I've just dived into haproxy, and my goal is to setup an ssl terminated loadbalancer with one frontend ubuntu, and (for now) one backend lamp (ubuntu). Both the frontend and backend machines are 18.04 ubuntu's on my virtualbox. I am on Windows 10, incase that matters
I've gone through tons of docs and answers for the last few days, but I still can't fix this.
These 2 work fine :
- The backend server serves the site without problems if I access it via http from a browser ( http://mysite.testing )
- The backend server serves the site without problems if I access the site directly via the ip address of the backend server (http://192.168.56.108)
Note : There is no ssl cert on the backend server. But I have setup a mkcert on the haproxy machine, which works fine - green lock n all
What doesnot work / The issue :
When I access the https site via haproxy ( https://mysite.testing ) the page shows me a 503 Service Unavailable - No server is available to handle this request
My setup :
I've added this line to my hosts file, which is how I access mysite.testing :
192.168.56.105 mysite.testing My haProxy.cfg file :
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 tune.ssl.default-dh-param 2048 defaults log global mode http option forwardfor option http-server-close option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend FrontEnd_Http bind *:80 reqadd X-Forwarded-Proto:\ http default_backend My_Web_Servers frontend FrontEnd_Https bind 192.168.56.105:443 ssl crt /etc/haproxy/ssl/mysite.testing.pem mode http #reqadd X-Forwarded-Proto:\ https default_backend My_Web_Servers backend My_Web_Servers mode http balance roundrobin server tad108 192.168.56.108 listen stats bind :32700 stats enable stats uri / stats auth admin:admin My apache2 conf file ( /etc/apache2/sites-enabled ) :
<VirtualHost *:80> ServerName mysite.testing ServerAlias www.mysite.testing ServerAdmin webmaster@localhost DocumentRoot /var/www/html/mysite.testing/public_html ErrorLog /var/www/html/mysite.testing/logs/error.log CustomLog /var/www/html/mysite.testing/logs/access.log combined <Directory /> Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost> Questions :
- What might be causing the 503 ?
- Is this a problem with the backend apache2 server or with my frontend haproxy.cfg ?
- How do I fix this, so as to get the site working with https://mysite.testing without 503?
Many thanks for reading :)
server tad108 192.168.56.108is not what you want, because it assumes you want to use the front-end port on the back-end, which you don't. Tryserver tad108 192.168.56.108:80.