HAProxy Troubleshooting.

Started by petrij98, February 09, 2025, 04:53:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2025, 04:53:55 PM
Hey everyone! So, in my quest to completely migrate from PFSense to OPNSense, I have been trying to set up HAProxy as I used it to proxy out a lot of my internal services that I wanted to host (i.e. Plex, Home Assistant, etc). I had a pretty robust setup on my PFSense instance, so I'd love to be able to re-implement that on OPNSense rather than having to move to a different solution like Nginx on a VM. However, whenever I try and set up my first service and turn HAProxy on, the service refuses to start and the only thing that the logs provide me is an exit code status 1. I'd appreciate any advice or troubleshooting steps on this, because I have no clue where to start diagnosing this. I implemented the recommended patches (which broke the entire thing and required a full re-installation) and combed through my entire configuration, but can't find any issues.
February 09, 2025, 05:32:10 PM #1
Did you move the UI to a different port than 443? And disable the HTTP --> HTTPS redirection?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 09, 2025, 05:39:59 PM #2
Absolutely! I completely started over from scratch and wiped what little I had built out so far. With HTTPS changed to a different port, with HTTP redirection off, and with a completely empty configuration (besides the acme plugin), the service was working. As soon as I try to add a public service, everything comes crashing down.
February 09, 2025, 05:47:02 PM #3
What do you mean by "implementing recommended patches"? There is no such thing in OPNsense. You just update to the current supported version and that is that.

Also in which way did "everything come crashing down"? It should be only the HAproxy service that is possibly not starting if misconfigured. There should be an error message ind the logs helping to find out what it is that breaks it.

If other functions of the firewall "come crashing down" then for sure you did more that only configure and enable HAproxy.

What exactly did you do? All of it ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 09, 2025, 06:14:44 PM #4
When I say recommended patches, I'm referring to posts that I've seen saying to run "opnsense-patch -c plugins 31b82cd 18cd9f6." Running that bricked my HAProxy instance and required reinstallation, so I won't be trying that again. "Came crashing down" was just a figure of speech. HAProxy stops running when I turn on my HTTP/HTTPS public service and won't turn back on until I turn it off. As I said in my original post, the only error log I get is an exit status 1. So, I've been looking through my Public Service configuration to see what could be causing this issue.
February 09, 2025, 06:18:39 PM #5
Quote from: petrij98 on February 09, 2025, 06:14:44 PMAs I said in my original post, the only error log I get is an exit status 1
That is the only thing written in the log file /var/log/haproxy/latest.log? That would be strange indeed.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 09, 2025, 06:26:08 PM #6
That's the output I get from System > Log Files > Backend. Latest.log just tells me all of my backends have stopped.
February 09, 2025, 06:33:10 PM #7
Could you check in the logfile proper via SSH?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 09, 2025, 06:36:10 PM #8
That's precisely where I went to look. The latest.log for the system has nothing but a whole list of lines that say "WARNING: failed to start haproxy" with no additional context and haproxy's latest.log just tells me my backends all stopped.
February 09, 2025, 06:38:04 PM #9
Wow. You tried to apply patches from back in 2021/2022 to a current version of OpnSense? Way to go!

After you have finished reinstalling your now broken installation, why don't you try following instructions that have been proven to work for a better start?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
February 09, 2025, 08:25:08 PM #10
Thanks for the tip, meyergru. As it turns out, I only had to change one variable in my Frontend to allow for HAProxy to work. Apparently, HAProxy doesn't like when you try to use an FQDN for a Listen Address. I simply changed it to 0.0.0.0 to bind to all interfaces and it worked. I only wish my logs gave me some kind of an indication, so I could've solved this with Patrick that much sooner.
February 10, 2025, 09:23:25 PM #11
Next time you need to make a change to HAproxy, use the plugin's helpers.
Services > HAProxy > Settings. After your change, use the "Test syntax" button. That will perform a validation check and report there and then if there is something that will likely prevent it from starting.
Notice and Warnings will normally not prevent it from starting and you can apply, as long as you get at the end:
Code Select
Warnings were found.
Configuration file is validThen its log will give you some details if you proceed with applying the change.
Print
Go Up Pages1
User actions