Incorrect HAProxy reverse proxy config?

Question

I'm configuring my domain, and I want to set up HAProxy as a reverse proxy for all of my subdomains. Somehow I've got this configured incorrectly, and I absolutely have no idea what's wrong. Here's my full HAProxy config:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POL>
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend http-in
    bind *:80
    acl subhome hdr_sub(host) -i homeassistant.exampledomain.com

    use_backend habackend if subhome

backend habackend
    mode http
    option forwardfor
    server homeassistant 192.168.5.1:8123

HAProxy itself is definitely working, as when I try to access the root of my domain, it gives me a 503 service unavailable (as it should), but when I try to access the subdomain, it just doesn't return anything.

Milad Habibian · Accepted Answer · 2024-06-16 13:35:26Z

If HAproxy works, First I offer to Check HAProxy logs for any errors or warnings that might indicate issues with the configuration or connectivity.

but, based on the data you mentioned in your configuration, please check below configuration instead and see if it works or not.

<--

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server 50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend http-in
    bind *:80
    # bind *:443 ssl crt /etc/haproxy/certs/  # Uncomment if you need SSL termination

    acl host_homeassistant hdr(host) -i homeassistant.exampledomain.com
    acl host_another hdr(host) -i another.exampledomain.com

    use_backend habackend if host_homeassistant
    use_backend anotherbackend if host_another

backend habackend
    mode http
    option forwardfor
    server homeassistant 192.168.5.1:8123 check

backend anotherbackend
    mode http
    option forwardfor
    server another_server 192.168.5.2:8080 check

listen stats
    bind *:8080
    stats enable
    stats uri /stats
    stats auth admin:admin

-->

So, this config still does not work, but at least in a better way than before. I suspect part of the problem is that I'm using DuckDNS with Cloudflare. Still the stats page helped a lot and I should be able to figure it out from here! — Vincent Guttmann, Commented Jun 18 at 18:06

Stack Exchange Network

Incorrect HAProxy reverse proxy config?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
reverse-proxy
haproxy
subdomain
.

Hot Network Questions

Incorrect HAProxy reverse proxy config?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged reverse-proxyhaproxysubdomain.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
reverse-proxy
haproxy
subdomain
.