Hi Jeremy, You're checking with a TCP handshake only, which is not aware of HTTP status response. add "option httpchk" in your backend and add the keyword "check-ssl" on your server lines to tell HAProxy the health check must be ciphered.
Baptiste On Thu, Feb 13, 2014 at 2:42 PM, Jeremy Wilson <[email protected]> wrote: > I'm running HAProxy version 1.5-dev21-6b07bf7 and have a strange behaviour > issue with the check command. > > Here's my config: > > backend nginx > mode http > balance leastconn > > server app1 app1.prod:81 check inter 3s port 9700 rise 1 fall > 2 maxconn 2000 > server app2 app2.prod:81 check inter 3s port 9700 rise 1 fall > 2 maxconn 2000 > > server down localhost:81 backup > > backend nginx-ssl > mode tcp > balance leastconn > > server app1 app1.prod:444 check inter 3s port 9700 rise 1 fall > 2 maxconn 2000 > server app2 app2.prod:444 check inter 3s port 9700 rise 1 fall > 2 maxconn 2000 > > server down localhost:81 backup > > The check talks to a service I have on each app server that confirms all the > required backend services are enabled (nginx, php-fpm, varnish) and reports > back: > > # telnet app1.prod 9700 > Trying 172.16.10.1... > Connected to app1.prod. > Escape character is '^]'. > HTTP/1.1 503 Service Unavailable > Content-Type: text/plain > > Stack DOWN > > Now, in testing I've killed one of the three and I get the above answer, > which works on the "nginx" backend call, but does not work on the ssl one, as > per this screenshot: > > http://i.imgur.com/oofs3S7.png > > The thing is, it's the *exact same call* for both. > > Any explanation for this? > >
