Hi Everyone,
TL/DR: Need help with NginX/Apache Reverse Proxy Settings to HAProxy.
I’m really hoping someone can help with this - I’ve spent the last 4 days googling, reading, and “experimenting” but I just cannot get this to work. Please, I really need some help.
The Situation
- All of the following is running on Rocky Linux 8.6 (for those that don’t know, that’s a RHEL-clone replacement for CentOS)
- We have a Node.js application (Electron-based) running on a local dedicated server (all details shown below).
- The internal DNS name of app is
app.localdomain.local - The internal IP Address of the app is
192.168.1.100on Port30000 - We have a local dedicated HAProxy box
- We have a local dedicated web-server (
192.168.1.99) sitting behind the HAProxy box running multiple web-sites - We can connect to all three local boxes (& the app & the web-sites) using the local IP Address and local DNS name of each respective box
- We can connect to each web-site from the public Internet ie the HAProxy box is doing its job correctly (as far as the web-sites are concerned)
- When we attempt to connect to the app from an external source (ie when using the public DNS name
app.ourdomain.com) we’re receiving a 503 Error (I know what that means) - According to the HAProxy Logs, HAProxy is routing the external GET request (for the app) to the correct backend.
- When we use a
curl app.localdomain.local -vcommand (&/or acurl 192.168.1.100 -vcommand) from the HAProxy box we receive the expected results from the app
So it seems to me (in my less-than-expert-knowledge ignorance) that our issue lies somewhere in the proxy configuration for the app.
The app publisher has provided information and sample configs on using both NginX and Apache as reverse proxies for their app, but nothing for HAProxy. So we’ve “had a go” at taking each of those relevant configs (see below) and attempting to convert them to HAProxy - but with no luck.
So could someone please, please, please point me in the right direction so as to get this working properly — I know (think?) I’m close, but as I’m not an expert in HAProxy, NginX, nor Apache I also know that I’m missing something, so any help anyone can give would be greatly appreciated.
Sample NginX Reverse-Proxy Settings (with our relevant settings included)
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://192.168.1.100:30000;
}
Sample Apache Reverse-Proxy Settings (with our relevant settings included)
ProxyPreserveHost On
ProxyPass "/socket.io/" "ws://192.168.1.100:30000/socket.io/"
ProxyPass / http://192.168.1.100:30000/
ProxyPassReverse / http://192.168.1.100:30000/
Our haproxy.cnf File (the relevant bits)
(I know the timings can be tightened up, & that’s something I’m going to get too, once I’ve got this sorted.)
defaults
mode http
log global
option httplog
option http-server-close
option httpchk HEAD /
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
frontend websites_frontend
bind *:80
bind *:443 ssl crt /etc/haproxy/ssl/ ecdhe secp384r1 alpn h2,http/1.1
http-request redirect scheme https code 301 unless { ssl_fc }
http-request redirect prefix https://www.ourdomain.com code 301 if { req.hdr(host) -i ourdomain.com }
http-response add-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;"
use_backend %[req.hdr(host),lower,map(/etc/haproxy/maps/hosts.map)]
default_backend websites_backend
backend app_backend
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https
option forwardfor
server app 192.168.1.100:30000
backend websites_backend
cookie SERVERUSED insert indirect nocache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https
server www 192.168.1.99:80 cookie www check
Our HAProxy host.map File
#DOMAIN NAME BACKEND NAME
#----------------------------------------
webmail.ourdomain.com websites_backend
www.ourdomain.com websites_backend
www1.ourdomain.com websites_backend
www2.ourdomain.com websites_backend
www3.ourdomain.com websites_backend
www4.ourdomain.com websites_backend
app.ourdomain.com app_backend
Thank you
Dulux-Oz
3 posts - 2 participants