Hi guys,
> Hi Manfred, > > > On Tue, Jun 3, 2014 at 11:12 AM, Manfred Hollstein > <[email protected]<mailto:[email protected]>> wrote: > > Can you try if "curl -k http://proxy.prod:8080/health"; works? If I'm not > mistaken, https:// implicitly uses port 443, but don't know how the > explicit :8080 might interfere with that. > > As I expected, this gets an empty reply: > > $ curl -k http://app.prod:8080/health > curl: (52) Empty reply from server > > So, haproxy is definitely listening on 8080 and expecting an SSL client. > > (Also, I just realized my sanitizing above was wrong, my curl commands > are all to "app.prod", not "proxy.prod".) > > Can you give it a try with: > use_backend ssl_app if { hdr_sub(host) -i app.prod:8080 } > > Think ive seen at least with sni requests that the (non standard) port > is part of the sni name indication, not sure about how plain http is > handled. Yes, the host header in the request will look like: Host: app.prod:8080 but still, since "hdr_sub" matches a substring and not an exact string, haproxy should be able to match it and use that particular backend. Justin, can you double check that you are in fact using hdr_sub? Please use curl with the "-v" argument to see all the headers and try what happens if you overwrite the request header with -H "Host: app.prod". Regards, Lukas
