I have an HAProxy 1.7 server sitting in front of a number of Docker Enterprise Manager nodes and Worker nodes. The Worker nodes don't appear to have any problem with HAProxy terminating the SSL and connecting to them via HTTP. The Manager nodes are the problem. They insist on installing their own certificates (either self-signed or CA signed). They will only listen to HTTPS traffic.
So my generic frontend_main-ssl says: bind :443 ssl crt /etc/CONFIG/haproxy-1.7/certs/cert.pem The backend has the following server statement: server xxx 10.240.12.248:443 ssl verify none But apparently this doesn't work - the client gets the SSL certificate provided by the HAProxy server instead of the certificate provided by the Manager node. This causes the Manager node to barf. Do I have to make HAProxy listen on 8443 and just do a tcp frontend/backend for the Manager nodes? Norman Branitsky