Reload a list without reloading HAProxy
Trying to figure out if there is a way to reload a blacklist of ips that HA uses to block without having to do a full reload of HAProxy. I have many frontends and in all of them is the following: acl...
View ArticleHaproxy w/ssl 'SSL handshake failure'
I’ve had haproxy working with a non-ssl/tls frontend for some time. Just recently I was tasked to have haproxy listen for https connections specifically. I’m troubled with the error haproxy-ssl/1: SSL...
View ArticleRewrite URI based on backend server name
Hi everyone. I have proxy: proxy.com and two backend web-servers serv1.back.com and serv2.back.com Web servers listens just their addresses so if i hit proxy.com serv1.back.com response 403. I tried...
View ArticleWe found security vulnerabilities on several images
We scanned some images with Jfrog’s xray image scanner. We found several critical vulnerabilities. Here are the critical vulnerabilities, let us know your feedback about this: Issue id CVES CVSS3...
View ArticleOnly first server on backend getting used
Here’s my setup. Both http and https connections are working, but on both backends, only the first server entry (server aab) is being forwarded to. The second one (server aaa) never gets hit. If I...
View ArticleConfiguration ssl -1/-1/-1/-1/0 503 212 - - SC--
Hi All, We have HAproxy running perfectly until there is a need to add 2 services that use SSL, calling web1 and web2. We have installed a wild-child SSL certificate in te server. This is an example...
View ArticleHowto encrypt key file
We have setup haproxy and its working fine. We enable ssl as well. We actually have a .pem file with a combination of .crt and .key. Now we want to secure the key so that no one can view it. Please...
View ArticleUbuntu with two gateways 20.04
Hello I am building HAProxy on a vm running Ubuntu 20.04. I want to have use two nics, on two separate subnets so I can have a management IP address that is not on the same network as my frontend...
View ArticleClik here to view.
How do I force-change the backend's cert?
I’ve long struggled getting HAProxy to offload the certificate of a server; ADFS. HAProxy makes an encrypted connection of its own to ADFS, then it’s supposed to switch the certificate with something...
View ArticleClik here to view.
Haproxy + keepalived + ldap
hi, I am configuring with this scenario from the title and found the post below. Good setup for LDAP backend Help! Hi, I am looking for a a proper configuration for a LDAP backend, so far I have:...
View ArticleSecure ADFS (disallow anything other than redirect)
Hello, We use ADFS within our organisation, and it is available via HTTP externally. All of the applications we protect with ADFS are SP-initiated, so I want to disallow requests to ADFS other than...
View ArticleUrgent help! Need to disable HAProxy on pfSense via shell
I misconfigured the HAProxy and when I log in to pfSense I get “503 Service Unavailable”. How can I disable HAProxy from the shell? I’m on 2.6.0 Thank you 1 post - 1 participant Read full topic
View ArticleGetting 502 errors randomly from HAproxy with SH code
I am randomly getting HAProxy 502 errors when I send request to my backend via haproxy.I have put retry on 502.But still I get 502 errors. I have installed HAProxy on a Ubuntu 18.04 system with 4...
View ArticleHAProxy myltiplex
Hello Guys, help me please. I’m new and have little experience. There is a task, a permanent TCP connection to the LDAP server. There are several options. Nginx, HAProxy, ssh multiplexing. I settled...
View ArticleSSL renewal with HAProxy
Hi all, I inherited infrastructure with HAProxy and my domain cert is due for renewal. Certbot renew is failing so I did some digging and realized HAProxy SSL slightly different. Below is message I’m...
View ArticleHAProxy Health Check Monitoring
Hi All, I know HAProxy monitors the health of backend servers periodically. Is there any way to check HAProxy server itself is UP or DOWN? 1 post - 1 participant Read full topic
View ArticleHow to synchronize backend state?
Hello, I’ve setup a haproxy active-passive cluster using ucarp. Now my question is: how would I synchronize backend state? I.e. when I set the backend state to “drain” on one of the nodes I would like...
View ArticleCORS configuration HELP!
HI!! We are trying to use standard implementation of CORS ( cross origin shared resources ) with HAProxy 2.2: HAProxy version 2.7.2-7e295dd 2023/01/20 Built with Lua version : Lua 5.4.4 After...
View ArticleBotnet password attacks against smtp authentication
Hi I am using HAProxy in tcp-mode in front of several smtp mail servers that require authentication. The smtp traffic is TLS port encrypted between the client and the mail servers, so HAProxy will...
View ArticleClik here to view.
2 HAProxy chain and TCP Health check
Our current infrastructure requires 2 reverse proxies to reach several backends. Obviously we are using HAProxy for that +------------+ +------------+ +------------+ +------------+ | | | | | | | | |...
View Article