English Forums > Tutorials and FAQs
Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
dima1002:
Hello,
what is wrong here?
In Firefox I get the following error: PR_END_OF_FILE_ERROR
--- Code: ---#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbproc 1
nbthread 4
hard-stop-after 60s
maxconn 10000
tune.ssl.default-dh-param 4096
spread-checks 2
tune.chksize 16384
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log audit debug
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 5000
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend (DISABLED): LetsEncrypt_443 ()
# Frontend (DISABLED): LetsEncrypt_80 ()
# Frontend: 1_HTTP_frontend ()
frontend 1_HTTP_frontend
bind 127.0.0.1:80 name 127.0.0.1:80 accept-proxy
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: NoSSL_condition
acl acl_61a24897421141.86617043 req.ssl_ver gt 0
# ACTION: HTTPtoHTTPS_rule
http-request redirect scheme https code 301 if !acl_61a24897421141.86617043
# Frontend: 1_HTTPS_frontend ()
frontend 1_HTTPS_frontend
http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
bind 127.0.0.1:443 name 127.0.0.1:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/61a24a78aa9cc4.11915455.certlist
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACTION: PUBLIC_SUBDOMAINS_map-rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/61a249350142e3.01879320.txt)]
# Frontend: 0_SNI_frontend ()
frontend 0_SNI_frontend
bind 0.0.0.0:443 name 0.0.0.0:443 accept-proxy
bind 0.0.0.0:80 name 0.0.0.0:80 accept-proxy
mode tcp
default_backend SSL_backend
# tuning options
timeout client 30s
# logging options
# Backend: Mail ()
backend Mail
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server Main 192.168.111.2:443 ssl verify none
# Backend (DISABLED): acme_challenge_backend (Added by Let's Encrypt plugin)
# Backend: Nextcloud ()
backend Nextcloud
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server Nextcloud 192.168.111.3:443 ssl verify none
# Backend: SSL_backend ()
backend SSL_backend
# health checking is DISABLED
mode tcp
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
server SSL_Server 127.0.0.1 send-proxy-v2 check-send-proxy
# Backend: Bitwarden_Backend ()
backend Bitwarden_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server Vaultwarden80 192.168.111.77:80
--- End code ---
TheHellSite:
--- Quote from: dima1002 on November 28, 2021, 09:01:48 am ---Hello,
what is wrong here?
In Firefox I get the following error: PR_END_OF_FILE_ERROR
--- End quote ---
Are you only getting this error when using Firefox?
If so, which version of Firefox are you running?
SOUK:
Delete
evathesalmon:
--- Quote from: dima1002 on November 28, 2021, 09:01:48 am ---
In Firefox I get the following error: PR_END_OF_FILE_ERROR
--- End quote ---
Hello,
I have same issue in firefox and chrome. In logs it is said "Received something which does not look like a PROXY protocol header"
I thought at first that it is a proxy problem and double checked your 20210613 update but my bind option pass-through set as accept-proxy
My current HAProxy version is 3.7 and opnsense is 21.7.6
alexdelprete:
In Part 6, NAT Reflection: it applies to port forwarding rules, but in the guide you switched to a simple filter rule.
So there's only one option remaining: split DNS.
HAProxy has been rock solid, thanks again for your guide. I'm having a hard time only for Uptime Kuma, it uses websockets, and it's the only service that doesn't work behind HAProxy. The dev published a guide for the configuration behind several reverse proxies, unfortunately the only one missing is HAProxy: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx
I'm sure there's a way to make it work but I can't find it...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version