Can anyone share a working haproxy configuration?

bruce78 · November 30, 2018, 10:11am

Can anyone share a working haproxy configuration? I’ve tried using the config listed here but I get 503 service unavailable errors

This is the config file I’m working with… Does anyone know what I’m missing?

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default ciphers to use on SSL-enabled listening sockets.
    ssl-dh-param-file /opt/certbot/dhparams.pem

defaults
    log     global
    option  forwardfor
    option  http-server-close
    mode    http
#   option  httplog
#   option  dontlognull
    timeout connect 5m
    timeout client  5m
    timeout server  5m
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend http-in
    # Listen on port 80
    bind *:80
    # Listen on port 443
    # Uncomment after running certbot for the first time, a certificate
    # needs to be installed *before* HAProxy will be able to start when this
    # directive is not commented.
    bind *:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains

# Forward Certbot verification requests to the certbot-haproxy plugin
    acl is_certbot path_beg -i /.well-known/acme-challenge
    rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
    rspadd X-Frame-Options:\ DENY
    use_backend certbot if is_certbot
    default_backend zammad

# Ticket
acl ticket hdr_beg(host) zammad-website.com
acl ticketws url_beg /ws
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend zammad if ticket
use_backend support-websocket if ticketws
use_backend support-websocket if is_websocket

backend zammad
balance roundrobin
http-request add-header X-CLIENT-IP %[src]
server zammad 1.1.1.1:3000 check

backend support-websocket
balance roundrobin
http-request add-header X-CLIENT-IP %[src]
http-request set-header Connection "Upgrade"
server support-websocket 1.1.1.1:6042 check

backend certbot
    log global
    server certbot 127.0.0.1:8000
    # You can also configure separate domains to force a redirect from port 80
    # to 443 like this:
    # redirect scheme https if !{ ssl_fc } and [PUT YOUR DOMAIN NAME HERE]

system · March 30, 2019, 10:11am

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.