HA-Proxy errors in configuration file

apache2 varnish haproxy

Below is the configuration file for my haproxy in which i want to setup the varnish as backend & in frontend want to configure the Port-80 for http & for the port-443 for https

global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http

frontend www-http bind *:80

#redirect to HTTPS if ssl_fc is false / off.
redirect scheme https if !{ssl_fc}
default_backend varnish_backend

frontend www-https bind :443 ssl /etc/letsencrypt/live/r2m.pixelmechanics.de/cert.pem acl secure dst_port eq 443 http-response replace-header Set-Cookie (.) \1;\ Secure http-request set-header "SSL-OFFLOADED" "1" default_backend varnish_backend

backend varnish_backend http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } redirect scheme https if !{ ssl_fc } server r2m-web-prod 45.12.51.173:8080 check Can anyone help me in this that would be great my job is in danger mode.

now below error which i am getting that is this [ALERT] 070/121406 (151885) : parsing [/etc/haproxy/haproxy.cfg:39] : error detected in frontend 'www-http' while parsing redirect rule : error in condition: no such ACL : '{ssl_fc}'. [ALERT] 070/121406 (151885) : parsing [/etc/haproxy/haproxy.cfg:43] : 'bind *:443' unknown keyword '/etc/letsencrypt/live/r2m.pixelmechanics.de/cert.pem'. Registered keywords :


Solution 1:

  1. change {ssl_fc} to { ssl_fc } - those spaces are required
  2. you need crt keyword between ssl and cert path, e.g.
     bind *:443 ssl crt /path/to/cert

P.S. I edited your post to fix formatting for readability, but someone else still has approve it.

Related

Varnish - How can I set TTL in response header?
Microsoft SQL server backup : restoring data to one table
Kernel IP forwarding not enabled for ethernet interface on boot
How do I access AWS instances created by other users in my organization?
Is delegated DNS server authoritative server?
How to block DNS over HTTPS using IPtables
How to add a range of IPs in Debian 10?
Windows firewall, netsh, block all ips from a text file
App Engine Restarts
Same NFS share on different clients with different local users
How to find someone's personal best? (fastest time in a race?)
How do kill accolades work?