403 forbidden errors.

From: Don MacArthur <daddmac#hotmail.com>
Date: Fri, 18 Mar 2011 18:54:09 -0600


I'm new to haproxy, but have a fair amount of experience with Linux, Windows, networking, and some coding (though it's been awhile since I've done much coding). I have limited web server admin experience (IIS).  Haproxy is a great product and I'm using it to escape the clutches of the MS server NLB service.

i'm setting up an haproxy 1.4 to handle traffic to a couple of web servers, each with 3 web sites, that will handle https and net.tcp traffic. I setup a test config on my workstation (2 web server vm, and one haproxy vm) and ran tests against it for a week. It rocked!

In prod I created an haproxy vm and one web server vm. They are in the same broadcast domain, in fact they are on the same vm host. I'm running all tests from one computer on a different network.

When I address the browser URL directly to the web server address all works well. When i direct it through the proxy, on two sites I receive a message that it can't connect, and on the third I get the prompt for the invalid cert (correct, I'm accessing via the IP address) and then a 403 forbidden message. The proxy server can ping the web server and the web server can ping the proxy server. I experienced none of this in my test environment and am wondering if I broke the config somehow, though I can find no differences other than the addresses.

Here's my cfg file, with ip addresses modified: global 

log 127.0.0.1 local0
log 127.0.0.1 local0 notice

# log 127.0.0.1 local0 info

maxconn 4096
#chroot /usr/share/haproxy

user haproxy
group haproxy
daemon
#debug
#quiet

defaults
log global
# mode tcp

option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000

listen port_443a
mode http
balance roundrobin
option httpchk HTTP/1.1
bind 10.100.5.15:443
stats uri /haproxy-stats
server web1 10.100.5.5:443

listen port_443b
mode tcp
balance leastconn
option httpchk HTTP/1.1
bind 10.100.5.16:443
stats uri /haproxy-stats
server web2 10.100.5.6:443

listen port_808
mode tcp
balance leastconn
option httpchk HTTP/1.1
bind 10.100.5.17:808
stats uri /haproxy-stats
server web3 10.100.5.7:808

If I left out anything you need to assist me please ask...

TIA for any guidance on how to identify my problem or resolve it. Received on 2011/03/19 01:54

This archive was generated by hypermail 2.2.0 : 2011/03/19 02:00 CET