Thanks Baptiste for sharing documents Actually error says 400 and it further says that http request is being sent https so it seems to be proxy generated error.
ssl/tsl passthrough what i am trying to achieve with following configuration, but failing to do so global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 5000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats ssl-server-verify none defaults mode http log global option httplog option dontlognull option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 5000 stats enable stats uri /stats stats realm Haproxy\ Statistics stats auth haproxy:haproxy@197 frontend www-https mode tcp bind *:443 ssl crt /etc/haproxy/ssl/server.pem acl is_pg-risk-home url_beg /home backend pg-risk-home balance roundrobin mode tcp server pg-risk1 itscenter.alipay.com:443 check I know i am missing something very silly here... Regards, Rajiv On Thu, Aug 11, 2016 at 3:10 PM, Baptiste <[email protected]> wrote: > Hi, > > A few interesting pages for you: > http://haproxy.com/doc/hapee/1.5/traffic_management/tls.html > http://haproxy.com/doc/hapee/1.5/deployment_guides/tls_layouts.html > > Please note that 404 sounds more a server issue :) > > Baptiste > > > > On Thu, Aug 11, 2016 at 9:03 AM, Rajiv <[email protected]> wrote: > >> well it is my more than 4 years old bond with HAproxy which can be broken >> by mere ssl :) >> >> Willy, >> I apologize for sending little information below is the configuration in >> question, I am not removing obvious one to make sure that i am not doing >> any mistake here >> >> =========== >> >> *global* >> >> >> >> >> >> >> >> >> *log 127.0.0.1 local2chroot /var/lib/haproxypidfile >> /var/run/haproxy.pidmaxconn 5000user haproxygroup >> haproxydaemonstats socket /var/lib/haproxy/stats* >> >> >> >> *defaults* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *mode httplog globaloption >> httplogoption dontlognulloption >> http-server-closeoption forwardfor except 127.0.0.0/8 >> <http://127.0.0.0/8>option redispatchretries >> 3timeout http-request 10stimeout queue 1mtimeout connect >> 10stimeout client 1mtimeout server 1mtimeout >> http-keep-alive 10stimeout check 10smaxconn >> 5000stats enablestats uri /statsstats realm Haproxy\ Statisticsstats auth >> haproxy:haproxy@197* >> >> >> >> *frontend www-http* >> >> >> >> *bind *:80 bind *:443 ssl crt /etc/haproxy/ssl/server.pem **reqadd >> X-Forwarded-Proto:\ https if { ssl_fc }* >> *default_backend test* >> >> >> *backend test* >> >> *server test1 assets.saas.xxxx.com:443 <http://assets.saas.xxxx.com:443> >> check ssl verify none* >> >> =========== >> >> with above configuration when my request is forwarded I get 404 from >> *assets.saas.xxxx.com:443 >> <http://assets.saas.xxxx.com:443/>* , where as if i curl directly i am >> getting successfully 200 >> >> Regards, >> Rajiv >> >> On Thu, Aug 11, 2016 at 11:49 AM, Willy Tarreau <[email protected]> wrote: >> >>> Hi Rajiv, >>> >>> first, please don't resurrect 4-years old threads to ask a new question, >>> that's the best way to ensure nobody will read it. >>> >>> On Thu, Aug 11, 2016 at 11:35:52AM +0530, Rajiv wrote: >>> > Hi Expert, >>> > >>> > After a long period once again i need your help, actually i am kind of >>> > stuck so please help >>> > I have to forward my incoming ssl request to other host who is again >>> on ssl >>> > >>> > both end points are ssl terminated are using their own certificates, >>> so it >>> > is possible? >>> >>> Well, I don't understand what difficulties you are facing as what you >>> describe seems pretty common and you gave little information. Would you >>> please post your current configuration here and explain what you tried >>> to chage ? Have you looked for the word "ssl" in the documentation ? >>> >>> > if yes then please help me getting its configuration and i am very well >>> > aware that same can be done in nginx >>> >>> If you feel more easy with configuring nginx, maybe you should switch to >>> it. You should not be ashamed. There's no point in forcing yourself to >>> use a product you find difficult to configure if another one serves you >>> better. I mean both products are free! >>> >>> Regards, >>> Willy >>> >> >> >
