> Both listen directives on port 8443 uses SSL.
> With Nginx, listening options must be specified on only one "listen"
> directive for each address:port combination.
>
> So the "listen 10.0.80.1:8443" directive inherit parameters from
> "listen 10.0.80.1:8443 default_server ssl proxy_protocol"
True, but its always a good idea to simplify the configuration when
troubleshooting issues like this. For testing purposes therefor, you
should try with just one server declaration (e.g. what if nginx doesn't
propagate the proxy_protocol directive correctly due to a bug?).
To see if haproxy is behaving correctly tcpdump the failed SSL backend
session and check out how it looks on the wire. Then you will have evidence
whether haproxy or nginx is behaving incorrectly.
btw: you are using unencrypted backend traffic as well, whats the reason
to encrypt some but not all of the backend traffic?
Regards,
Lukas
