i’ve been running haproxy for a few years, i’m trying to add an additional server with new domain (marotta-outlet.ddns.net->192.168.1.163) … however, i’m receiving error 503 server unavailable
i can go directly to the server web page (192.168.1.163), curl the location and nslookup for the new domain works fine…
i’ve added many servers to my cfg in the past with ease … however, i can’t figure out why this entry isn’t working … any help is appreciated, thanks
new cfg portions added (full cfg at end of post)
use_backend ipswitch-backend if { ssl_fc_sni -i marotta-outlet.ddns.net }
backend ipswitch-backend
mode http
http-request set-header X-Forwarded-Port %[dst_port]
server 3gstore 192.168.1.163:80
traceback …
00000065:http.accept(000a)=0010 from [192.168.1.1:53243] ALPN=
00000065:http.clireq[0010:ffffffff]: GET / HTTP/1.1
00000065:http.clihdr[0010:ffffffff]: host: marotta-outlet.ddns.net
00000065:http.clihdr[0010:ffffffff]: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
00000065:http.clihdr[0010:ffffffff]: accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
00000065:http.clihdr[0010:ffffffff]: accept-language: en-US,en;q=0.5
00000065:http.clihdr[0010:ffffffff]: accept-encoding: gzip, deflate
00000065:http.clihdr[0010:ffffffff]: upgrade-insecure-requests: 1
00000065:http.clihdr[0010:ffffffff]: cache-control: max-age=0
00000065:http.clicls[0010:ffffffff]
00000065:http.closed[0010:ffffffff]
00000066:http.accept(000a)=0010 from [192.168.1.163:3448] ALPN=
00000066:http.clireq[0010:ffffffff]: GET / HTTP/1.1
00000066:http.clihdr[0010:ffffffff]: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
00000066:http.clihdr[0010:ffffffff]: accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
00000066:http.clihdr[0010:ffffffff]: accept-encoding: gzip,deflate,sdch
00000066:http.clihdr[0010:ffffffff]: accept-language: en-US,en;q=0.8
00000066:http.clihdr[0010:ffffffff]: accept-charset: ISO-8859-1,utf-8;q=0.7,;q=0.3
00000066:http.clicls[0010:ffffffff]
00000066:http.closed[0010:ffffffff]
00000067:http.accept(000a)=0010 from [192.168.1.163:3450] ALPN=
00000067:http.clireq[0010:ffffffff]: GET / HTTP/1.1
00000067:http.clihdr[0010:ffffffff]: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
00000067:http.clihdr[0010:ffffffff]: accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
00000067:http.clihdr[0010:ffffffff]: accept-encoding: gzip,deflate,sdch
00000067:http.clihdr[0010:ffffffff]: accept-language: en-US,en;q=0.8
00000067:http.clihdr[0010:ffffffff]: accept-charset: ISO-8859-1,utf-8;q=0.7,;q=0.3
00000067:http.clicls[0010:ffffffff]
00000067:http.closed[0010:ffffffff]
cfg file
global
maxconn 100
daemon
tune.ssl.default-dh-param 2048
chroot /var/empty
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 600 expose-fd listeners level user
defaults
mode http
log global
option http-keep-alive
timeout connect 5000
timeout client 50000
timeout server 50000
timeout tunnel 1h
listen stats
bind 192.168.1.235:9000
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats uri /haproxy?stats
frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend openvpn-backend if { req.ssl_sni -i marotta.ddns.net }
default_backend https-back
frontend https-front
proxy
bind 127.0.0.1:9001 ssl crt /etc/letsencrypt/live/marotta.ddns.net/haproxy.pem accept-proxy
mode http
use_backend home-assistant-backend if { ssl_fc_sni -i marotta-ha.ddns.net }
use_backend nextcloud-backend if { ssl_fc_sni -i marotta-nc.ddns.net }
use_backend genmon-backend if { ssl_fc_sni -i marotta-genmon.ddns.net }
use_backend blueiris-backend if { ssl_fc_sni -i marotta-bi.ddns.net }
use_backend unifi-backend if { ssl_fc_sni -i marotta-unifi.ddns.net }
use_backend unms-backend if { ssl_fc_sni -i marotta-unms.ddns.net }
use_backend ipswitch-backend if { ssl_fc_sni -i marotta-outlet.ddns.net }
use_backend haproxy-backend if { ssl_fc_sni -i marotta-haproxy.ddns.net }
use_backend backend-nd-unms if { ssl_fc_sni -i marotta-nd-unms.ddns.net }
use_backend backend-nd-openvpn if { ssl_fc_sni -i marotta-nd-openvpn.ddns.net }
use_backend backend-nd-genmon if { ssl_fc_sni -i marotta-nd-genmon.ddns.net }
use_backend backend-nd-ha if { ssl_fc_sni -i marotta-nd-ha.ddns.net }
use_backend backend-nd-stage if { ssl_fc_sni -i marotta-nd-stage.ddns.net }
use_backend backend-nd-greenhouse if { ssl_fc_sni -i marotta-nd-greenhouse.ddns.net }
use_backend backend-nd-poolside if { ssl_fc_sni -i marotta-nd-poolside.ddns.net }
use_backend backend-nd-gym if { ssl_fc_sni -i marotta-nd-gym.ddns.net }
use_backend backend-nd-rosegarden if { ssl_fc_sni -i marotta-nd-rosegarden.ddns.net }
use_backend backend-nd-firepit if { ssl_fc_sni -i marotta-nd-firepit.ddns.net }
use_backend backend-nd-fireplace if { ssl_fc_sni -i marotta-nd-fireplace.ddns.net }
default_backend blueiris-backend
frontend http
bind *:80
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888
backend https-back
mode tcp
server https-front 127.0.0.1:9001 send-proxy-v2
backend ipswitch-backend
mode http
http-request set-header X-Forwarded-Port %[dst_port]
server 3gstore 192.168.1.163:80
backend openvpn-backend
mode tcp
timeout server 2h
server openvpn 192.168.1.235:444
backend backend-nd-unms
mode http
server netdata 192.168.1.207:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-ha
mode http
server netdata 192.168.1.123:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-genmon
mode http
server netdata 192.168.1.152:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-openvpn
mode http
server netdata 192.168.1.235:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-gym
mode http
server netdata 192.168.1.159:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-rosegarden
mode http
server netdata 192.168.1.191:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-greenhouse
mode http
server netdata 192.168.1.187:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-poolside
mode http
server netdata 192.168.1.18:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-stage
mode http
server netdata 192.168.1.202:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-fireplace
mode http
server netdata 192.168.1.201:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend backend-nd-firepit
mode http
server netdata 192.168.1.200:19999 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend haproxy-backend
mode http
server haproxy 192.168.1.235:9000 no-ssl check
http-request redirect location /haproxy?stats if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend genmon-backend
mode http
server unifi 192.168.1.152:8000 no-ssl check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend unifi-backend
mode http
server unifi 192.168.1.148:8443 ssl verify none check
http-request redirect location /manage/site/kab9w4dv/dashboard if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend unms-backend
mode http
server unms 192.168.1.207 ssl verify none
http-request redirect location /dashboard if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend home-assistant-backend
mode http
server home-assistant 192.168.1.123:8123 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend nextcloud-backend
mode http
server nextcloud 192.168.1.123:80 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
backend blueiris-backend
mode http
server blueiris 192.168.1.36:1050 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }1 post - 1 participant