Hi,
I'm running haproxy 1.4.18 on ubuntu.
I have a setup which seems to work for SSL at least I can get to the sites
and the certificate is exchanged properly, and html shows up fine.
But if I try to load PHP pages it only works if I go straight to the server
(bypassing haproxy). Through haproxy what happens is that the php file is
downloaded and not rendered.
The servers in haproxy have public addresses as they are in different
networks. I can get to them either directly or through haproxy.
Also it's important to note that at this moment I'm only using a single
server - since I'm just getting started and testing things out.
My haproxy config is as follows:
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 10000
#chroot /usr/share/haproxy
user haproxy
group haproxy
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen smtp :25
mode tcp
balance roundrobin
# server smtp1 54.213.213.x check
# server smtp2 54.213.173.x check
server smtp3 50.112.191.x check
listen pop3 :110
mode tcp
balance roundrobin
server pop1 50.112.191.x check
listen pop3s :995
mode tcp
balance roundrobin
server pop1 50.112.191.x check
listen http :80
mode http
option tcplog
option httpchk GET /
balance roundrobin
cookie SERVERID insert indirect nocache
maxconn 1000
server web1 54.200.1.x cookie web1 check
capture cookie vgnvisitor= len 32
option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our
intern
al IP address
listen https1 :443
mode tcp
option tcplog
option ssl-hello-chk
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https #if { is_ssl }
maxconn 1000
balance roundrobin
cookie SERVERID insert indirect nocache
server web1 54.200.1.x check
capture cookie vgnvisitor= len 32
listen https-mx4 :81
mode tcp
option tcplog
option ssl-hello-chk
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https #if { is_ssl }
maxconn 1000
balance roundrobin
cookie SERVERID insert indirect nocache
server mx4 50.112.191.x:443 check
capture cookie vgnvisitor= len 32
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our
intern
al IP address
Here's what I'm doing... I have 2 https services in haproxy. One on the
standard 443 port redirecting to one server. Another one on port 81 which
redirects to 443 on a different server.
I can access a PHP file which renders correctly if I go straight to
50.112.191.x:443, but if I try to go through haproxy (using port 81 which
redirects to 50.112.191.x:443), then instead of rendering the PHP code, it
downloads the file.
Now if I simply try to access an html file rather than PHP, both ways work
correctly.
thanks
Ricardo
