Hello all,
I’m an old Unix admin with no experience in web proxying, and I need to configure haproxy for this intended setup:
I tried to configure haproxy using tips from this other topic:
Here is my haproxy.cfg so far:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
tune.ssl.default-dh-param 2048
defaults
log global
maxconn 3000
retries 2
option redispatch
option dontlognull
option forwardfor except 127.0.0.0/8
timeout queue 1m
timeout check 5s
timeout client 1m
timeout server 1m
timeout connect 5s
timeout http-request 5s
timeout http-keep-alive 5s
frontend http_front
mode http
option httplog
option http-server-close
bind 10.10.10.10:443 ssl crt /etc/haproxy/certs/certificate.pem force-tlsv13
default_backend backend_oldblackbox1
backend backend_oldblackbox1
mode http
balance roundrobin
server server_oldblackbox1 10.10.10.11 ssl verify none
backend backend_oldblackbox2
mode http
balance roundrobin
server server_oldblackbox2 10.10.10.12 ssl verify none
From the Windows box, when I try to connect to the linux box either by its DNS name or it’s IP address, I get the default backend’s web page OK (which is oldblackbox1 in my current config)
But if i try to connect with oldblackbox1’s IP address or DNS name, I get this error message in the logs: http_front/1: SSL handshake failure
I know that I have to configure ACLs to route traffic to the right ‘oldblackbox’ in the backend, but I can’t figure out how to do this in my context. I read the haproxy documentation for a many hours until now, and I miss the web proxy concepts and literacy to understand all the implications of the config parameters (and there are a lot).
Any help would be very much apreciated.
2 posts - 2 participants