Re: HAproxy / Reverse proxy Debian

Thu, 12 Jan 2017 05:15:39 -0800

Title: Re: HAproxy / Reverse proxy Debian
Bonjour Daniel,

I have resolved my problem, HAproxy do start now (ssl ok).
But when trying to reach my email server, I now do have a:

400 Bad gateway - The plain HTTP request was sent to HTTPS port - Nginx

It should not be the case because 'reqadd x-forwarded-proto:\ https' suppose to correct this ?? And with 'redirect scheme https if !{ ssl_fc }' it should be 100% full HTTPS.

frontend email-https
       bind *:444 ssl crt /etc/ssl/private/full_certs.crt
       reqadd X-Forwarded-Proto:\ https
       default_backend https-email

backend https-email
       redirect scheme https if !{ ssl_fc }
       server email_hostname ip_email_server:888

Thx





Le jeudi 12 janvier 2017 à 14:44:19, vous écriviez :


 Re-adding the list.

And:


 Do I have to "cat file.key file.crt file.pem > certi.chained.crt" ??

Yes. Though I am not sure what file.crt and file.pem are :)




Cheers,
Daniel


--
Daniel Schneller
Principal Cloud Engineer

CenterDevice GmbH                  | Hochstraße 11
                                  | 42697 Solingen
tel: +49 1754155711                | Deutschland
daniel.schnel...@centerdevice.de   | www.centerdevice.de

Geschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina,
Michael Rosbach, Handelsregister-Nr.: HRB 18655,
HR-Gericht: Bonn, USt-IdNr.: DE-815299431



 On 12. Jan. 2017, at 13:27, Thierry <lenai...@maelenn.org> wrote:

Hi,

You are right, I am using the v1.7.1-1 on Debian.
I do have paid ssl certificate (.key, .crt, .pem). They all are in non world-readable folder.
Do I have to "cat file.key file.crt file.pem > certi.chained.crt" ??

Thx


 Thierry,



always helps to know the haproxy version you use.
As for your error message, do you have private key, your site’s
certificate and all necessary chain certificates in the crt files you reference in your config?



IIRC they need to be in the order



1. key
2. site cert (“leaf”)
3. intermediates



Make sure to have these files not world-readable as they contain secret crypto material.



HTH,
Daniel








--
Cordialement,
Thierry                            e-mail : lenai...@maelenn.org

Reply via email to