Proxying https to https

Thu, 06 Mar 2014 16:56:25 -0800 

Hi,

I’m trying to figure out how to do the equivalent of this working nginx sample 
configuration using HAProxy 1.5-dev22:

server {
  listen 443 ssl default;
  ssl_certificate /etc/nginx/certs/cloud.appcelerator.com.combined.crt;
  ssl_certificate_key /etc/nginx/certs/cloud.appcelerator.com.key;

  location / {
    proxy_pass https://www.google.com:443;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_next_upstream error;
    proxy_redirect off;
  }
}

HAProxy documentation such as 
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-stick%20store-response
 indicates setting the backend mode to tcp:

global
    maxconn 4000
    daemon

defaults
    timeout server 5s
    timeout connect 5s
    timeout client 5s

frontend proxy-secure
    bind :443 ssl crt /etc/haproxy/cloud.appcelerator.com.pem
    reqadd X-Forwarded-Proto:\ https
    default_backend https

backend https
    mode tcp
    server google-secure www.google.com<http://www.google.com>:443

However, this results in an empty response:

$ curl -v https://haproxy-ssl-test.cloud.appcelerator.com
* Adding handle: conn: 0x7f7fea003a00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f7fea003a00) send_pipe: 1, recv_pipe: 0
* About to connect() to 
haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com>
 port 443 (#0)
*   Trying 54.203.245.228...
* Connected to 
haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com>
 (54.203.245.228) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: *.cloud.appcelerator.com<http://cloud.appcelerator.com>
* Server certificate: Go Daddy Secure Certificate Authority - G2
* Server certificate: Go Daddy Root Certificate Authority - G2
* Server certificate: Go Daddy Class 2 Certification Authority
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: 
> haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com>
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 
haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com>
 left intact
curl: (52) Empty reply from server

So I think that I am configuring the backend incorrectly. I can get https -> 
http proxying working just fine, but I need to be able to proxy (not redirect) 
to an https endpoint. Any suggestions are greatly appreciated.

thanks!
Mike

--
Michael Goff
Director of Engineering, DevOps

Appcelerator, Inc.
The Next Generation Mobile Platform

Reply via email to