I have an HAProxy 1.7 server sitting in front of a number of Docker Enterprise 
Manager nodes and Worker nodes.
The Worker nodes don't appear to have any problem with HAProxy terminating the 
SSL and connecting to them via HTTP.
The Manager nodes are the problem.
They insist on installing their own certificates (either self-signed or CA 
They will only listen to HTTPS traffic.

So my generic frontend_main-ssl says:
bind :443  ssl crt /etc/CONFIG/haproxy-1.7/certs/cert.pem

The backend has the following server statement:
server xxx ssl verify none

But apparently this doesn't work - the client gets the SSL certificate provided 
by the HAProxy server
instead of the certificate provided by the Manager node. This causes the 
Manager node to barf.

Do I have to make HAProxy listen on 8443 and just do a tcp frontend/backend for 
the Manager nodes?

Norman Branitsky

Reply via email to