Thanks for your help. So, it appears that in certain instances a POST is done using relative path or URN. The question is how do I tell haproxy that this is related to the original url that is found on the certificate. Meaning, this part I need to change so that the forwarding is done based on CN in certificate. Or, perhaps, there is another way to do it. use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } # content switching based on SNI
On Thu, Aug 13, 2015 at 12:21 AM Jeff Palmer <j...@palmerit.net> wrote: > The <NOSRV> in the logs you posted, means that haproxy doesn't believe > there is a server available on the backend to fulfull the request. > > The first request hits the bk_remail_cert backend, but the next two > requests don't, my guess is that the requests don't match your > "use_backend" requirements, and you don't have a default_backend set > for the request to fall through. thus, the <NOSRV> logs. > > > > > On Wed, Aug 12, 2015 at 10:58 PM, Roman Gelfand <rgelfa...@gmail.com> > wrote: > > I am not seeing a response to the following post. The apache backend > server > > show now trace of the post request, below. > > > > Aug 12 22:43:43 localhost haproxy[15606]: 38.105.236.253:59539 > > [12/Aug/2015:22:43:12.935] farm_test_ssl~ bk_remail_cert/remail > > 26582/0/1/3530/30113 200 1229 - - ---- 1/1/0/0/0 0/0 "POST > > /services/ajax.php/imp/poll HTTP/1.1" > > Aug 12 22:43:44 localhost haproxy[15606]: 107.107.59.175:29935 > > [12/Aug/2015:22:43:44.289] farm_test_ssl~ farm_test_ssl/<NOSRV> > > -1/-1/-1/-1/86 503 212 - - SC-- 1/1/0/0/0 0/0 "POST > > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com > &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A > > HTTP/1.1" > > Aug 12 22:43:57 localhost haproxy[15606]: 107.107.59.175:17798 > > [12/Aug/2015:22:43:57.550] farm_test_ssl~ farm_test_ssl/<NOSRV> > > -1/-1/-1/-1/88 503 212 - - SC-- 1/1/0/0/0 0/0 "POST > > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com > &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A > > HTTP/1.1" > > > > > > this is the front-end back-end configuration > > > > frontend farm_test_ssl > > mode http > > bind 0.0.0.0:443 ssl crt crt /etc/ssl/certs/remail.pem > > use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } # > content > > switching based on SNI > > > > backend bk_remail_cert > > mode http > > server remail 192.168.8.166:80 check > > http-request set-header X-Forwarded-Proto https if { ssl_fc } > > > > > > > > On Wed, Aug 12, 2015 at 5:12 PM Jeff Palmer <j...@palmerit.net> wrote: > >> > >> Describing the issues you think it's causing fire haproxy would also be > >> helpful. > >> > >> On Aug 12, 2015 4:37 PM, "Baptiste" <bed...@gmail.com> wrote: > >>> > >>> On Wed, Aug 12, 2015 at 6:34 PM, Roman Gelfand <rgelfa...@gmail.com> > >>> wrote: > >>> > Why would the following apache directives cause problems for haproxy. > >>> > > >>> > RewriteRule ^/Microsoft-Server-ActiveSync /rpc.php > >>> > [PT,L,QSA] > >>> > RewriteRule .* - > >>> > [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}] > >>> > RewriteRule .* - > >>> > [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}] > >>> > RewriteRule .* - > >>> > [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] > >>> > > >>> > Thanks in advance > >>> > >>> > >>> First, you say 'hi' > >>> > >>> Second, you explain your problem and whayt those apache rules are > >>> supposed to do, what type of application are they applied to and how > >>> this application is supposed to work. > >>> > >>> Without a bit of context, it is impossible to help! > >>> > >>> Baptiste > >>> > > > > > > -- > Jeff Palmer > https://PalmerIT.net >