0

I want to map an application called "page-designer" listening at http://206.189.22.155:5000 to the URL http://206.189.22.155/page-designer. Currently I have added the necessary configrations for the front end and backend in the main config file of haproxy.This config is valid but hitting the URL http://206.189.22.155/page-designer gives me a ERR_CONNECTION_REFUSED.

haproxy.cfg

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend fe_default
    bind 0.0.0.0:80
    mode http
    acl pagedesigner path_beg -i /page-designer

    use_backend bk_pagedesigner if pagedesigner

backend bk_pagedesigner
    server appserver1 1.2.3.4:5000
    mode http

Can someone point out what changes i have to make to this config file in order to succesfully map the running app to http://206.189.22.155/page-designer

Vignesh Swaminathan
  • 11
  • 4

1 Answers1

1

Simply put, you're not accepting HTTP connections.

You're only binding to :443 so for http:// (that is, :80), ERR_CONNECTION_REFUSED seems about right if you have no other web server on the host.

The weird part is you're actually expecting HTTP over :443 with that configuration, and hitting http://206.189.22.155:443/data-core confirms that (by the way, thanks for not redacting this ).

You need to add an ssl crt directive to your bind option to properly terminate TLS using HAProxy, or bind to :80 instead.

Ginnungagap
  • 2,595
  • 10
  • 13