Haproxy configuration

mahescho2342 · April 23, 2020, 8:56pm

Hi,

I try to setup haproxy without success. I can’t find a complete (!) haproxy config example for Jitsi any where. My config generated by OpnSense looks like this:

frontend JitsiMeetSSL
    bind 1.2.3.4:443 name 1.2.3.4:443 ssl  crt-list /path/to/cert
    mode http
    option http-keep-alive
    option forwardfor
    timeout client 30s
    option httplog
    reqadd X-Forwarded-Proto:\ https
    default_backend JistMeetSSL

backend JistMeetSSL
    mode http
    balance source
    stick-table type ip size 50k expire 30m  
    stick on src
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server JitsiMeetSSL 172.27.19.10:443 ssl verify none

When I try to connect in the NginX logs of the Jitsi server I see:

2020/04/23 22:35:48 [error] 5749#5749: *3258 connect()
failed (111: Connection refused) while connecting to upstream,
client: 172.27.19.254, server: 0.0.0.0:443, upstream: "127.0.0.1:4445",
bytes from/to client:0/0, bytes from/to upstream:0/0

And on the Client I get the message:

503 Service Unavailable
No server is available to handle this request.

When I directly connect to the Jitsi server everything works as expected.

I’ve no clue what is going wrong. Can some one please help?

EDIT: By enabling logging of “stream” in NginX I found out what the problem is but I still have no solution. In error.log a normal request looks like this:

2020/04/24 09:30:28 [debug] 1179#1179: *33 stream map started
2020/04/24 09:30:28 [debug] 1179#1179: *33 stream script var: "h2,http/1.1"
2020/04/24 09:30:28 [debug] 1179#1179: *33 stream map: "h2,http/1.1" "web"
2020/04/24 09:30:28 [debug] 1179#1179: *33 stream script var: "web"

and when it comes in vi haproxy it looks like this:

2020/04/24 09:27:08 [debug] 1179#1179: *17 stream map started
2020/04/24 09:27:08 [debug] 1179#1179: *17 stream script var: ""
2020/04/24 09:27:08 [debug] 1179#1179: *17 stream map: "" "turn"
2020/04/24 09:27:08 [debug] 1179#1179: *17 stream script var: "turn"

While writing this and looking for “h2,http/1.1” in conjunction with haproxy I found the solution. “alpn h2,http/1.1” has to be added to “server” and “bind”. The config has to look like this:

frontend JitsiMeetSSL
    bind 1.2.3.4:443 name 1.2.3.4:443 ssl alpn h2,http/1.1 crt-list /path/to/cert
    mode http
    option http-keep-alive
    option forwardfor
    timeout client 30s
    option httplog
    reqadd X-Forwarded-Proto:\ https
    default_backend JistMeetSSL

backend JistMeetSSL
    mode http
    balance source
    stick-table type ip size 50k expire 30m  
    stick on src
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server JitsiMeetSSL 172.27.19.10:443 ssl verify none alpn h2,http/1.1

Joel_Amoako · May 5, 2020, 8:57pm

have you been able to solve it?

mahescho2342 · May 7, 2020, 7:02am

Yes, as written in the edit of my post. I had to add “alpn h2,http/1.1” in frontend and backend.

My haproxy is running on debian and due to this I had an other problem and a fix. See:

alex-caio · November 23, 2020, 8:18pm

Hello Guys,

I need help to configure Jigasi with haproxy.

danwize · February 6, 2021, 12:27am

For your front end section what is this 1.2.3.4 name 1.2.3.4 bit? Is that 1.2.3.4 supposed to be replaced with something meaningful?

mahescho2342 · February 6, 2021, 8:15am

bind PUBLIC-IP-HERE:443 name my.jitsi-domain.com:443 ssl alpn h2,http/1.1 crt-list /path/to/cert