OPNsense Forum

English Forums => 18.7 Legacy Series => Topic started by: csmall on August 14, 2018, 12:57:54 pm

Title: Haproxy issue
Post by: csmall on August 14, 2018, 12:57:54 pm
I have one service running behind haproxy with ssl offloading enabled and it works fine.

I added another service to a new backend pool of servers and going to the site over ssl fails with ssl protocol error.

If I go to the site directly to the backend ip it works fine. I only get the protocol error when I go to haproxy address.

What could be the issue? It is nginx with and ssl site on 443.
Title: Re: Haproxy issue
Post by: csmall on August 14, 2018, 02:41:10 pm
Actually, when going to the site today I get a 503 error.

503 Service Unavailable
No server is available to handle this request.

The cert in the browser looks fine and valid but chrome warns anyway. Clicking proceed gives me the 503 error.
Title: Re: Haproxy issue
Post by: fraenki on August 14, 2018, 04:12:28 pm
Check the HAProxy logs:
Services -> HAProxy -> Log File

Title: Re: Haproxy issue
Post by: csmall on August 14, 2018, 04:47:12 pm
I do t see anything relevant to this server other than the proxy is started. For the working server I see connection information.

I cloned everything from the working server and modified the options to point to the new server but it just doesn’t work.

Maybe it is an nginx issue? But the site works on the lan when going directly to the server. It only had this trouble when going to the haproxy address.

This is doing ssl offloading, I would like to try just pass-through but I don’t know what options to select to do pass-through. Everything I have tried doesn’t work.
Title: Re: Haproxy issue
Post by: csmall on August 15, 2018, 12:30:34 am
Can anyone explain to me how to do pass-through ssl with the haproxy plugin?
Title: Re: Haproxy issue
Post by: csmall on August 15, 2018, 02:27:43 am
Looks like I figured out how to run multiple sites with SSL and SSL-Offloading. Multiple sites are now loading as expected behind a single public IP.