Hi everybody,
I got an issue with HAProxy with SSL/TLS termination.
When I do a HTTPS request, I got the following error :
Oct 16 10:39:28 localhost haproxy[724]: xxx.xxx.xxx.xxx:62597 [16/Oct/2020:16 10:39:28.658] w-https~ w-backend/<NOSRV> -1/-1/-1/-1/0 400 188 - - PR-- 2/2/0/0/3 0/0 "GET / HTTP/1.1"
HAProxy blocks the request (PR), but I don’t why .
Can you help me ?
This is my haproxy.cfg :
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 4096
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http_proxy
timeout connect 5000
timeout client 50000
timeout server 5000
frontend w-http
bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend w-backend
# le request
acl le-acl path_beg /.well-known/acme-challenge/
use_backend le-backend if letsencrypt-acl
frontend w-https
bind *:8000-9000 ssl crt /etc/haproxy/certs/www.example.com.pem
bind *:443 ssl crt /etc/haproxy/certs/www.example.com.pem
reqadd X-Forwarded-Proto:\ https
default_backend w-backend
backend w-backend
mode http
http-request set-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ https
option http-server-close
balance roundrobin
redirect scheme https if !{ ssl_fc }
server w1 aaa.aaa.aaa.aaa check port 80
server w2 bbb.bbb.bbb.bbb check port 80
backend le-backend
server le 127.0.0.1:543212 posts - 2 participants