well it is my more than 4 years old bond with HAproxy which can be broken
by mere ssl :)
Willy,
I apologize for sending little information below is the configuration in
question, I am not removing obvious one to make sure that i am not doing
any mistake here
===========
*global*
*log 127.0.0.1 local2chroot /var/lib/haproxypidfile
/var/run/haproxy.pidmaxconn 5000user haproxygroup
haproxydaemonstats socket /var/lib/haproxy/stats*
*defaults*
*mode httplog globaloption
httplogoption dontlognulloption
http-server-closeoption forwardfor except 127.0.0.0/8
<http://127.0.0.0/8>option redispatchretries
3timeout http-request 10stimeout queue 1mtimeout connect
10stimeout client 1mtimeout server 1mtimeout
http-keep-alive 10stimeout check 10smaxconn
5000stats enablestats uri /statsstats realm Haproxy\ Statisticsstats auth
haproxy:haproxy@197*
*frontend www-http*
*bind *:80 bind *:443 ssl crt /etc/haproxy/ssl/server.pem **reqadd
X-Forwarded-Proto:\ https if { ssl_fc }*
*default_backend test*
*backend test*
*server test1 assets.saas.xxxx.com:443 <http://assets.saas.xxxx.com:443>
check ssl verify none*
===========
with above configuration when my request is forwarded I get 404 from
*assets.saas.xxxx.com:443
<http://assets.saas.xxxx.com:443/>* , where as if i curl directly i am
getting successfully 200
Regards,
Rajiv
On Thu, Aug 11, 2016 at 11:49 AM, Willy Tarreau <[email protected]> wrote:
> Hi Rajiv,
>
> first, please don't resurrect 4-years old threads to ask a new question,
> that's the best way to ensure nobody will read it.
>
> On Thu, Aug 11, 2016 at 11:35:52AM +0530, Rajiv wrote:
> > Hi Expert,
> >
> > After a long period once again i need your help, actually i am kind of
> > stuck so please help
> > I have to forward my incoming ssl request to other host who is again on
> ssl
> >
> > both end points are ssl terminated are using their own certificates, so
> it
> > is possible?
>
> Well, I don't understand what difficulties you are facing as what you
> describe seems pretty common and you gave little information. Would you
> please post your current configuration here and explain what you tried
> to chage ? Have you looked for the word "ssl" in the documentation ?
>
> > if yes then please help me getting its configuration and i am very well
> > aware that same can be done in nginx
>
> If you feel more easy with configuring nginx, maybe you should switch to
> it. You should not be ashamed. There's no point in forcing yourself to
> use a product you find difficult to configure if another one serves you
> better. I mean both products are free!
>
> Regards,
> Willy
>
