When using the backens with port 443 do you have the "ssl" keyword on the server line?
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-ssl

Also can you share your complete (anonimized) haproxy configuration file?

Kobus Bensch schreef op 13-1-2014 12:27:
A few more observations:

Hi

My environment looks like this:

Haproxy 1.5 (Also tried 1.4 with stunnel) ===>>  Apache1 &  Apache2

Each apache server uses ajp to forward traffic to tomcat servers in a 1 to 1 relationship from port 443 on the apache to 7000 on the tomcat server.

If i setup haproxy in tcpmode then it load balances correctly. If I directly connect to the individual apache servers, then it works.

If I however changes the haproxy to httpmode, then I get the following in the logs:
==> ssl_request_log <==
[13/Jan/2014:10:19:16 +0000] 10.11.115.114 - - "GET /" 562

==> ssl_access_log <==
10.11.115.114 - - [13/Jan/2014:10:19:16 +0000] "GET /" 400 562


On the browser I get:

502 Bad Gateway
The server returned an invalid or incomplete response.

I have tried to set the following haproxy global parameters with no affect:

tune.bufsize
tune.http.maxhdr

ADDED:
If I change my backend servers to plain HTTP on port 80, then all works as expected. Is this expected behaviour where the LB will accept on SSL 443 and can then only forward to apache servers on http port 80? Is it not possible in httpmode to accept ssl on the LB and then to forward that traffic to the backend apache servers also on https port 443?
ADDED END:

All my servers are Centos6 64bit.

Further searching on the internet does not really give any solutions. Please can you help?

Thanks

Kobus



Reply via email to