@Stealthbird97 wrote:
Hi there.
I’m almost at the end of my tether here. I have no idea why this doesn’t work.
All I am trying to do is SSL passthrough which should be simple enough (or so I thought) but 99% of the time I am getting some unknown SSL errorroot@kuroko:~# curl -k https://corihaws.co.uk curl: (35) Unknown SSL protocol error in connection to corihaws.co.uk:443I note this error does not occur if I set the default backend - so the issue must be with the rule but I’m clearly not understanding it.
Here is my config
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults log global mode http #option httplog option dontlognull timeout connect 50000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http # Frontend: fe-http () frontend fe-http bind *:80 stats uri /haproxy?stats mode http option http-keep-alive # tuning options # logging options # ACL: corihaws acl acl_corihaws hdr_end(host) -i corihaws.co.uk # ACTION: misaka00002-http use_backend be-misaka00002-http if acl_corihaws # Frontend: fe-https () frontend fe-https bind *:443 mode tcp # tuning options # logging options option tcplog # ACL: corihaws-ssl acl acl_corihaws-ssl req.ssl_sni -m end -i corihaws.co.uk # ACTION: misaka00002-https use_backend be-misaka00002-https if acl_corihaws-ssl # default_backend be-misaka00002-https # Backend: be-misaka00002-http () backend be-misaka00002-http mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options http-reuse never server misaka00002-http 10.0.1.102:80 # Backend: be-misaka00002-https () backend be-misaka00002-https mode tcp balance source # stickiness #stick-table type ip size 50k expire 30m #stick on src # tuning options server misaka00002-https 10.0.1.102:443Any help would be much appreciated.
Kind Regards
Cori
Posts: 1
Participants: 1