Hello,
I have my nextcloud snap behind pfsense haproxy and it’s have communication with the server. But I get this error and have read and do everything and can’t figure out what is wrong.
Hello, is your communication between haproxy and nginx in plain http or in https ?
Hi,
communication is between in plain https protocol.
Here is my configuration:
# Automaticaly generated, dont edit manually.
# Generated on: 2020-05-05 12:55
global
maxconn 1000
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 1024
server-state-file /tmp/haproxy_server_state
frontend https_handler
bind xx.xx.xx.xx:443 name xx.xx.xx.xx:443 ssl crt-list /var/etc/haproxy/https_handler.crt_list
mode http
log global
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl OpenprojectServer var(txn.txnhost) -m str -i xxxx.xxx-xxx.dk
acl SkyCloud var(txn.txnhost) -m str -i xxx.xxx.dk
acl aclcrt_https_handler var(txn.txnhost) -m reg -i ^project\.xxx-xxx\.dk(:([0-9]){1,5})?$
acl aclcrt_https_handler var(txn.txnhost) -m reg -i ^cloud\.xxxx\.dk(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend OpenprojectServer_ipvANY if OpenprojectServer aclcrt_https_handler
use_backend SkyCloud_ipvANY if SkyCloud aclcrt_https_handler
frontend SkyCloud_http
bind xx.xx.xx.xx:80 name xx.xx.xx.xx:80
mode http
log global
option http-keep-alive
timeout client 30000
acl SkyCloud var(txn.txnhost) -m str -i xxx.xxx.dk
http-request set-var(txn.txnhost) hdr(host)
use_backend SkyCloud_ipvANY if SkyCloud
backend OpenprojectServer_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
server Openproject xx.xx.xx.xx:80 id 101
backend SkyCloud_ipvANY
mode http
id 102
log global
timeout connect 50000
timeout server 50000
retries 3
server skycloud_80 xx.xx.xx.xxx:80 id 103
server skycloud_443 xx.xx.xx.xxx:443 id 104 ssl verify none crt /var/etc/haproxy/server_clientcert_5eafb8fceca26.pemIs it working correctly when bypassing haproxy ?
Hello again,
I have found the issue that was making lost connection. In backend i set port 80 to run certificate and there was conflicting. When turn it off then it’s running as charm.
Thanks for your time.
I know this is from 3 years ago, but we’re seeing this same thing with the latest version of Nextcloud on CentOS Stream, with Apache and HAProxy. Can you share your updated HAProxy config, as I don’t understand exactly what you fixed? Thank you.
If I had to take a wild guess it was likely the final line in their config.
The way it was defined there would have been both http and https connections from haproxy to the backend(s) simultaneously which would have been quite unusual.
A common config is https on the front end and http (not https) for the backend. Even if https is desired for the backend interconnect, one would generally only use https rather than both there simultaneously.