Hi Erick,
Le 21/02/2012 15:14, Erick Chinchilla Berrocal a écrit :
Hi
We have the following situation with the access by https
customer ---__Haproxy ______Web-Server--> W-2008 IIS
| |
|__Stunnel___|
When the customer try access the web-pages by the port 80 , the system
are working good.
But if try to access by the port 443, get the following messages
"502 Bad Gateway
The server returned an invalid or incomplete response. "
> (...)
listen https 0.0.0.0:81
mode http
cookie WEBSERVERID insert
option httplog
balance source
option forwardfor except 192.168.20.5
option httpclose
option redispatch
maxconn 10000
reqadd X-Forwarded-Proto:\ https
server FE04 192.168.20.30:443 cookie A maxconn 5000
The issue is on this previous line.
Stunnel is in front of haproxy, which then receives clear HTTP. Here,
you try to send clear HTTP on a port waiting for HTTPS communication.
Replace the line with :
server FE04 192.168.20.30:80 cookie A maxconn 5000
and it should be OK...but non optimal.
You could optimize your configuration by merging the 2 "listen" parts to
share the maxconn limits.
In you case, it could be something like :
listen http_https
bind 0.0.0.0:80
bind 0.0.0.0:81
mode http
cookie WEBSERVERID insert
option httplog
balance source
option forwardfor except 192.168.20.5
option httpclose
option redispatch
maxconn 10000
reqadd X-Forwarded-Proto:\ http if { dst_port 80 }
reqadd X-Forwarded-Proto:\ https if { dst_port 81 }
server FE04 192.168.20.30:443 cookie A maxconn 5000
Hope this helps.
--
Cyril Bonté
