---
tags:
- upnote-import
---
# Home-Assistent über HAProxy
## FAQs
### Seite zeigt Fehler Invalid method encountered
```
haproxy Invalid method encountered: b'' ^
```
Grund war, dass die bind-option „accept-proxy“ und ein Proxy-Protocol zugewiesen waren. Der HA ist aber dafür gemacht, hinter einem Proxy zu lafen. In dem Fall muss beides entfernt werden.
### Google AI Analyse
The error "Received something which does not look like a PROXY protocol header" in [OPNsense](https://www.google.com/search?q=OPNsense&newwindow=1&sca_esv=69afb27cda6b1637&sxsrf=AE3TifNGCTUN_X9hUalFtKqVKJ9xTQtN-A%3A1760112723749&ei=UzDpaKqwLciE9u8PyY3QkQw&ved=2ahUKEwit9YfiiJqQAxVIh_0HHSUIPdwQgK4QegQIARAB&uact=5&oq=opnsense+Received+something+which+does+not+look+like+a+PROXY+protocol+header&gs_lp=Egxnd3Mtd2l6LXNlcnAiTG9wbnNlbnNlIFJlY2VpdmVkIHNvbWV0aGluZyB3aGljaCBkb2VzIG5vdCBsb29rIGxpa2UgYSBQUk9YWSBwcm90b2NvbCBoZWFkZXJIjhhQAFibF3AAeAGQAQCYAaMBoAHuCKoBAzEuOLgBA8gBAPgBAZgCAaACfMICBhAAGAcYHpgDAJIHAzAuMaAHuRCyBwMwLjG4B3zCBwMwLjHIBwE&sclient=gws-wiz-serp&mstk=AUtExfAj2bFRYreBlPXhaXdkbD_Z26rDtwz-nmb-hYGj9CEoaSACui3YP6f78Egef9J1ucLy4x6mmPTa9XrDpoWrbG_x4QMgYSScPEz9sacNQ2cpPBrwu8bFdNeXaCPPcLPescVBkp0wuzOtU-YbupXon2r51dCLNa10FiWSss8dcFjvxOU&csui=3), likely when using HAProxy, means that a client connected to the proxy but sent data that doesn't conform to the PROXY protocol format. To fix this, you should check your HAProxy configuration to ensure the `accept-proxy` argument is present on the `bind` line of your frontend, or if you are sending the header, verify that the backend is configured correctly to receive it.
**Understanding the Error**
- **What is PROXY Protocol?** It's a standard text-based or binary-based protocol that proxies use to pass connection information (like the client's IP address) to the next proxy or the backend server.
- **What it Means:** The error indicates that OPNsense's HAProxy expected to see a PROXY protocol header from the client, but the client sent something else (likely just regular HTTP or another protocol) instead.
**How to Fix It**
1. **Check Your HAProxy Frontend Configuration:**
- Navigate to `Services` > `HAProxy` > `Settings`.
- Edit the frontend section that is receiving the connection.
- Ensure that the `accept-proxy` argument is added to the `bind` line for that frontend. This allows HAProxy to recognize both version 1 (text) and version 2 (binary) PROXY protocol headers.
2. **Verify Backend Configuration:**
- If your setup involves multiple HAProxy instances or a different type of backend server, check the configuration on that backend as well.
- If the backend is not expecting the PROXY protocol, it might not understand the data it's receiving, leading to errors.
3. **Consider the Client's Request:**
- Is the client _supposed_ to be sending a PROXY protocol header? If the client is just a regular HTTP client, it won't send this header, and the `accept-proxy` directive is what's needed on the HAProxy frontend to _receive_ it.
- If your client application _is_ designed to send the PROXY protocol, then the error means its implementation is sending the header in an unexpected format.
**Example HAProxy Configuration Snippet (for reference):**
```
frontend my_frontend
bind *:80 accept-proxy # This is the key line
# Other frontend settings
```
- `bind *:80` : This tells HAProxy to listen on port 80.
- `accept-proxy`: This tells HAProxy to accept and process the PROXY protocol from the client.
#### Lösung:
attribut „accept-proxy“ wieder entfernt und Proxy Protocol auf „none“ geändert.
Im Frontend:

Im Backend:

##
## weitere Einstellungen:
### DNS-Override

##
### FW-Regel

## Files
running config file:
```
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 1
hard-stop-after 60s
no strict-limits
httpclient.resolvers.prefer ipv4
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 100
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
default-server maxconn 100
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend (DISABLED): 0_SNI_frontend (Listening on 0.0.0.0:80, 0.0.0.0:443)
# Frontend (DISABLED): 1_HTTP_frontend (Listening on 127.4.4.3:80)
# Frontend (DISABLED): 1_HTTPS_frontend (Listening on 127.4.4.3:443)
# Frontend: kbha_frontend ()
frontend kbha_frontend
http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
bind 0.0.0.0:443 name 0.0.0.0:443 ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68e90ee37e8f60.01330497.certlist
bind 0.0.0.0:80 name 0.0.0.0:80 ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68e90ee37e8f60.01330497.certlist
bind 192.168.178.106:443 name 192.168.178.106:443 ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68e90ee37e8f60.01330497.certlist
bind 192.168.178.106:80 name 192.168.178.106:80 ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68e90ee37e8f60.01330497.certlist
mode http
option http-keep-alive
default_backend kbha_backend
option forwardfor
# logging options
# ACL: kbha
acl acl_68e90f4b9c2340.62230672 hdr(host) -i kbha.straso.com
# ACTION: kbha
use_backend kbha_backend if acl_68e90f4b9c2340.62230672
# Backend (DISABLED): portainer_backend ()
# Backend: kbha_backend (Backend for HomeAssistant)
backend kbha_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server kbha_server 192.168.178.4:8123
# statistics are DISABLED
```
##
##
##
## Links
### gutes Tutorial:
[Setup OPNsense with HAProxy and Let's Encrypt | Marcus Holtz](https://blog.holtzweb.com/posts/opnsense-with-haproxy-and-lets-encrypt/)
passend zum Thread im Forum [Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating](https://forum.opnsense.org/index.php?topic=23339.0)
### noch ein Tutorial, DE mit Zusatztipps
[HAProxy auf OPNsense - Schritt für Schritt - blog.admin-intelligence.de](https://blog.admin-intelligence.de/haproxy-auf-opnsense-schritt-fuer-schritt/)