@jkim711 wrote:
Hi
I set up HAproxy to do SSL Termination for the webserver in the backend, because the webserver doesn’t support SSL.
But just launching the HAproxy has the haproxy keep sending reset packets to the backend web server.
What could be the cause of this?1 0 172.17.0.7 172.17.0.5 TCP 74 45886 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294779355 TSecr=0 WS=128
2 0.000071 172.17.0.5 172.17.0.7 TCP 74 8052 > 45886 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294779355 TSecr=4294779355 WS=128
3 0.000118 172.17.0.7 172.17.0.5 TCP 66 45886 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294779355
4 2.004199 172.17.0.7 172.17.0.5 TCP 74 45888 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294781359 TSecr=0 WS=128
5 2.004264 172.17.0.5 172.17.0.7 TCP 74 8052 > 45888 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294781359 TSecr=4294781359 WS=128
6 2.004297 172.17.0.7 172.17.0.5 TCP 66 45888 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294781359
7 4.007935 172.17.0.7 172.17.0.5 TCP 74 45890 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294783363 TSecr=0 WS=128
8 4.008002 172.17.0.5 172.17.0.7 TCP 74 8052 > 45890 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294783363 TSecr=4294783363 WS=128
9 4.008035 172.17.0.7 172.17.0.5 TCP 66 45890 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294783363
10 6.017341 172.17.0.7 172.17.0.5 TCP 74 45906 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294785372 TSecr=0 WS=128
11 6.017404 172.17.0.5 172.17.0.7 TCP 74 8052 > 45906 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=4294785372 TSecr=4294785372 WS=128
12 6.017448 172.17.0.7 172.17.0.5 TCP 66 45906 > 8052 [RST, ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=0 TSecr=4294785372
13 8.019894 172.17.0.7 172.17.0.5 TCP 74 45914 > 8052 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294787375 TSecr=0 WS=128172.17.0.7 is the haproxy
172.17.0.5 is awx_webHere the haproxy.cfg I used.
global
maxconn 2048
tune.ssl.default-dh-param 2048
defaults
mode http
option forwardfor
option http-server-close
timeout connect 5000ms
timeout client 5000ms
timeout server 5000msfrontend www-https
bind *:443 ssl crt /root/key/mykey.pem
reqadd X-Forwarded-Proto:\ https
default_backend backend_app1_sslbackend backend_app1_ssl
http-reuse safe
redirect scheme http if { ssl_fc }
server www-1 172.17.0.5:8052 check
And the yaml file to launch the AWX and haproxy
========================================================
hosts: localhost
tasks:
name: 1. Activate postgres container
docker_container:
name: postgres
image: postgres:9.6
state: started
ports:
- "5432:5432"
env:
POSTGRES_DB: awx
POSTGRES_PASSWORD: awxpass
POSTGRES_USER: awx
volumes:
- “/tmp/pgdocker:/var/lib/postgresql/data”name: 2. Activate rabbitmq container
docker_container:
name: rabbitmq
state: started
image: rabbitmq:3
env:
RABBITMQ_DEFAULT_VHOST: “awx”name: 3. Activate memcached container
docker_container:
name: memcached
state: started
image: memcached:alpinename: Wait for postgres and rabbitmq to activate
pause:
seconds: 10name: Set properties with postgres for awx_web
set_fact:
pg_hostname_actual: postgres
awx_web_container_links:
- rabbitmq
- memcached
- postgresname: 4. Activate AWX Web Container
docker_container:
name: awx_web
state: started
image: awx_web:1.0.0.337
user: rootports:
- “80:8052”
links: "{{ awx_web_container_links|list }}" hostname: awxweb env: SECRET_KEY: aabbcc DATABASE_NAME: awx DATABASE_USER: awx DATABASE_PASSWORD: awxpass DATABASE_PORT: 5432 DATABASE_HOST: "{{ pg_hostname_actual }}" RABBITMQ_USER: guest RABBITMQ_PASSWORD: guest RABBITMQ_HOST: rabbitmq RABBITMQ_PORT: 5672 RABBITMQ_VHOST: awx MEMCACHED_HOST: memcached MEMCACHED_PORT: 11211 - name: Set properties with postgres for awx_task set_fact: pg_hostname_actual: postgres awx_task_container_links: - rabbitmq - memcached - awx_web - postgres - name: 5. Activate AWX Task Container docker_container: name: awx_task state: started image: awx_task:1.0.0.337 links: "{{ awx_task_container_links|list }}" user: root hostname: awx env: SECRET_KEY: aabbcc DATABASE_NAME: awx DATABASE_USER: awx DATABASE_PASSWORD: awxpass DATABASE_HOST: "{{ pg_hostname_actual }}" DATABASE_PORT: 5432 RABBITMQ_USER: guest RABBITMQ_PASSWORD: guest RABBITMQ_HOST: rabbitmq RABBITMQ_PORT: 5672 RABBITMQ_VHOST: awx MEMCACHED_HOST: memcached MEMCACHED_PORT: 11211 - name: 6. Activate HAProxy Container docker_container: name: myhaproxy state: started image: haproxy:latest #links: awx_web ports: - "443:443" volumes: - "/usr/local/etc/haproxy/:/usr/local/etc/haproxy/" - "/root/key/:/root/key/"
Posts: 2
Participants: 2