1
Web Proxy Filtering and Caching / [SOLVED] HaProxy-503 Service Unavailable on HTTPS frontend (Ok on HTTP frontend)
« on: November 22, 2023, 07:46:11 pm »
Bonjour,
I can't find what's wrong in the configuration. I have one backend working fine through HTTP frontend but not through HTTPS Frontend. Health Checks report backend UP in Haproxy stats.
Here is the part of the configuration :
Ports 80 and 443 are not used for now why that Haproxy. They are used with another Haproxy by NAT on a specific server. So i'm testing on 8080 and 8443 ports.
I don't understand why HTTPS frontend respond HTTP 503 Error. Certificates come from ACME plugin and are correctly read by the browser.
I also have another backend working goodtrue the same HTTPS Frontend :
I can't find any similar issue on the net. Maybe someone here will help me finding the problem.
Regards,
Lbm34
I can't find what's wrong in the configuration. I have one backend working fine through HTTP frontend but not through HTTPS Frontend. Health Checks report backend UP in Haproxy stats.
Here is the part of the configuration :
Ports 80 and 443 are not used for now why that Haproxy. They are used with another Haproxy by NAT on a specific server. So i'm testing on 8080 and 8443 ports.
Code: [Select]
# Backend: gosi_web_backend (Backend WWW Gosi)
backend gosi_web_backend
option log-health-checks
# health check: Gosi_service_helloworld
option httpchk
http-check send meth GET uri / ver HTTP/1.1 hdr Host docker01.go-si.fr
mode http
balance roundrobin
http-reuse safe
server gosi_container_helloWorld1 docker01.go-si.fr:8080 check inter 5s
server gosi_container_helloWorld2 docker01.go-si.fr:8081 check inter 5s
# Frontend: HTTPS_frontend (Frontend HTTPS)
frontend HTTPS_frontend
bind 192.168.0.200:443 name 192.168.0.200:443 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6552989e7cedf4.63725860.certlist
bind 192.168.0.200:8443 name 192.168.0.200:8443 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6552989e7cedf4.63725860.certlist
mode http
option http-keep-alive
option forwardfor
timeout client 15m
# logging options
# ACTION: Maxi80_map_rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/65553f249d33b2.96559076.txt)]
# ACTION: Gosi_map_rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/655550372090d8.42639568.txt)]
# Frontend: HTTP_frontend (Frontend HTTP)
frontend HTTP_frontend
bind 192.168.0.200:80 name 192.168.0.200:80
bind 192.168.0.200:8080 name 192.168.0.200:8080
mode http
option http-keep-alive
# logging options
# ACTION: Gosi_map_rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/655550372090d8.42639568.txt)]
I don't understand why HTTPS frontend respond HTTP 503 Error. Certificates come from ACME plugin and are correctly read by the browser.
I also have another backend working goodtrue the same HTTPS Frontend :
Code: [Select]
# Backend: maxi80_shoutcast_backend (Backend Shoutcast Maxi80)
backend maxi80_shoutcast_backend
option log-health-checks
# health check: Maxi80_service_shoutcast
option httpchk
http-check send meth GET uri / ver HTTP/1.1 hdr Host shoutcast.maxi80.com
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# ACL: hosts_root
acl acl_6552b0851024f5.76497062 path -i /
# ACL: maxi80_host_audio1
acl acl_655296713260b6.36899459 hdr(host) -i audio1.maxi80.com
# ACL: maxi80_host_audio
acl acl_65529661d80db3.72359792 hdr(host) -i audio.maxi80.com
# ACL: maxi80_host_audio2
acl acl_6552967b027b61.44132711 hdr(host) -i audio2.maxi80.com
# ACL: maxi80_host_audio3
acl acl_6552969b3cd5d0.76230185 hdr(host) -i audio3.maxi80.com
# ACL: maxi80_host_audio4
acl acl_655296a98a6220.70833280 hdr(host) -i audio4.maxi80.com
# ACL: maxi80_host_audio5
acl acl_655296b85aaa95.62366892 hdr(host) -i audio5.maxi80.com
# ACL: host_test_maxi80_com
acl acl_65552b1bc970d3.93784616 hdr(host) -i test.maxi80.com
# ACTION: Maxi80 append URI audio1
http-request redirect code 301 location https://%[hdr(host)]/1 if acl_6552b0851024f5.76497062 acl_655296713260b6.36899459 acl_65529661d80db3.72359792
# ACTION: Maxi80 append URI audio2
http-request redirect code 301 location https://%[hdr(host)]/2 if acl_6552b0851024f5.76497062 acl_6552967b027b61.44132711
# ACTION: Maxi80 append URI audio3
http-request redirect code 301 location https://%[hdr(host)]/3 if acl_6552b0851024f5.76497062 acl_6552969b3cd5d0.76230185
# ACTION: Maxi80 append URI audio4
http-request redirect code 301 location https://%[hdr(host)]/4 if acl_6552b0851024f5.76497062 acl_655296a98a6220.70833280
# ACTION: Maxi80 append URI audio5
http-request redirect code 301 location https://%[hdr(host)]/5 if acl_6552b0851024f5.76497062 acl_655296b85aaa95.62366892
# ACTION: Test Maxi80 append URI
http-request redirect code 301 location https://%[hdr(host)]/1 if acl_6552b0851024f5.76497062 acl_65552b1bc970d3.93784616
http-reuse safe
server maxi80_shoutcast_server shoutcast.maxi80.com:8000 check inter 2s
I can't find any similar issue on the net. Maybe someone here will help me finding the problem.
Regards,
Lbm34