@nick.t wrote:
Hello all.
I'm using HA-Proxy version 1.7.6 and trying to setup some sites with SSL on the IIS web-server behind the HAProxy. My config is belowfrontend https-frontend bind 192.168.30.133:443 ssl strict-sni crt /etc/haproxy/ssl/ mode http ... (set/modify some headers in request and response) use_backend app1 if { hdr_end(host) -i app1.example.com } backend app1 mode http balance roundrobin option httpchk HEAD / HTTP/1.1\r\nHost:app1.example.com http-check expect rstatus (2|3)[0-9][0-9] default-server inter 5s fall 2 rise 2 option httpclose http-reuse safe option forwardfor except 127.0.0.0/8 http-request set-header X-Client-IP %[src] http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } cookie SERVERID insert indirect nocache server srv1 1.2.3.4:443 ca-file /etc/haproxy/ssl/app1.example.com.issuer ssl verify required verifyhost app1.example.com check check-sslI've tried many combinations with the same result. With health-check is enabled clients get 503 error (as expected since helath-check failed and no more backend servers are available). But even if I remove "ssl" and "httpchk" directives (then health-check seems to be passed "L4OK"), but backend doesn't work - the browser shows errors something like "Secure connection failed" or "Empty response".
Direct connection from the client's workstation to the backend-server is working normally.
Posts: 4
Participants: 2