Messages

Actually, scratch that (above). Options pass-through on the backend doesn't seem to work. Not sure why. On the "Public interface", I had to add this to the options:

http-request set-header Connection keep-alive if acl_<acl fround in config export>
http-request set-header Keep-Alive timeout=600 if acl_<acl fround in config export>

Got it. There's a couple things I had to do:

1. Disable HTTP/2 on the frontend Public Service. I'm not sure why. Connection: keep-alive uses HTTP/1.1 and having HTTP/2 available seems to confuse it
2. To the backend, add the following under Options pass-through:

option http-server-close
http-request set-header Connection keep-alive
http-request set-header Keep-Alive timeout=600

I have an app that uses server sent events with the headers, "Connection: keep-alive" and "Keep-Alive: timeout=60". When I test my app locally, I can tell everything works fine and I can see that the connection stays alive and the response headers in Chrome dev tools show both of those headers.

However, when I deploy my app to my server and access via HAProxy, I can see that the connection immediately closes and the response headers are missing.

What settings in HAProxy control this? Nothing really stands out, though I'm not an expert.

Thank you both for the help/insight. I'm pretty new to all of this and it looks like my issues were multi-fold:

1. My unmanaged switch doesn't support VLAN tags
2. My AP doesn't support VLAN tags without 3rd-party firmware and even then, it was suspect
3. Something wasn't letting me run multiple VLAN tags through the same port (I wanted a guest and IoT VLAN). Not sure what.

Overall, looks like I need to upgrade my equipment

What access point and switch do you have ?

AP is an Asus RT-N66U in AP mode. The switch is just a dumb switch, but I've also tried removing the switch and plugging into the 4 ports of the NIC, too.

I want to separate my network devices into two networks: one for my regular devices (LAN) and one for devices that really have no business on the LAN (ISO). I'd also like any guests connecting to the network to be DHCP'd onto the ISO network. I have wired and wireless connections for both device categories. For example:

Desktop: wired (LAN)
Phone: wireless (LAN)
TV: wired (ISO)
Alexa: wireless (ISO)
Guests: wireless (ISO)

LAN: 192.168.1.0/24
ISO: 192.168.2.0/24

I'm having trouble wrapping my head around how to set up VLANs and bridging to make this possible. So far, I've tried:

1. Connect AP and wired devices to switch
2. Connect switch to firewall port 1
3. Create VLAN off port 1
4. Static-assign all IPs as necessary between the networks
5. Turn DHCP off of LAN and on for ISO

The issue that I run into is that anything that comes onto the network later ends up getting an address on the LAN network (192.168.1.x) instead of the ISO network as intended. Additionally, even though devices are statically assigned IP address on the ISO network, the devices--themselves--show that their IP address is on the LAN network (for some devices, this causes connection issues).

I'm not sure what's causing this. Am I going about this the wrong way?