Thanks for your help. So, it appears that in certain instances a POST is
done using relative path or URN. The question is how do I tell haproxy
that this is related to the original url that is found on the certificate.
Meaning, this part I need to change so that the forwarding is done based on
CN in certificate. Or, perhaps, there is another way to do it.
use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } # content
switching based on SNI
On Thu, Aug 13, 2015 at 12:21 AM Jeff Palmer <j...@palmerit.net> wrote:
> The <NOSRV> in the logs you posted, means that haproxy doesn't believe
> there is a server available on the backend to fulfull the request.
>
> The first request hits the bk_remail_cert backend, but the next two
> requests don't, my guess is that the requests don't match your
> "use_backend" requirements, and you don't have a default_backend set
> for the request to fall through. thus, the <NOSRV> logs.
>
>
>
>
> On Wed, Aug 12, 2015 at 10:58 PM, Roman Gelfand <rgelfa...@gmail.com>
> wrote:
> > I am not seeing a response to the following post. The apache backend
> server
> > show now trace of the post request, below.
> >
> > Aug 12 22:43:43 localhost haproxy[15606]: 38.105.236.253:59539
> > [12/Aug/2015:22:43:12.935] farm_test_ssl~ bk_remail_cert/remail
> > 26582/0/1/3530/30113 200 1229 - - ---- 1/1/0/0/0 0/0 "POST
> > /services/ajax.php/imp/poll HTTP/1.1"
> > Aug 12 22:43:44 localhost haproxy[15606]: 107.107.59.175:29935
> > [12/Aug/2015:22:43:44.289] farm_test_ssl~ farm_test_ssl/<NOSRV>
> > -1/-1/-1/-1/86 503 212 - - SC-- 1/1/0/0/0 0/0 "POST
> > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com
> &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A
> > HTTP/1.1"
> > Aug 12 22:43:57 localhost haproxy[15606]: 107.107.59.175:17798
> > [12/Aug/2015:22:43:57.550] farm_test_ssl~ farm_test_ssl/<NOSRV>
> > -1/-1/-1/-1/88 503 212 - - SC-- 1/1/0/0/0 0/0 "POST
> > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com
> &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A
> > HTTP/1.1"
> >
> >
> > this is the front-end back-end configuration
> >
> > frontend farm_test_ssl
> > mode http
> > bind 0.0.0.0:443 ssl crt crt /etc/ssl/certs/remail.pem
> > use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } #
> content
> > switching based on SNI
> >
> > backend bk_remail_cert
> > mode http
> > server remail 192.168.8.166:80 check
> > http-request set-header X-Forwarded-Proto https if { ssl_fc }
> >
> >
> >
> > On Wed, Aug 12, 2015 at 5:12 PM Jeff Palmer <j...@palmerit.net> wrote:
> >>
> >> Describing the issues you think it's causing fire haproxy would also be
> >> helpful.
> >>
> >> On Aug 12, 2015 4:37 PM, "Baptiste" <bed...@gmail.com> wrote:
> >>>
> >>> On Wed, Aug 12, 2015 at 6:34 PM, Roman Gelfand <rgelfa...@gmail.com>
> >>> wrote:
> >>> > Why would the following apache directives cause problems for haproxy.
> >>> >
> >>> > RewriteRule ^/Microsoft-Server-ActiveSync /rpc.php
> >>> > [PT,L,QSA]
> >>> > RewriteRule .* -
> >>> > [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
> >>> > RewriteRule .* -
> >>> > [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
> >>> > RewriteRule .* -
> >>> > [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
> >>> >
> >>> > Thanks in advance
> >>>
> >>>
> >>> First, you say 'hi'
> >>>
> >>> Second, you explain your problem and whayt those apache rules are
> >>> supposed to do, what type of application are they applied to and how
> >>> this application is supposed to work.
> >>>
> >>> Without a bit of context, it is impossible to help!
> >>>
> >>> Baptiste
> >>>
> >
>
>
>
> --
> Jeff Palmer
> https://PalmerIT.net
>
