Baptiste,
Thanks for the advice. I am trying to receive an SSL request into HAProxy then pass along to the back-end server as http. The back-end server is a simple SOAP service that responds on http and we want HAProxy to respond to the client on https. We are not redirecting on the back-end in anyway, just receiving http from HAProxy after the SSL offload and responding with http to HAProxy. When that occurs we are seeing the error described here: http://comments.gmane.org/gmane.comp.web.haproxy/10830. I was wondering if the code change described in this thread was implemented and/or successful. Please also note that the second SOAP call made that fails the handshake also causes the HAProxy server to crash. Here are the front and back end sections for reference: frontend http-in bind xx.xx.xx.xx:80 #actual IP removed bind xx.xx.xx.xx:443 ssl crt /usr/local/cdx/apache/ssl/combined.pem id 100 #actual IP removed option http-server-close default_backend devngn1 capture response header Location len 32 capture response header Set-Cookie len 32 backend devngn1 balance roundrobin reqrep ^([^\ :]*)\ /generic(.*) \1\ /specific-path-location\2 #actual path removed server app1 xx.xx.xx.xx:80 Thanks, Zack -----Original Message----- From: Baptiste [mailto:[email protected]] Sent: Monday, April 22, 2013 2:43 AM To: Connelly, Zachary (CGI Federal) Cc: [email protected]<mailto:[email protected]> Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013 Hi Zachary, It sounds your application server is not aware the connections was made over a SSL socket on HAProxy frontend and tries to redirect the user on the same socket but on HTTP protocol. To figure out if this is really the case, and to know how to fix it, you can read this blog article: http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ Baptiste On Fri, Apr 19, 2013 at 8:53 PM, Connelly, Zachary (CGI Federal) <[email protected]<mailto:[email protected]>> wrote: > HAProxy list, > > > > I am currently working to implement SSL within HAProxy using the > 1.5-dev18 version. Much like the thread started by Samat Galimov on > 2/5/2013, I am seeing the same behavior where the first time I send a > request via SSL the request is serviced and everything is fine; the > next time the same request is attempted I receive 'ERROR:Exception in request: > javax.net.ssl.SSLHandshakeException: Remote host closed connection > during handshake.' I noticed the attached code in the thread was not > put into the > dev18 version (I believe). Did that code end up resolving the issue or > is the issue still being reviewed? I can supply my config file if that > would help. Is there any way to get more info out of HAProxy to see > what it is doing while it handles the SSL Handshake (the log does not > seem to write anything when the request fails)? > > > > Any assistance would be appreciated. Thanks, > > Zack Connelly
