HAProxy Support

[Erick Chinchilla Berrocal]

Hi We have the following situation with the access by https customer ---__Haproxy ______Web-Server--> W-2008 IIS                     |                      |                     |__Stunnel___| When the customer try access the web-pages by the port 80 , the system are working good. But if try to access by the port 443,  get the following messages "502 Bad Gateway The server returned an invalid or incomplete response. " This is the current setup #stunnel.conf sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [https] cert=/etc/stunnel/server.crt key=/etc/stunnel/server.key accept=443 connect=81 xforwardedfor=yes TIMEOUTclose = 0 #haproxy global         log     /dev/log        local0  info         log     /dev/log        local0  notice         maxconn 4096         user haproxy         group haproxy         daemon defaults         log     global         mode    http        option  httplog         log global         option  dontlognull         retries 3         option redispatch         maxconn 2000         contimeout      5000         clitimeout      50000         srvtimeout      50000 listen http 0.0.0.0:80         mode http         cookie WEBSERVERID insert         option httplog         balance source         option forwardfor except 192.168.20.5         option httpclose         option redispatch         maxconn 10000         reqadd X-Forwarded-Proto:\ http          server FE04 192.168.20.30 cookie A maxconn 5000 listen https 0.0.0.0:81         mode http         cookie WEBSERVERID insert         option httplog         balance source         option forwardfor except 192.168.20.5         option httpclose         option redispatch         maxconn 10000         reqadd X-Forwarded-Proto:\ https         server FE04 192.168.20.30:443 cookie A maxconn 5000 #This is the version Linux  2.6.32-5-686 #1 SMP Mon Jan 16 16:04:25 UTC 2012 i686 GNU/Linux Linux version 2.6.32-5-686 (Debian 2.6.32-41) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Mon Jan 16 16:04:25 UTC 2012 HA-Proxy version 1.4.19 2012/01/07 Copyright 2000-2011 Willy Tarreau <w...@1wt.eu> Stunnel 4 Log Haproxy Feb 20 15:49:36 xxx haproxy[1881]: 192.168.192.198:56248 [20/Feb/2012:15:49:36.750] http http/FE04 1/0/97/101/202 302 378 - - --VN 0/0/0/0/0 0/0 "GET /login HTTP/1.1" Feb 20 15:49:36 xxx stunnel: LOG5[14972:3074030448]: https accepted connection from 192.168.192.198:56249 Feb 20 15:49:36 xxx stunnel: LOG6[14972:3074030448]: SSL accepted: new session negotiated Feb 20 15:49:36 xxx stunnel: LOG6[14972:3074030448]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 Feb 20 15:49:36 xxx stunnel: LOG6[14972:3074030448]: connect_blocking: connecting 127.0.0.1:81 Feb 20 15:49:36 xxx stunnel: LOG5[14972:3074030448]: connect_blocking: connected 127.0.0.1:81 Feb 20 15:49:36 xxx stunnel: LOG5[14972:3074030448]: https connected remote server from 127.0.0.1:48654 Feb 20 15:49:37 xxx haproxy[1881]: 127.0.0.1:48654 [20/Feb/2012:15:49:36.976] https https/FE04 2/0/97/-1/195 502 204 - - SHVN 0/0/0/0/0 0/0 "GET /login HTTP/1.1" Feb 20 15:49:37 xxx stunnel: LOG6[14972:3074030448]: SSL_shutdown successfully sent close_notify Feb 20 15:49:37 xxx stunnel: LOG6[14972:3074030448]: s_poll_wait timeout: connection close Feb 20 15:49:37 xxx stunnel: LOG5[14972:3074030448]: Connection closed: 204 bytes sent to SSL, 479 bytes sent to socket Please let me know if you can help us with this issue. Thanks Erick Ch. -- Continuité et Qualité de Service des Infrastructures IT Visitez www.exosec.fr et découvrez : Serenity, Services Managés d'infrastructures IT (Supervision, Métrologie, MCO,...), P.O.M, Plateforme Ouverte de Monitoring WebSaaS, contrôle et filtrage de navigation Web On demand. Christophe Pouillet ZAC des Metz - 3 Rue du petit robinson- 78350 Jouy en Josas Tél: +33 01 30 67 60 65 - Fax: +33 01 75 43 40 70 - Gsm: +33 671.016.876