Hi, On Wed, Oct 15, pasquale scalea wrote: > i have configure haproxy-1.5.4-1.el6.x86_64 with this config ... > backend view_https > mode tcp > option tcplog > option httpchk OPTIONS / > http-check expect status 200 > option ssl-hello-chk #make sure we can talk SSL, not just TCP > balance source > balance roundrobin > stick on src > stick-table type ip size 100m expire 1h > server milap9900 172.16.74.17:443 check id 1 inter 10s rise 5 fall 2 > server milap9901 172.16.74.18:443 check id 2 inter 10s rise 5 fall 2
How are you trying to do the server health checks ? Are you trying to use "OPTIONS /" over ssl connection or just ssl-hello-chk ? If you're trying to do "OPTIONS /" with ssl then maybe something like this might work: # disable option ssl-hello-chk option httpchk OPTIONS / server milap9900 172.16.74.17:443 check ssl id 1 inter 10s rise 5 fall 2 server milap9901 172.16.74.18:443 check ssl id 2 inter 10s rise 5 fall 2 (and make sure you've compiled haproxy with ssl support: haproxy -vv) (and you need to configure ca certs or use verify none/ssl-server-verify none) http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-ssl or http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-check-ssl Also check that the backend server responds to "OPTIONS /" with (for example with: openssl s_client -connect 172.16.74.18:443 and type OPTIONS / HTTP/1.0 and hit enter twice) Also are you trying to send the same client to the same server: balance source / balance roundrobin / stick on src ? http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-balance http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-stick%20on Then balance source or balance roundrobin + stick on src should do the trick I don't think you'll need all three. Cheers, -Jarno -- Jarno Huuskonen
