FrontEnd HTTPS And TCP over TLS

@mho wrote:

Hello everybody,
i would like to do a frontend HTTPS and frontend TCP over TLS:
i don’t know where i do a mistake, could you help me?
I explain i have one frontend “fe_vip_443_tcp” for analyse TLS request HTTPS or TCP over TLS if HTTPS then i send to backend redirect_for_https (@abns) to redirect to frontend “fe_vip_https”(@abns) that allow to send to http backend.
Like that i will have frontend HTTPS and frontend TCP over TLS
(HA-Proxy version 1.8.3)
My errors in this order:
fe_vip_https/1: SSL handshake failure
fe_vip_443_tcp~ redirect_for_https/loopback-for-tls 191/0/191 0 SD 4/4/0/0/0 0/0

My config file without global and default section
##################################

frontend fe_vip_443_tcp
description Front-End 443
bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem alpn h2,http/1.1#crt-ignore-err all ca-ignore-err all
mode tcp
option tcplog
maxconn 1000
############SNI############
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

tcp-request content accept if HTTP
###########################to HTTP###############################################
use_backend redirect_for_https if HTTP
###################################################
####################To TCP#########################

default_backend	bk_null

frontend fe_vip_https
mode http
bind abns@haproxy-tls-term accept-proxy ssl crt /etc/haproxy/certs/haproxy.pem alpn h2,http/1.1 option forwardfor
##########log HTTP ###########
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%sslv/%sslc/%[ssl_fc_sni]/%[ssl_fc_session_id]}\ “Request\ %[capture.req.method]\ %[capture.req.hdr(0)]%[capture.req.uri]\ HTTP/1.1”\ #“Server\ %[capture.res.hdr(1)]”
#########################
#acl acl_mail ssl_fc_sni mail.labaog.mydom.com
acl acl_mail req.hdr(host) -i mail.labaog.mydom.com
use_backend bk_mail if acl_mail
default_backend bk_null

backend redirect_for_https
mode tcp
option http-server-close
server loopback-for-tls abns@haproxy-tls-term send-proxy-v2

backend bk_mail
description MailOwa
balance leastconn
mode http
log global
option httpchk GET /owa/healthcheck.htm
http-check expect status 200
server mail1 192.168.166.230:443 weight 1 maxconn 100 check ssl verify none sni ssl_fc_sni

backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321

backend bk_null
description NULLSRV
timeout connect 1ms
server null 200.200.200.200

Posts: 1

Participants: 1

Read full topic