Domains are not delivered by ispc3 behind haproxy

Discussion in 'Installation/Configuration' started by zenny, Jun 22, 2019.

  1. zenny

    zenny Member


    Topology first:
    Internet --> router with DNATs (port 80 and port 443) --> Haproxy server --> Ispconfig servers

    However, when I try to reach the domains created by ISPconfig3 panel, the domains reaches the right server, but with nginx server running in the ispconfig3 machine spitting 503 error (with or without https redirection) instead of the domain placeholder (/var/www/

    Haproxy config works well with acls similar to Haproxy server stats shows all the ispconfig backends are running OK.

    However when I DNAT directly to the ispconfig server(s), the domains works alright, fyi.

    Any inputs as it appears like it has more to do with how ISPconfig3 configured!?

    Thanks and cheers,
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPconfig uses a standard namebased vhost, so I doubt that your problem is related to ISPConfig, especially as you mentioned that the vhosts work fine when you access them directly. Which messages do you get in the website access or error log files when you access a site trough haproxy?
  3. zenny

    zenny Member

    @till Thanks for prompt reply.

    I am just getting 503 reply when run inside the instance that is running hapoxy:

    Whereas when I do the same against the ispconfig instance at the backend from haproxy machine , I got a valid reply:
    I tried to append the domain names in the /etc/hosts file in the machine running haproxy for local DNS resolution. Ping works, but curl gives the same results as above.

    There is no specific error messages in the log files of the specific domains, as far as I tried to figure out in /var/www/, fyi.
    Last edited: Jun 22, 2019
  4. zenny

    zenny Member

    An update:

    After appending the domain with www prefix in the haproxy http frontend directive,
    acl host_bletus hdr(host) -i -i
    curl could successfully fetch the ispconfig pageholder (the entry to /etc/hosts in the haproxy instance has also been removed to test):
    However, https is failing because is pulling haproxy server's certificates than the relevant domains. Even matching certs outputs 503 error while access via https as of below:

    Any inputs appreciated. Thanks!
    Last edited: Jun 22, 2019

Share This Page