@onetech-it wrote:
I’ve got HAProxy running as a reverse proxy on a CentOS 7.4 box, with JIRA (Tomcat server) as the backend application and it proxies from https 443 to the non-SSL port on the JIRA server without issue.
However, on three other servers that are also running Tomcat apps on the backend, setting up the exact same reverse proxy and HAProxy haproxy.cfg (changing hosts and ports, of course) and they return 503 Service Unavailable errors. I can confirm that the Tomcat servers are up and running and accessible on their non-SSL ports so the servers are behaving exactly like the working one. This seems to be HAProxy related?
cfg is below. Any ideas?
#---------------------------------------------------------------------Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the ‘-r’ option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats#---------------------------------------------------------------------
common defaults that all the ‘listen’ and ‘backend’ sections will
use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000#---------------------------------------------------------------------
main frontend which proxys to the backends
Tells HAProxy to start listening on for HTTPS requests. It uses the SSL key
and certificate found within the corp.company.com.pem file. All requests will
be routed to the confluence_http_backend
#---------------------------------------------------------------------
frontend confluence_http_frontend
bind *:443 ssl crt /etc/pki/tls/keystore/corp.company.com.pem
default_backend confluence_http_backend#---------------------------------------------------------------------
static backend for serving up images, stylesheets and such
The confluence_http_backend simpl forwards all requests onto http://dev-wiki.corp.xperi.com:8090/.
It will only allow 1000 concurrent connections to the server at once.
#---------------------------------------------------------------------
backend confluence_http_backend
mode http
option httplog
option forwardforoption httpchk
server server01 server.corp.mydomain.com:8090 maxconn 1000balance roundrobin
#---------------------------------------------------------------------
round robin balancing between the various backends
#---------------------------------------------------------------------
#backend appbalance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
Posts: 1
Participants: 1