Proxy Protocol - PR_END_OF_FILE

Debian 11
haproxy 2.2.9-2+deb11u3

I have a basic haproxy.cfg working as expected and it’s forwarding ssl to the backend

The apache backend sees the proxy IP not the original client’s IP so I change the final line to

server test 10.0.0.119:443 send-proxy

After this change I no longer have access to the apache backend, there’s nothing in the apache access.log

haproxy.log gives

Nov 19 09:35:15 ip-10-0-0-131 haproxy[8149]: client.ip.add:34224 [19/Nov/2022:09:35:15.198] ssl_relay apache_webservers/test 2/2/+3 +0 -- 1/1/1/1/0 0/0
Nov 19 09:35:15 ip-10-0-0-131 haproxy[8149]: client.ip.add:34224 [19/Nov/2022:09:35:15.198] ssl_relay apache_webservers/test 2/2/+3 +0 -- 1/1/1/1/0 0/0

The browser shows me Error code: PR_END_OF_FILE_ERROR

haproxy.cfg:

global
        log /dev/log    local0 debug
        log /dev/log    local1 debug #notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA>
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    tcp
        option logasap
        option tcplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend ssl_relay
        bind *:443
        mode tcp
        option tcplog
        default_backend apache_webservers

        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }

backend apache_webservers
        mode tcp
        server test 10.0.0.119:443

Any idea what I’m missing?

Thanks

1 post - 1 participant

Read full topic

Proxy Protocol - PR_END_OF_FILE_ERROR

Trending Articles

RAMAYAMPET Mandal Sarpanch | Upa-Sarpanch | Ward member Mobile Numbers Medak...

लड़कियां सेक्स के दौरान क्यों करती है उह! आह!लड़कियां सेक्स के दौरान क्यों करती...

Neem Baba Extra Questions Answer Class 6 English Poorvi

Throw Back: 4×4 — Sikilitele (Ft Castro) Prod by JQ

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Lowe faces four theft charges

Practice Sheet of Right form of verbs for HSC Students

Mafia, Murder & Mayhem In The Motor City: Detroit Mob Hit Timeline (1937-2007)

The 10 Tennessee Cities With The Largest Black Population For 2021

Materials Around Us Class 6 Worksheet Science Chapter 6

デスクトップヒープの枯渇

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

Kanulanu Thaake Lyrics and translation | Manam (2014)

Korean Sex Porn Videos: XXX Videos & Free Porn Movies

Teen Shot In Miami Drive-By Dies From Injuries

Download: IQ Muzatasha feat Shy D & Pmj – Ulesi NiFertilizer Yamavuto

Mahakal Attitude Status

Property developer set up cannabis factory to help pay off debts...

♡

KB: How to troubleshoot issues when adding a Hyper-V host in System Center...