Haproxy thinks servers are down

brainbox1100 · November 3, 2023, 3:19pm

Hi,

I worked through the YouTube video and put my pfSense on its own custom domain and it works for pfsense.lab.xxxx.yyy. I also have a DMZ with proxmox and others. When I add my three proxmox nodes I see haproxy complain the servers are down. I can curl -kv https://10.0.3.200:8006 and reach a server from the firewall. Not sure why it thinks they are down? If it matters haproxy is on my LAN IP of 10.0.0.1 (I’m also on a the LAN subnet). Maybe I need some more fw rules? Pro tips appreciated.

When I access proxmox.lab.xxxx.yyy I get 503 so I think its getting the front end but just not accessing the back end.

Yes, my ACL names match

[WARNING] (34247) : config : Server proxmox_ipvANY/pve0 is DOWN, changed from server-state after a reload. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] (34247) : config : Server proxmox_ipvANY/pve1 is DOWN, changed from server-state after a reload. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] (34247) : config : Server proxmox_ipvANY/pve2 is DOWN, changed from server-state after a reload. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

brainbox1100 · November 3, 2023, 3:35pm

Ok, I noticed in “Status” I could force health checks to up. I did that and all is well. Ty.

tvcvt · November 3, 2023, 11:19pm

It sounds like you’ve found a work around, but I’ve found that certain backends respond differently to different health checks. If I remember right, the default backend check is set to HTTP, but when that doesn’t report successfully, I’ll often switch it to Basic and that will kick it in.

brainbox1100 · November 4, 2023, 1:15am

Yup, Proxmox didn’t like the “OPTIONS” http/s call for the health check. The real fix was to switch to “GET” and all the servers show a green.