[SOLVED] HaProxy-503 Service Unavailable on HTTPS frontend (Ok on HTTP frontend)

Started by lbm34, November 22, 2023, 07:46:11 PM

Previous topic - Next topic
Bonjour,

I can't find what's wrong in the configuration. I have one backend working fine through HTTP frontend but not through HTTPS Frontend. Health Checks report backend UP in Haproxy stats.

Here is the part of the configuration :
Ports 80 and 443 are not used for now why that Haproxy. They are used with another Haproxy by NAT on a specific server. So i'm testing on 8080 and 8443 ports.


# Backend: gosi_web_backend (Backend WWW Gosi)
backend gosi_web_backend
    option log-health-checks
    # health check: Gosi_service_helloworld
    option httpchk
    http-check send meth GET uri / ver HTTP/1.1 hdr Host docker01.go-si.fr
    mode http
    balance roundrobin

    http-reuse safe
    server gosi_container_helloWorld1 docker01.go-si.fr:8080 check inter 5s
    server gosi_container_helloWorld2 docker01.go-si.fr:8081 check inter 5s

# Frontend: HTTPS_frontend (Frontend HTTPS)
frontend HTTPS_frontend
    bind 192.168.0.200:443 name 192.168.0.200:443 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6552989e7cedf4.63725860.certlist
    bind 192.168.0.200:8443 name 192.168.0.200:8443 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6552989e7cedf4.63725860.certlist
    mode http
    option http-keep-alive
    option forwardfor
    timeout client 15m

    # logging options

    # ACTION: Maxi80_map_rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/65553f249d33b2.96559076.txt)]
    # ACTION: Gosi_map_rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/655550372090d8.42639568.txt)]

# Frontend: HTTP_frontend (Frontend HTTP)
frontend HTTP_frontend
    bind 192.168.0.200:80 name 192.168.0.200:80
    bind 192.168.0.200:8080 name 192.168.0.200:8080
    mode http
    option http-keep-alive

    # logging options

    # ACTION: Gosi_map_rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/655550372090d8.42639568.txt)]


I don't understand why HTTPS frontend respond HTTP 503 Error. Certificates come from ACME plugin and are correctly read by the browser.

I also have another backend working goodtrue the same HTTPS Frontend :

# Backend: maxi80_shoutcast_backend (Backend Shoutcast Maxi80)
backend maxi80_shoutcast_backend
    option log-health-checks
    # health check: Maxi80_service_shoutcast
    option httpchk
    http-check send meth GET uri / ver HTTP/1.1 hdr Host shoutcast.maxi80.com
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # ACL: hosts_root
    acl acl_6552b0851024f5.76497062 path -i /
    # ACL: maxi80_host_audio1
    acl acl_655296713260b6.36899459 hdr(host) -i audio1.maxi80.com
    # ACL: maxi80_host_audio
    acl acl_65529661d80db3.72359792 hdr(host) -i audio.maxi80.com
    # ACL: maxi80_host_audio2
    acl acl_6552967b027b61.44132711 hdr(host) -i audio2.maxi80.com
    # ACL: maxi80_host_audio3
    acl acl_6552969b3cd5d0.76230185 hdr(host) -i audio3.maxi80.com
    # ACL: maxi80_host_audio4
    acl acl_655296a98a6220.70833280 hdr(host) -i audio4.maxi80.com
    # ACL: maxi80_host_audio5
    acl acl_655296b85aaa95.62366892 hdr(host) -i audio5.maxi80.com
    # ACL: host_test_maxi80_com
    acl acl_65552b1bc970d3.93784616 hdr(host) -i test.maxi80.com

    # ACTION: Maxi80 append URI audio1
    http-request redirect code 301 location https://%[hdr(host)]/1 if acl_6552b0851024f5.76497062 acl_655296713260b6.36899459 acl_65529661d80db3.72359792
    # ACTION: Maxi80 append URI audio2
    http-request redirect code 301 location https://%[hdr(host)]/2 if acl_6552b0851024f5.76497062 acl_6552967b027b61.44132711
    # ACTION: Maxi80 append URI audio3
    http-request redirect code 301 location https://%[hdr(host)]/3 if acl_6552b0851024f5.76497062 acl_6552969b3cd5d0.76230185
    # ACTION: Maxi80 append URI audio4
    http-request redirect code 301 location https://%[hdr(host)]/4 if acl_6552b0851024f5.76497062 acl_655296a98a6220.70833280
    # ACTION: Maxi80 append URI audio5
    http-request redirect code 301 location https://%[hdr(host)]/5 if acl_6552b0851024f5.76497062 acl_655296b85aaa95.62366892
    # ACTION: Test Maxi80 append URI
    http-request redirect code 301 location https://%[hdr(host)]/1 if acl_6552b0851024f5.76497062 acl_65552b1bc970d3.93784616
    http-reuse safe
    server maxi80_shoutcast_server shoutcast.maxi80.com:8000 check inter 2s


I can't find any similar issue on the net. Maybe someone here will help me finding the problem.

Regards,
Lbm34

I found a solution. Maybe it's normal but merging the 2 map files in one resolve my problem. I suppose Haproxy can't handle 2 rules with 2 map files in on frontend...