Hi, I have haproxy installed that needs to load balance web requests between couple of tomcat servers with ssl enabled (8443).
haproxy (1.5-dev24-ed44649) configuration below: global stats socket /var/run/haproxy.sock log loghost syslog debug maxconn 10000 ulimit-n 65536 chroot /usr/share/haproxy uid 99 gid 99 daemon defaults mode http log global retries 3 maxconn 10000 timeout connect 15000 timeout client 20000 timeout server 20000 timeout check 5s option redispatch option http-server-close option httpclose option logasap listen stats bind :80 stats enable stats uri /haproxy?stats stats auth haproxy:passwd stats refresh 5s listen site bind :443 ssl crt /etc/haproxy/site.pem balance roundrobin option httplog option forwardfor option ssl-hello-chk option httpchk GET /health_monitor.jsp HTTP/1.0 http-check expect string OK appsession JSESSIONID len 52 timeout 3h server server-1 tomcat-1:8443 check inter 5000 check-ssl ca-file /etc/pki/tls/certs/ca-bundle.crt server server-2 tomcat-2:8443 check inter 5000 check-ssl ca-file /etc/pki/tls/certs/ca-bundle.crt With above configuration when https://<haproxy_vip>/service/index.jsp is accessed haproxy returns a 502 Bad Gateway error. Per syslogs - May 9 06:56:42 localhost haproxy[7860]: 10.x.x.x:62604 [09/May/2014:06:56:42.936] site~ site/server-2 38/0/1/-1/+40 502 +211 - - PH-- 0/0/0/0/0 0/0 "GET /service/index.jsp HTTP/1.1" However, when I change the "server" lines configuration as below and also enable port 8080 in tomcat servers requests succeed - (note that in both cases ssl health checks succeed) server server-1 tomcat-1:8080 check inter 5000 check-ssl ca-file /etc/pki/tls/certs/ca-bundle.crt port 8443 server server-2 tomcat-2:8080 check inter 5000 check-ssl ca-file /etc/pki/tls/certs/ca-bundle.crt port 8443 Corresponding syslogs: (working case when tomcat port 8080 is used) May 9 07:13:04 localhost haproxy[7888]: 10.x.x.x:62807 [09/May/2014:07:13:04.918] site~ site/server-1 62/0/1/2/+65 200 +243 - - ---- 1/1/1/1/0 0/0 "GET /service/index.jsp HTTP/1.1" As the requirement is to use https end-to-end I would like to configure haproxy to work on port 8443 but am unable to figure out why requests get 502 error. I also tried using 'no option checkcache' but that did not help. Also as port 8080 requests are successful not sure if the issue is related to Set-Cookie. Please advice if there is any issue with haproxy configuration. Appreciate the help! Thanks, Ram
