On Sun, Jul 2, 2017 at 6:10 PM, Igor Cicimov <[email protected] > wrote:
> > > On Mon, Jul 3, 2017 at 10:38 AM, Daren Sefcik <[email protected]> > wrote: > >> >> On Sun, Jul 2, 2017 at 4:44 PM, Michael Ezzell <[email protected]> >> wrote: >> >>> >>> >>> On Jul 2, 2017 19:15, "Daren Sefcik" <[email protected]> wrote: >>> >>> >>> Most of the traffic is ssl, for example gmail, facebook, pandora all >>> force https. >>> >>> >>> I'm going to go out on a limb and suggest that *none* of the traffic is >>> SSL in any sense that is meaningful from HAProxy's perspective. >>> >>> What do the HTTPS requests look like in the HAProxy logs? Aren't they >>> CONNECT requests? >>> >>> >> yep, pretty much..I just need some help to figure out how to make it >> work.... >> >> example log entries for https and http, you can see how the "443" goes to >> one backenad and the regular http "GET" request goes to another..but this >> is not consistent and I know there has to be a better way.. >> >> HTPL_PROXY HTPL_SSL_PROXY_http_ipvANY/HTPL-PROXY-03_10.1.4.180 >> 0/0/0/22/10075 200 525 - - cD-- 124/124/103/103/0 0/0 "CONNECT >> caltopo.com:443 HTTP/1.1" >> >> HTPL_PROXY HTPL_WEB_PROXY_http_ipvANY/HTPL-PROXY-04_10.1.4.181 >> 92/0/0/1/93 403 4309 - - ---- 126/126/10/11/0 0/0 "GET >> http://i2.wp.com/n4.nabble.com/images/avatar100.png HTTP/1.1" >> >> >> TIA for any help with this..! >> > > Is it possible that *some* of the clients have issues talking to the > haproxy over ssl? You say in case of ssl it is not 100% successful but what > does that mean? How does this manifest? Can you track the ssl request from > particular client ending up on the http backend? > All clients talk to haproxy 100% fine. What I mean by not 100% is that using that particular acl to try and determine if it is ssl traffic or not is not 100% in haproxy. Maybe 80% percent of the time haproxy sends the traffic to the intended backend and 20% of the time to the other....but 100% of all traffic goes to one backend or the other. TIA...
