Hope someone can help me :)
I try to configure HAProxy for plex redirection but didn't found the solution yet.
So basically to run plex home page you should go to => IPADRESS:PORT/web which redirect to IPADRESS:PORT/web/index.html
I made this kind of redirect:
use_backend plex if { hdr_beg(Host) -i plex. }
backend plex
server plex localhost:32400 check
This is ok, i can join plex => plex.mydomain.tld/web
But i would like to be able to join plex with this URL => plex.mydomain.tld
I tried to add this line:
reqrep ^([^\ :]*)\ /(.*) \1\ /web\2
Changing is fine, my URL switch to => plex.mydomain.tld/web/index.html
But i have a 404 ERROR...
What kind of trick i should do to acces plex from plex.mydomain.tld ?
Thanks !
Found some info that helped me figure it out:
global
log 127.0.0.1 syslog
maxconn 1000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 4096
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option contstats
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
listen stats
bind *:9090
mode http
maxconn 10
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:admin
frontend ALL
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/nomercy.myqnapcloud.com.pem crt /etc/haproxy/certs/nomercy.myqnapcloud.com.pem
mode http
# Define path for lets encrypt
acl is_letsencrypt path_beg -i /.well-known/acme-challenge/
use_backend letsencrypt if is_letsencrypt
# Define hosts
acl host_website hdr(host) -i nomercy.myqnapcloud.com
# Direct hosts to backend
use_backend website if host_website
# Redirect port 80 to 443
# But do not redirect letsencrypt since it checks port 80 and not 443
redirect scheme https code 301 if !{ ssl_fc } !is_letsencrypt
backend letsencrypt
server letsencrypt 127.0.0.1:8888
backend website
balance roundrobin
option httpchk GET /check
cookie SERVERID insert indirect nocache
http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 192.168.2.151:8888 check
server server2 192.168.2.152:8888 check
server server3 192.168.2.153:8888 check
listen plex
bind *:32400 ssl crt /etc/haproxy/certs/nomercy.myqnapcloud.com.pem crt /etc/haproxy/certs/nomercy.myqnapcloud.com.pem
balance roundrobin
option httpchk GET /check
http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 192.168.2.149:32400 check port 8888
server server2 192.168.2.148:32400 check port 8888
server server3 192.168.2.147:32400 check port 8888
You can remove the ssl credentials if you don't have it installed.
The problem here unfortunately has nothing to do with your HAProxy configuration. Instead it is Plex that is causing the issue.
Example
With your configuration, when you go to plex.mydomain.tld HAProxy is adding in the /web and as a result Plex gets the following url: plex.mydomain.tld/web. This is correct however Plex will then want to forward the browser on to plex.mydomain.tld/web/index.html. But when the browser sends a request or that url, HAProxy steps in and adds that extra /web again and the resulting url that is set to Plex is plex.mydomain.tld/web/web/index.html which doesn't exist and hence the 404 error you got.
While going to plex.mydomain.tld/index.html may work, I assume all links from that page to any other page won't work due to the say issue.
To solve this you could
Look through Plex's configuration to see if it is possible to run it with out the /web.
Taking inspiration from here, you could configure HAProxy something like this:
frontend http
mode http
bind *:80
acl plex hdr_beg(Host) -i plex.
acl root_dir path_reg ^$|^/$
acl no_plex_header req.hdr_cnt(X-Plex-Device-Name) -i 0
redirect location http://plex.mydomain.tld/web/index.html 301 if no_plex_header root_dir plex
use_backend plex if plex
backend plex
server plex localhost:32400 check
The key difference being the redirect location line which will redirect from / to /web/index.html if the header X-Plex-Device-Name isn't set. The reason you have to check for the header is that it appears that plex uses / for something else.
Note: This config is an example and I haven't tested this at all
Hope that helps.
I want to echo that I used the solution provided by JamesStewy and it worked, with the minor correction;
redirect location http://plex.mydomain.tld/web/index.html code 301 if no_plex_header root_dir plex
At least, that was necessary for me (running haproxy 1.7.2).
Related
We are running Haproxy and 3 nginx processes inside a single docker on the host network to access it from localhost. We have installed HaProxy version 2.6.6. 3 nginx servers are running behind it as backend servers. We are able to access them individually What is wrong with the haproxy configuration here? we are always getting the below error on curl (curl http://localhost:80) requests. Please suggest
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
pidfile /usr/local/etc/haproxy/haproxy.pid
defaults
timeout http-request 2000
timeout queue 1000
timeout check 2000
timeout connect 2000
timeout client 5000
timeout server 5000
log global
option dontlognull
option clitcpka
option srvtcpka
option tcpka
unique-id-format %[uuid()]
unique-id-header X-Request-ID
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %ID %{+Q}r"
frontend http-in
mode http
option forwardfor
bind *:80
use_backend webservers
backend webservers
mode http
server localhost-01 localhost:8000
server localhost-02 localhost:8001
server localhost-03 localhost:8002
I'm experiencing high latency with haproxy load balancer when backend configuration uses private network IP addresses.
But when I replace backend server addresses with public IP address or Reverse DNS name I experience no latency.
What is causing the latency?
If one uses public IP or fqdn or
Reverse DNS name, does network traffic bypasses haproxy?
Is it
allowed to use public IP or fqdn or Reverse DNS name for backend
servers in haproxy conf?
Configuration With Private Network IP Addresses
global
log /dev/log local0
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
maxconn 18000
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
defaults
log global
mode http
option httplog
timeout client 30s
timeout connect 4s
timeout server 30s
frontend www
bind *:80
default_backend webservers
backend webservers
mode http
balance roundrobin
server server1 10.0.0.20:80
server server2 10.0.0.30:80
Configuration With Reverse DNS or Public IP Addresses
global
log /dev/log local0
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
maxconn 18000
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
defaults
log global
mode http
option httplog
timeout client 30s
timeout connect 4s
timeout server 30s
frontend www
bind *:80
default_backend webservers
backend webservers
mode http
balance roundrobin
server server1 90-80-70-40.aws.com:80
server server2 90-80-70-50.aws.com:80
It looks like it was a DNS issue on the host Windows machines. Added entries to host file and it worked as expected with private network IP settings.
I'm trying to setup HAProxy for 1 Domain and 1 Subdomain.
The actual situation is that:
Internet -> pfSense Firewall -> HAProxy -> SRV1 (192.168.100.1) domain.com
-> SRV2 (192.168.100.2) srv2.domain.com
Actually it IS working - I can access SRV1 if I type domain.com and I can access SRV2 if I type srv2.domain.com.. BUT:
If I open my Browser and type domain.com and open a new tab with srv2.domain.com, the 2nd tab (srv2) points me to domain.com instead of srv2.domain.com.. Same happens vice versa.. If I first browse to srv2.domain.com and then browse to domain.com, it points me to srv2.. So I always have to restart my browser if I want to browse to SRV1 and to SRV2..
here's my HAProxy config:
acl host_srv2 hdr_dom(host) -i srv2.domain.com
acl host_domain hdr_dom(host) -i domain.com
use_backend srv2 if host_srv2
use_backend domain if host_domain
backend srv2
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
server srv2 192.168.100.2:80 check
backend domain
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
server domain 192.168.100.1:80 check
do you have any Ideas?
Change your acl's to:
acl host_domain hdr_dom(host) -i domain.com
acl host_server hdr_dom(host) -i srv2.domain.com
`
Once the first match hits it will skip remaining acl
My haproxy.cfg
global
log 127.0.0.1 local0
maxconn 20000
user haproxy
group haproxy
stats socket /var/run/haproxy/haproxy.sock level admin
stats timeout 2m
listen admin
bind *:8080
stats enable
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
# timeout http-request 5s
timeout connect 5000
timeout client 60000
timeout server 60000
frontend http-in
bind *:80
default_backend monkey
backend monkey
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth admin:hello
stats auth Another_User:hi
mode http
compression algo gzip
compression type text/html text/plain text/css application/json
balance roundrobin
option httpclose
option forwardfor
default-server inter 1s fall 1
server cd-test-1 1.2.3.4:80 check
server cd-test-2 5.6.7.8:80 check
I have been using socat to disable a node from HAproxy cluster.
below is the command
echo "disable server monkey/cd-test-1"| socat stdio /var/run/haproxy/haproxy.sock
The above disables my node from haproxy. But if I use the ip address(1.2.3.4) instead of "cd-test-1" it returns No such server.
I am using ansible to automated this. I use {{inventory_hostname}} and delegate the command to my HAproxy server. Hence the issue.
- name: Disable {{ inventory_hostname }} in haproxy and letting the services drain
shell: echo "disable server monkey/{{inventory_hostname}}"| socat stdio /var/run/haproxy/haproxy.sock
become_user: root
delegate_to: "{{ item }}"
with_items: groups.haproxy_backend
This returns "No such server." and moves along.
Can someone please help me find the issue with using the IP instead of the name of server. Might be doing something very silly. Any help is appreciated.
Disabling and enabling HAproxy using socat, the server alias name has to be mentioned.
Otherwise, we will be getting a No such server error.
I have to put haproxy in front of my already running Apache web-server. Both haproxy and apache web-server are on separate Cent-OS6.4 machines.
I had installed haproxy-1.5-dev19.el6.x86_64 and it is working fine with http, but getting
below error with https:-
"502 Bad Gateway: The server returned an invalid or incomplete response".
haproxy logs are shown below:
Nov 7 05:49:56 localhost haproxy[9925]: XX.XX.XXX.XX:51949
[07/Nov/2013:05:49:55.204] https-in~ abc-https/server1
1595/0/1/-1/1597 502 714 - - PHNN 2/2/0/0/0 0/0 "GET / HTTP/1.1"
Nov 7 05:49:57 localhost haproxy[9925]: XX.XX.XXX.XX:51947
[07/Nov/2013:05:49:55.972] https-in~ abc-https/server1
1523/0/1/-1/1525 502 714 - - PHNN 1/1/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"
SSL logs on webserver (request behind proxy):
10.0.0.218 - - [06/Nov/2013:22:42:34 -0800] **"GET /"** 400 510
10.0.0.218 - - [06/Nov/2013:22:42:34 -0800] "GET /" 400 510
SSL logs on webserver (direct request):
XX.XX.XX.XX - - [06/Nov/2013:22:48:42 -0800] **"GET / HTTP/1.1"** 200 19553
As you can see the difference between proxy and without proxy at webserver.
Below is my haproxy.cfg file:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 40000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor
option redispatch
retries 10
timeout http-request 60s
timeout queue 60s
timeout connect 60s
timeout client 60s
timeout server 60s
timeout http-keep-alive 60s
timeout check 60s
maxconn 30000
Listen stats 0.0.0.:8880
stats enable
stats hide-version
stats uri /
Stats realm HAProxy\ Statistics
stats auth XXXXX:XXXXX
frontend http-in
bind *:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst }
tcp-request connection reject if { src_conn_cur ge 200 } tcp-request
connection track-sc1 src
use_backend http-in-static if url_static
default_backend http-in-bk
frontend https-in
bind *:443 ssl crt /home/ec2-user/ev/haproxy.pem
http-request add-header X-Proto https if { ssl_fc }
use_backend abc-https if {ssl_fc}
backend abc-https
server server1 10.0.0.16:443 check
backend http-in-static
server static 10.0.0.16:80 check inter 100 weight 1
backend http-in-bk
acl abuse src_http_err_rate(http-in) ge 100
acl flag_abuser src_inc_gpc0(http-in)
tcp-request content reject if abuse flag_abuser
server server1 10.0.0.16:80 check inter 100 weight 1
There is only one webserver which is already running and I have to implement haproxy in front of that.
Where I am doing wrong? Kindly help me to resolve this issue.
Regards,
Komal Pal
You are decrypting the SSL traffic and then sending the plaintext HTTP to an HTTPS socket on your webserver.
In this setup you would normally send it to port 80 on the webserver, because you have already decrypted it.
If you want to re-encrypt you must change your "server xxx" line to have the flag "ssl" on it as well.