Can anyone share a working haproxy configuration? I’ve tried using the config listed here but I get 503 service unavailable
errors
This is the config file I’m working with… Does anyone know what I’m missing?
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default ciphers to use on SSL-enabled listening sockets.
ssl-dh-param-file /opt/certbot/dhparams.pem
defaults
log global
option forwardfor
option http-server-close
mode http
# option httplog
# option dontlognull
timeout connect 5m
timeout client 5m
timeout server 5m
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
# Listen on port 80
bind *:80
# Listen on port 443
# Uncomment after running certbot for the first time, a certificate
# needs to be installed *before* HAProxy will be able to start when this
# directive is not commented.
bind *:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains
# Forward Certbot verification requests to the certbot-haproxy plugin
acl is_certbot path_beg -i /.well-known/acme-challenge
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
rspadd X-Frame-Options:\ DENY
use_backend certbot if is_certbot
default_backend zammad
# Ticket
acl ticket hdr_beg(host) zammad-website.com
acl ticketws url_beg /ws
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend zammad if ticket
use_backend support-websocket if ticketws
use_backend support-websocket if is_websocket
backend zammad
balance roundrobin
http-request add-header X-CLIENT-IP %[src]
server zammad 1.1.1.1:3000 check
backend support-websocket
balance roundrobin
http-request add-header X-CLIENT-IP %[src]
http-request set-header Connection "Upgrade"
server support-websocket 1.1.1.1:6042 check
backend certbot
log global
server certbot 127.0.0.1:8000
# You can also configure separate domains to force a redirect from port 80
# to 443 like this:
# redirect scheme https if !{ ssl_fc } and [PUT YOUR DOMAIN NAME HERE]