Hello,
I am trying to setup haproxy with two way authentication. While the frontend
looks good one of the backends is giving me headaches with ssl handshake
failures.
Here is how the frontends and backends does look like:
frontend http-in
bind 69.64.57.197:80
redirect scheme https code 301 if !{ ssl_fc }
frontend https-in
bind 10.0.0.2:443 ssl crt /etc/ssl/certs/veracityid.com.crt
mode http
acl client_ssl path_beg /service/ws
use_backend test_client_ssl if client_ssl
default_backend test_all
backend test_all
mode http
balance leastconn
timeout connect 1s
timeout server 300s
timeout queue 30s
option redispatch
retries 3
cookie rc_cookie_vers insert indirect nocache secure
server usloft4778 192.168.0.1:8080 cookie rc_cookie_vers check inter
1000 fastinter 500 rise 2 fall 1
server loft10179 192.168.0.2:8080 cookie rc_cookie_vers check inter
1000 fastinter 500 rise 2 fall 1
backend test_client_ssl
mode http
balance leastconn
timeout connect 1s
timeout server 300s
timeout queue 30s
option httpchk GET "/service/ws" "HTTP/1.0"
cookie rc_cookie_vers insert indirect nocache secure
server usloft4778 192.168.0.1:8080 ssl verify required ca-file
/etc/ssl/certs/ca_full.crt crt /etc/ssl/certs/client.crt
server loft10179 192.168.0.2:8080 ssl verify required ca-file
/etc/ssl/certs/ca_full.crt crt /etc/ssl/certs/client.crt
Any suggestion to make this work?
Thanks in advance
Peter
