Maybe *option tcpka * *option httpclose*
can help. We've got similar behaviour with HAProxy LBs running inside OpenStack Private Cloud. Lots of 503/<NOSRV> while backend servers are actually working. On Mon, Oct 5, 2015 at 6:43 PM, Baptiste <[email protected]> wrote: > On Mon, Oct 5, 2015 at 5:24 PM, Kevin COUSIN <[email protected]> > wrote: > > Hi, > > > > ----- Mail original ----- > >> De: "Conrad Hoffmann" <[email protected]> > >> À: "Kevin COUSIN" <[email protected]>, [email protected] > >> Envoyé: Lundi 5 Octobre 2015 15:49:36 > >> Objet: Re: NOSRV error > > > >> Hi, > >> > >> (comments inline) > >> > >> On 10/05/2015 03:23 PM, Kevin COUSIN wrote: > >>> Hi list > >>> > >> > >> This usually means that there is no server in the backend because they > were > >> either misconfigured or taken out of the rotation, e.g. due to failed > >> health checks. > >> > > > > We disabled server tests to debug. > > Kevin, bear in mind that checks are never the problem, but they are > the solution ;) > > > >> > >> Not sure what exactly you want to achieve here. If you want to > loadbalance > >> on TCP level, HAProxy doesn't need to know anything about any TLS > parameters. > > > > > > It's a lab HAproxy instance, the ssl ciphers options are for some other > Layer 7 LB configuration. > > 43 > >>> > >>> I got the certificate on my server If I use openssl s_client. > >> > >> Can you elaborate on this? Are you connecting with s_client to haproxy > or > >> to your server? > >> Can you confirm that you want you web server to do the actual TLS > handshake > >> and not HAProxy? > > > > I'm connecting to my server with openssl, from the haproxy (to check if > SSL certificate is installed on the target). > > > > Yes, we want the backend server to do the TLS handshake. > > > > We try to LB the Citrix Broker : > > > > User -----> Citrix Netscaler Gateway -----> HAproxy ------> Citrix > Brokers > > > > We used the Windows NLB between Citrix NS Gateway and Citrix Brokers and > we want to replace it with HAproxy. > > With the HTTP frontend, we can see "HTTP/XML 479 POST > /Scripts/CtxSTA.dll HTTP/1.1". It doesn't work with HTTPS, the Netscaler > gateway seems to close the connection with FIN,ACK. > > > Why mixing HAProxy between citrix products? > > As Conrad said, there are servers available for your connection. you > should investigate first why the citrix brokers reject the traffic. > > Baptiste > > -- Best regards, Juriy Strashnov Please consider the environment before printing this email.
