Claudio, I just tested this on HAProxy 1.6 Dev0 and the bug is fixed (along with several others)... It was spotted by someone a few months ago that an SSL re-encrypted real server would force agent checks to https (incorrectly)
On 1 April 2015 at 16:21, Claudio Ruggieri <claudio.ruggi...@inetworking.it> wrote: > I check with tcpdump: it seems that agent-check in the https backend try to > do a SSL connection. > My agent is a simple TCP socket without SSL. > > However I managed to open an SSL socket, but I still have errors: > E SSL_accept(): error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer > did not return a certificate > > But I'm not interested in having a secure connection for agent check. It is > possible to disable SSL and have a simple tcp connection? > > Thank you > Bye > > -----Messaggio originale----- > Da: Baptiste [mailto:bed...@gmail.com] > Inviato: mercoledì 1 aprile 2015 16.48 > A: Claudio Ruggieri > Cc: haproxy@formilux.org > Oggetto: Re: Agent-check not working with backend HTTPS > > On Wed, Apr 1, 2015 at 4:13 PM, Claudio Ruggieri > <claudio.ruggi...@inetworking.it> wrote: >> Hi all, >> >> I have a problem with agent-check, in my haproxy installation. >> >> Ubuntu Server 14.04 LTS with haproxy 1.5.3-1~ubuntu14.04.1 >> >> >> >> HAProxy is configured with 2 backends: one http e one https. >> >> Agent-check is a script bash that simply return a percentage. >> >> >> >> HTTP backend works fine. HTTPS backend doesn't work. In the web >> Statistic Report I see no weight is updated and I don't have errors in log. >> >> >> >> This is the HTTPS backend configuration: >> >> >> >> backend application-https >> >> description "HTTPS Application backend" >> >> cookie SRV insert indirect maxidle 24h maxlife 24h >> >> >> >> server rp1-test-https 192.168.170.181:443 maxconn 100 weight >> 100 fall 2 rise 2 check inter 2s agent-check agent-port 4321 >> agent-inter 5s cookie rp1-test-https ssl verify none >> >> server rp2-test-https 192.168.170.182:443 maxconn 100 weight >> 100 fall 2 rise 2 check inter 2s agent-check agent-port 4321 >> agent-inter 5s cookie rp2-test-https ssl verify none >> >> >> >> Any idea? > > > Hi Claudio, > > What does a tcpdump on port 4321 tells you? > and what type of content do you see from the server to haproxy in the packet > captured? > > Baptiste > -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)330 1604540 http://www.loadbalancer.org/
