HA Proxy 503 Error with a Twist

Daz22 · March 11, 2024, 5:35pm

Hello All! I have some HA proxy issues. I have used Tom’s HA Proxy 2023 video and have my pfsense up and running using HA proxy via home(dot)hunting1sand0s(dot)com on the 155.1.100.0/24 network (Production). I wanted to add a few new items so I can get rid of the SSL errors. The first FQDN is globalunifi(dot)hunting1sand0s(dot)com on the (MGMT) network 172.16.100.0/24 and node(dot)hunting1sand0s(dot)com one for (MGMT) 172.16.100.0/24 and (Production) 155.1.100.0/24 network. My pfsense setup works great to access the firewall but the other two give me 503 errors. What did I miss? TIA for the assist!

Screenshot 2024-03-11 at 13.28.12

xMAXIMUSx · March 11, 2024, 6:21pm

This can only mean 2 things.

Your backend isn’t pointed to the proper IP and port.
Your nodes application has security enabled to where you have to allow proxy

Daz22 · March 11, 2024, 7:07pm

Here is a screenshot of my backend. I have it setup the same way for my firewall.

Here is my firewall setup as well.

I know its something so dumb I’m missing LOL!

xMAXIMUSx · March 11, 2024, 7:23pm

Error 503 means that HAproxy cannot reach the IP and/or port. Or cannot connect to the webserver running on said IP and port.

Are you 100% sure you have the right IP and port and the web service is running?

Daz22 · March 11, 2024, 7:38pm

Yeah, I believe I have them both correct. I also want to mention that I have the entries in the DNS resolver as well.

dkggpeters · March 12, 2024, 5:51pm

What about the front end? Is your backend propery mapped to it.

Daz22 · March 12, 2024, 7:31pm

Yes, I’m mapping that backend to the front end.

Note: My wildcard cert is working using the same configuration in HA proxy.

dkggpeters · March 12, 2024, 8:03pm

When you ping the FQDN of these devices what IP Addresses do you get? Sounds like a dns issue. I had one when I setup Nextcloud and Colabora that I had to work through.

Daz22 · March 12, 2024, 8:18pm

I believe I’m getting the right response. The DNS should handle the request and redirect it to the correct address 172.16.100.216/24.

Here is my DNS resolver info in pf

dkggpeters · March 12, 2024, 8:28pm

What is haproxy bound to on the front end? I believe it is 155.

I believe you are not even going through haproxy. If you shutdown haproxy and try using the FQDN I am expecting you will still get a 503 error. If not it is something else.

Daz22 · March 12, 2024, 8:45pm

Turned of HA proxy and got this.

I know HA proxy is working because my pfsense firewall responds correctly and provides a valid cert.

dkggpeters · March 13, 2024, 5:30pm

Try setting up a frontend to tied to 172.16.100.1 and remove the entries to 155 network. Or leave haproxy as is and point the host override to 155.1.100.1. I am assuming you are trying to access internally.

Daz22 · March 15, 2024, 9:40am

@dkggpeters

Same results!