Hi, Mitch Try to change <frontend www-https *:443> into <frontend www-https>
Regards, Seri 2015-11-17 20:27 GMT+09:00 Mitch <[email protected]>: > Hi everyone, > > not sure if this is the right place to request help (first time mailing to > a mailing list :-)), but I give it a try. > > I'm trying to setup a haproxy for SSL offloading for multiple hosts. This > works perfect with this config: > > > -------------------------------------------------------------------- > -------------------------------------------------------------------- > > # Example configuration for a possible web application. See the > # full configuration options online. > # > # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt > # > #--------------------------------------------------------------------- > > #--------------------------------------------------------------------- > # Global settings > #--------------------------------------------------------------------- > global > # to have these messages end up in /var/log/haproxy.log you will > # need to: > # > # 1) configure syslog to accept network log events. This is done > # by adding the '-r' option to the SYSLOGD_OPTIONS in > # /etc/sysconfig/syslog > # > # 2) configure local2 events to go to the /var/log/haproxy.log > # file. A line like the following can be added to > # /etc/sysconfig/syslog > # > # local2.* /var/log/haproxy.log > # > log 127.0.0.1 local2 > > chroot /var/lib/haproxy > pidfile /var/run/haproxy.pid > maxconn 15000 > user haproxy > group haproxy > daemon > > # turn on stats unix socket > stats socket /var/lib/haproxy/stats > > #tune.ssl.default-dh-param 2048 > > #--------------------------------------------------------------------- > # common defaults that all the 'listen' and 'backend' sections will > # use if not designated in their block > #--------------------------------------------------------------------- > defaults > mode http > log global > option httplog > option dontlognull > option http-server-close > option forwardfor except 127.0.0.0/8 > option redispatch > retries 3 > timeout http-request 10s > timeout queue 1m > timeout connect 10s > timeout client 1m > timeout server 1m > timeout http-keep-alive 10s > timeout check 10s > maxconn 11000 > > #--------------------------------------------------------------------- > # main frontends which proxys to the backends > #--------------------------------------------------------------------- > > > frontend www-https *:443 > bind *:443 ssl crt /etc/ssl/private/starmyhostname.pem no-sslv3 > > #Define hosts & ACL's > acl host_BEADHOSTWWW01 hdr(host) -i wwwtest.myhostname.eu > acl host_BEADHOSTKB01 hdr(host) -i kb.myhostname.eu > > #Define which backend to use for each host > use_backend BEADHOSTWWW01 if host_BEADHOSTWWW01 > use_backend BEADHOSTKB01 if host_BEADHOSTKB01 > > #--------------------------------------------------------------------- > # Backends > #--------------------------------------------------------------------- > backend BEADHOSTWWW01 > option httpclose > cookie JSESSIONID prefix > mode http > server WWW01 172.26.75.10:80 cookie A check > > backend BEADHOSTKB01 > option httpclose > cookie JSESSIONID prefix > mode http > server KB01 172.26.75.2:80 cookie A check > > > -------------------------------------------------------------------- > -------------------------------------------------------------------- > > However, in some cases (lets say 1 out of 20), I receive a > ERR_SSL_PROTOCOL_ERROR (chrome) or ssl_error_rx_record_too_long (firefox). > Hitting F5 solves the issue instantly, but it comes back after a while. > > Anyone knows what could be the reason for this, and how to solve this? I > am kind of lost. > > Thanks a lot for your help! > > Mitch >

