Hi, On Sun, Mar 01, BGaudreault Brian wrote: > Hello, I'm seeing weird behaviors forwarding on traffic coming in over HTTPS > and was hoping someone could provide a solution. I believe I have SSL setup > properly for HAProxy 1.5, but this is the first time I'm using it with SNI > for multiple domain support. I'm also not sure where my logs are on this > server.
Do you have a chroot statement in haproxy.cfg (is /dev/log available inside chroot) ? Check your syslog configuration it should show where the logs go (usually /var/log). (And your logs will show what frontend/backend the traffic uses). > • https domain.com - The browser spreads out the page layout vertically and > starts with a vertical list of URLs in text form instead of a horizontal list > in graphical form with pop-up menus. I suspect this may be an issue with the > web server configuration and/or the code. > > • https www.domain.com - I'm getting redirected to our secure "order" page > instead of our "main" website page and I'm not sure why. For testing try adding (to frontend https_in): acl domain.com hdr_dom(host) -i domain.com use_backend domain.com if domain.com this should help debug that traffic goes to correct backend. Also you can use openssl s_client to send requests with sni: openssl s_client -connect ip.add.re.ss:443 -servername www.domain.com openssl s_client -connect ip.add.re.ss:443 -servername domain.com (And type something like this to send a request: GET /someurl HTTP/1.1 Host: www.domain.com ). But get logging working and add ssl_fc_sni to logformat, something like this: http://bedis.eu/haproxy/haproxy_configuration_for_dokuwiki -Jarno > acl domain.com hdr_dom(host) -i domain.com > use_backend domain.com if domain.com > default_backend web > > frontend https_in > > bind :443 ssl crt /etc/ssl/WILDCARD.domain.com.chain.pem > use_backend domain.com if { ssl_fc_sni domain.com } > use_backend domain.com if { ssl_fc_sni www.domain.com } > default_backend web -- Jarno Huuskonen
