burrsg101 3 Posted 4 hours ago Posted 4 hours ago Hello all, I'm hoping someone with experience with HaProxy can maybe help figure out what I'm missing. I have been running Emby with direct port forwarding fine for some time, but I decided I would like to put it behind a reverse proxy for a few different reasons. I am running HaProxy in Pfsense to achieve this. I cannot however get it to complete the connection. My setup is as follows: SSL offloading in HaProxy frontend Backend runs to my Linux box IP that has Emby on the normal http port 8096 I have a cert dedicated to my domain (not wild card) that I run emby in. I've verified this is being pull correctly on the front end. My issue starts on the backend. The connection requests to Emby are being rejected. I have verified the requests are making it to the Linux box with Emby running on it using wireshark. See the capture here: This is where I get lost as I cannot figure out why these are getting rejected. These are my network settings in Emby server: Haproxy just shows a connection failure. If I try to run a health check in Haproxy, it too tell me there is a layer4 refusal and presumes the server to be down. The following is the message I get in the logs in HaProxy: Also I have an unrelated web server (standard Apache server) running in a different VM on the same VLAN as my emby server that has connection perfectly fine with HAproxy, and no issues. Any help is much appreciated.
Q-Droid 994 Posted 1 hour ago Posted 1 hour ago Your capture is showing port 443 as the destination on your Emby host when it should be 8096. Port 443 should be the public endpoint, not the internal one. Internet <--> :443 (haproxy) <--> :8096 (emby)
burrsg101 3 Posted 1 hour ago Author Posted 1 hour ago Thats actually part of my confusion. The backend in HaProxy for emby is set to port 8096, and I noticed too that it was only reaching out on 443. Same scenario actually on the other web server I have. Its set to port 80 on its backend, but the capture I ran on that vm showed 443 reaching out as well.
Q-Droid 994 Posted 1 hour ago Posted 1 hour ago I don't know haproxy. Are you explicitly setting the backend ports like in the example? backend web_servers mode http balance roundrobin server s1 192.168.1.25:80 check server s2 192.168.1.26:80 check server s3 192.168.1.27:80 check
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now