When using the backens with port 443 do you have the "ssl" keyword on
the server line?
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-ssl
Also can you share your complete (anonimized) haproxy configuration file?
Kobus Bensch schreef op 13-1-2014 12:27:
A few more observations:
Hi
My environment looks like this:
Haproxy 1.5 (Also tried 1.4 with stunnel) ===>> Apache1 & Apache2
Each apache server uses ajp to forward traffic to tomcat servers in a
1 to 1 relationship from port 443 on the apache to 7000 on the tomcat
server.
If i setup haproxy in tcpmode then it load balances correctly. If I
directly connect to the individual apache servers, then it works.
If I however changes the haproxy to httpmode, then I get the following
in the logs:
==> ssl_request_log <==
[13/Jan/2014:10:19:16 +0000] 10.11.115.114 - - "GET /" 562
==> ssl_access_log <==
10.11.115.114 - - [13/Jan/2014:10:19:16 +0000] "GET /" 400 562
On the browser I get:
502 Bad Gateway
The server returned an invalid or incomplete response.
I have tried to set the following haproxy global parameters with no
affect:
tune.bufsize
tune.http.maxhdr
ADDED:
If I change my backend servers to plain HTTP on port 80, then all
works as expected. Is this expected behaviour where the LB will accept
on SSL 443 and can then only forward to apache servers on http port
80? Is it not possible in httpmode to accept ssl on the LB and then to
forward that traffic to the backend apache servers also on https port
443?
ADDED END:
All my servers are Centos6 64bit.
Further searching on the internet does not really give any solutions.
Please can you help?
Thanks
Kobus
