Truenas Scale truechart apps wont work with haproxy

Software & Web Applications
1

Hi all!

Jumped over from core to scale, wasnt smooth sailing but i managed to get everything up and running again. Every app is reachable via :, but for some reason haproxy (running on custom pfsense router doing the ssl termination) always returns an error that no server is available to handle this request even though the app is reachable. Tried the host network option but that defaults to the “main” interface (where the TN webui is reachable) instead of the dedicated app network, which aint good…

Does anyone have a clue whats going on? :confused:

2

In the back end settings for HAProxy turn off health checks.

3

It was turned off from the getgo. Did a full network reset on scale and re-did everything from scratch. Now everything works (“funny” because i set ti up exactly the same way as i did it the 1st time) except gitea (truecharts). Seems like there is a disagreement in tls version:
haproxy:

Transport Layer Security
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 206
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 202
            Version: TLS 1.2 (0x0303)
            Random:
            Session ID Length: 32
            Session ID: 
            Cipher Suites Length: 8
            Cipher Suites (4 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 121
            Extension: ec_point_formats (len=4)
            Extension: supported_groups (len=12)
            Extension: encrypt_then_mac (len=0)
            Extension: extended_master_secret (len=0)
            Extension: signature_algorithms (len=30)
            Extension: supported_versions (len=3)
            Extension: psk_key_exchange_modes (len=2)
            Extension: key_share (len=38)
            [JA3 Fullstring: --]
            [JA3: -- ]

gitea:

Transport Layer Security
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Protocol Version (70)

Im totally at a loss as to why this happens… Add “SSL_MIN_VERSION = TLSv1.2” to the server section of app.ini but no effect…

4

HAProxy>Settings> Global Advanced pass thru

ssl-default-server-options no-tls-tickets ssl-min-ver TLSv1.0

Find it quite odd that the truecharts gitea only supports tls 1.0…