Recently I got my Multicraft hosting site, my website, and my blog up and running. For Multicraft I used a Turnkey Linux LAMP template and for the others I used the Turnkey Linux Nginx & Mysql template and installed WordPress on top of it. On my pfSense router I’m using HAProxy and Acme to handle routing of port 443 to the correct VMs for each of these. Once I had HAProxy setup I could access Multicraft running on Apache but ended up getting the service unavailable status code (error 503) for the sites running on Nginx. Turns out the problem was the HAProxy Health Check Method.
For context I’ll briefly discuss what HAProxy does and how it is setup. HAProxy is a load balancer and, in my use case, a reverse proxy. HAProxy is running on my pfSense router and intercepts all HTTPS traffic coming in to my IP address. It does this with what it calls a “frontend” that defines what traffic it should handle (in this case it grabs traffic on port 443 for HTTPS). It then checks what subdomain that the traffic was intended for and compares it to a set of “backends” that define what server in my network the traffic should go to.
HAProxy Health Check
To make sure that it can handle traffic to the backend servers HAProxy regularly checks if the servers are awake. The name it uses for this is a “Health Check”. The health check works by sending a request to the server and making sure that it responds appropriately.
So What Went Wrong?
The default setup for the health check for an HTTP server is for HAProxy to send an HTTP Options request. I setup the Multicraft server running on an Apache server first and, when I’d routed traffic to it with HAProxy, it worked great.
When I setup HAProxy for the WordPress sites running on Nginx I made the HAProxy settings match what I’d used for Multicraft. I found, however that traffic was not making it through to my server. After some searching about I found a lot of questions on Stack Overflow and Server Fault indicating that HAProxy wasn’t handling the Options method from the health check correctly. I took a look back at the backend page to see if there are options there than the Options method for doing a health check (pun intended!) and saw this:
Given that I knew that Nginx would HAVE to respond to the GET method to act appropriately as a web server I chose that option. Lo and behold it worked!
I hope that this helps you with getting HAProxy setup for yourself if you’re running Nginx as a web server. I know that I’m definitely not an expert at administering servers (yet!) and am still in the process of learning. If you have a good explanation of why Nginx doesn’t respond to the OPTIONS method when coming from HAProxy I’d love to hear it.
For more homelab content, check out this post about PfSense and VLANs!