Dear All ,
I am trying to setup a load balancing under webmail on my test servers.
Here is my setup details :--
Total server are 3 servers. i.e ( 2 backend webmail server and 1
front server ) . There is no firewall rule between any servers.
On one server I have installed haproxy-1.4.15.tar.gz +
stunnel-4.41.tar.gz with http:// and https://
Another two servers are installed with squirrelmail .
i.e End user browser --> stunnel --> haproxy ---> apache
*my problem*:--
==========
1) When I access the webmail by https://webmail.domain.com and compose
any email and click on send button , the page is getting expire and I
am getting log out from webmail.
In Firefox there is no error on browser , where as in internet explorer
I am getting below error with popup window :--
*Error Popup* :--
============
"do you want to view only the webpage content that was deliver securely.
This webpage contain the content that will not be delivered using the
secure HTTPS connection, which could compromise the security of entire
webpage."
I found the solution for this on below link and its works from "Internet
Explorer" but not for others browser.
http://pariswells.com/blog/tag/this-webpage-contains-content-that-will-not-be-delivered-using-a-secure-https-connection
Where as if I check with http://webmail.domain.com , then the mail
compose and send work properly.
*
*If check the internal webmail server with same certificate , then
compose email and send works properly.
I also checked by replacing the stunnel with nginx but the problem is
remain same.
i.e problem come when request goes vai haproxy
*My quires* :--
=======
1) what correct configuration is require from server side , so that at
end user's browser there will be no change. ? and will work for all
browser ?
2|) Why such POPUP come ? Do I require any special type of SSL certificate.?
3) How do I achieve this with haproxy.
4) I checked the logs in debug mode , I am getting "Aug 18 15:47:47 base
stunnel: LOG5[30896:3086818192]: Error detected on SSL (read) file
descriptor: Broken pipe (32)" error in stunnel debug log , what this
means ?
Here is my config details
stunnel.conf :--
============
[root@jayesh ~]# cat /etc/stunnel/stunnel.conf
cert=/opt/ssl/ssl.key/mail_domain_com.crt
key=/opt/ssl/ssl.key/domain.key
setuid=stunnel
setgid=stunnel
pid=/var/run/stunnel/stunnel.pid
output = /var/log/stunnel.log
debug = 7
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
[https]
accept=192.168.30.200:443
connect=192.168.30.200:81
[root@jayesh ~]# ls -lh /opt/ssl/ssl.key
-rwxr-xr-x 1 root root 2.1K Jul 26 17:30
/opt/ssl/ssl.key/mail_domain_com.crt
-rw-r--r-- 1 root root 1.7K Jul 26 17:35 /opt/ssl/ssl.key/domain.key
haproxy.cfg
=========
[root@jayesh ~]# cat /etc/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
daemon
nbproc 4
defaults
mode http
cookie SERVERID insert nocache indirect
clitimeout 60000
srvtimeout 30000
contimeout 40000
mode http
option httplog
option httpclose
option forwardfor
maxconn 25000
log global
listen http_proxy 192.168.30.200:81
balance roundrobin
option httpchk
option forwardfor except 192.168.30.200/32
reqadd X-Forwarded-Proto:\ https
option forwardfor
server server1 192.168.30.221 weight 1 cookie SERVER1 check
server server2 192.168.30.222 weight 1 cookie SERVER2 check
Please suggest me and guide on this issue.
Regards
Jayesh Shinde
