_ipvANY if embr

backend nextcloud_ipvANY
mode http
id 102
log global
http-response set-header Strict-Transport-Security max-age=31536000;
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
acl caldav-endpoint var(txn.txnpath) -m beg -i /.well-known/caldav
acl carddav-endpoint var(txn.txnpath) -m beg -i /.well-known/carddav
http-request set-var(txn.txnpath) path
http-request set-path /remote.php/dav if caldav-endpoint
http-request set-path /remote.php/dav if carddav-endpoint
server nextcloud 10.0.0.26:80 id 103 check inter 1000

backend embr_ipvANY
mode http
id 104
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server embr 10.0.0.76:80 id 105 check inter 1000

2

Sure, your rather complex ACL aclcrt_HTTPS is the reason. I won’t even try to comprehend what the it is supposed to achieve.

I suggest you remove aclcrt_HTTPS from the configuration, or adjust it to actually allow the hostname you want.

Also your SSL certificate is wrong. A wildcard certificate *.embr.live does not cover embr.live, you need to request this as an additional hostname.

3

Thanks for the input. I’m pretty new at this and the configuration was created using the GUI in the HAproxy addon for PFSense. I will try to manually edit the suggested sections.