Hello, On Wed, May 05, 2010 at 07:58:30PM +0200, Sergio Toledo wrote: > 2. One of the workarounds we have tried is to add two headers in haproxy in > order to tell the java backend how to build the url. Those headers are > X-Proto and X-Port, as you can see in conf file. And although the url is > build correctly (with https), and the browser shows it ok, if I sniff the > traffic, I can see it in clear text, and not under ssl. > 3. Finally, url_sub also has an unexpected behaviour. If I open a browser > and surf to https://stunnel+haproxybox/tomcat, it works perfect, but if I > open a new tab in the browser or overwrite the url in the same tab, and surf > to https://stunnel+haproxybox/app1 or https://stunnel+haproxybox/app2, the > browser tries to open app1 or app2 in java backend instead of iis backend. > However, if I wait for a while (5 minutes or something), the browser goes to > the right backend.
Both of these issues are caused by the lack of "option httpclose" or "option http-server-close" in your config. Haproxy then just analyses the first request of each connection and considers the rest as data. This is why you don't see the headers properly added and why your switching rules don't work. Regards, Willy
