Hello
I had set up my Haproxy version 3.12 but it doesnt work.
I used this tutorial: https://forum.opnsense.org/index.php?topic=23339.0 (https://forum.opnsense.org/index.php?topic=23339.0)
Can somebody help me
HaProxy logs:
2022-11-25T10:15:47 Informational haproxy 92.255.85.173:58621 [25/Nov/2022:10:15:47.935] 0_SNI_frontend SSL_backend/SSL_server 1/0/44 0 -- 1/1/0/0/0 0/0
2022-11-25T10:15:47 Error haproxy 92.255.85.173:58621 [25/Nov/2022:10:15:47.935] 1_HTTPS_frontend/127.4.4.3:443: SSL handshake failure
2022-11-25T10:15:00 Informational haproxy 127.0.0.1:44163 [25/Nov/2022:10:15:00.452] 0_SNI_frontend SSL_backend/SSL_server 1/0/23 4610 -- 1/1/0/0/0 0/0
2022-11-25T10:15:00 Error haproxy 127.0.0.1:44163 [25/Nov/2022:10:15:00.474] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T10:08:54 Informational haproxy 10.0.2.1:49118 [25/Nov/2022:10:08:54.550] 0_SNI_frontend SSL_backend/SSL_server 1/0/1 91 -- 1/1/0/0/0 0/0
2022-11-25T10:08:54 Informational haproxy 10.0.2.1:49118 [25/Nov/2022:10:08:54.550] 1_HTTP_frontend 1_HTTP_frontend/<NOSRV> 0/-1/-1/-1/0 301 98 - - LR-- 2/1/0/0/0 0/0 "GET / HTTP/1.1"
2022-11-25T10:08:25 Informational haproxy 78.104.49.67:54540 [25/Nov/2022:10:08:25.272] 0_SNI_frontend SSL_backend/SSL_server 1/0/35 91 -- 1/1/0/0/0 0/0
2022-11-25T10:08:25 Informational haproxy 78.104.49.67:54540 [25/Nov/2022:10:08:25.278] 1_HTTP_frontend 1_HTTP_frontend/<NOSRV> 0/-1/-1/-1/0 301 98 - - LR-- 2/1/0/0/0 0/0 "GET / HTTP/1.1"
2022-11-25T10:08:05 Error haproxy 78.104.49.67:34626 [25/Nov/2022:10:08:02.686] 1_HTTPS_frontend~ server1_backend/server1_server 0/3167/-1/-1/3168 503 217 - - SC-- 2/1/0/0/3 0/0 "GET https://server1.cdomes.at/ HTTP/2.0"
2022-11-25T10:05:00 Informational haproxy 127.0.0.1:14392 [25/Nov/2022:10:05:00.240] 0_SNI_frontend SSL_backend/SSL_server 1/0/14 4611 -- 1/1/0/0/0 0/0
2022-11-25T10:05:00 Error haproxy 127.0.0.1:14392 [25/Nov/2022:10:05:00.253] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T09:55:00 Informational haproxy 127.0.0.1:46781 [25/Nov/2022:09:55:00.272] 0_SNI_frontend SSL_backend/SSL_server 1/0/13 4611 -- 1/1/0/0/0 0/0
2022-11-25T09:55:00 Error haproxy 127.0.0.1:46781 [25/Nov/2022:09:55:00.284] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T09:53:29 Error haproxy 45.156.242.189:60252 [25/Nov/2022:09:52:55.993] 0_SNI_frontend SSL_backend/SSL_server 1/0/33306 722 cD 2/1/0/0/0 0/0
This is my config:
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbproc 1
nbthread 4
hard-stop-after 60s
no strict-limits
maxconn 10000
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 5000
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: 0_SNI_frontend ()
frontend 0_SNI_frontend
bind 0.0.0.0:443 name 0.0.0.0:443
bind 0.0.0.0:80 name 0.0.0.0:80
mode tcp
default_backend SSL_backend
# tuning options
timeout client 30s
# logging options
option log-separate-errors
option tcplog
# Frontend: 1_HTTP_frontend ()
frontend 1_HTTP_frontend
bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
option httplog
# ACL: NoSSL_condition
acl acl_637dfb2d6b6bf6.08018343 ssl_fc
# ACTION: HTTPtoHTTPS_rule
http-request redirect scheme https code 301 if !acl_637dfb2d6b6bf6.08018343
# Frontend: 1_HTTPS_frontend ()
frontend 1_HTTPS_frontend
http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/637f3c69b94cf9.63237305.certlist
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 15m
# logging options
option log-separate-errors
option httplog
# ACTION: PUBLIC_SUBDOMAINS_map-rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/637dfb769726c4.73007068.txt)]
# Backend: SSL_backend ()
backend SSL_backend
# health checking is DISABLED
mode tcp
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy
# Backend: UNRAID_backend ()
backend UNRAID_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server UNRAID_server 10.0.1.1:433 ssl verify none
# Backend: server1_backend ()
backend server1_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server server1_server 10.0.2.1:433 ssl verify none
# statistics are DISABLED