Hey guys,
I have a setup with several backends, and where one backend is a third-party API provider which acts as a fallback in case our own servers go down.
Setting it up though, I’m running into issues with what appears to be establishing a TLS connection.
The error message is:
[WARNING] (281465) : Health check for server <fallback/provider> failed, reason: Layer6 invalid response, info: "SSL handshake failure", check duration: 24ms, status: 0/2 DOWN.
The following is my backend definition:
backend fallback
mode http
option httpchk
option log-health-checks
http-check connect ssl port 443
http-check send meth POST uri /api/fallback hdr Content-Type application/json hdr Host fallback.provider.com body "{json body}"
http-check expect status 200
server fallback.provider.com:443 ssl verify none check inter 3s fall 3 rise 2 agent-check agent-addr localhost agent-port 10082 agent-inter 5s agent-send Fallback/provider\n
http-request set-header Host fallback.provider.com
http-request set-header Path /api/fallback
I’m not really sure what the issue is. There is no custom certificate on my HAProxy server (would there need to be?) - everything is the same as standard:
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
I have tried using alternate providers. The issue doesn’t appear with every provider, only for certain ones. However, the one in which this issue appears is my preferred provider… So any help would be greatly appreciated!
Thanks
1 post - 1 participant