Hello, Using HAProxy version 2.6.6-1ppa1~focal I am stuck with a solution
What is working: Haproxy as load balancer for HTTP and HTTPS with NGINX as reversed proxy with certbot certificates, it really make my websites loading much faster What want as extra is, via the Virtual IP address created by Keepalived, passing the port 5222 and 5223 for the XMPP protocol direct to the connected servers to let XMPP clients connect. Now a telnet session to port 5222 or 5223 to the virtual adres does not give any response. Doing the same direct to the IP addresses from te connected servers I get a accepted Firewall rules are checked and working fine Because port 5222 is already take by a other application Jicofo it is not possble to bind 5222 What can I do to get things working? With friendly regards Ronald My NGINX config is: server { listen 81; listen [::]:81; server_name chat.myserver.com; return 301 https://$host$request_uri; } server { listen 5222 proxy_protocol default_server; listen [::]:5222 proxy_protocol default_server ipv6only=off; server_name jitsi.myserver.com; set_real_ip_from 192.168.10.13; real_ip_header proxy_protocol; } server { listen 5223 proxy_protocol default_server; listen [::]:5223 proxy_protocol default_server ipv6only=off; server_name jitsi.myserver.com; set_real_ip_from 192.168.10.13; real_ip_header proxy_protocol; } server { listen 443 ssl; listen [::]:443 ssl; server_name chat.myserver.com; # For the federation port listen 8448 ssl http2 default_server; listen [::]:8448 ssl http2 default_server; ssl_certificate /etc/letsencrypt/live/chat.myserver.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/chat.myserver.com/privkey.pem; # managed by Certbot ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # donĀ“t use SSLv3 ref: POODLE root /var/www/html/element; index index.html; location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://localhost:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'none'"; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } location / { try_files $uri $uri/ =404; } } My HAProxy.conf: global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS A-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20- POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA -AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_ SHA256 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets defaults log global mode tcp option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend www bind 192.168.10.11:80 default_backend web_servers backend web_servers balance roundrobin server web-mas 192.168.10.13:81 server web-sla 192.168.10.14:81 frontend clients listen 192.168.10.11:5222 #External IP default_backend xmpp_cluster backend xmpp_cluster balance leastconn option independent-streams server xmpp1 192.168.10.13:5222 send-proxy-v2 server xmpp2 192.168.10.14:5222 send-proxy-v2