Le 29/01/2020 à 05:14, Igor Cicimov a écrit :
Hi all,

I'm asking this question here since I read in the docs that if I see "Ixxx" in the session "termination_state" log I should do so :-)

The error I got while experimenting with the HAP config is as follows:

Jan 29 03:33:44 ip-172-31-45-201 haproxy[124024]: <CLIENT_IP>:44296 [29/Jan/2020:03:33:44.952] fe_https~ host.mydomain.com/ <http://host.mydomain.com/><NOSRV> -1/-1/-1/-1/0 500 0 - - IR-- 1/1/5/0/3 0/0 "GET /api/search HTTP/1.1"

The command that produced it:

$ curl -vsSNiL -H "Host: host.mydomain.com <http://host.mydomain.com>" https://haproxy.example.com:8443/api/search

And the relevant haproxy-2.0.12 configuration (it's in AWS):

resolvers vpc
     nameserver dns1 <>
     accepted_payload_size 8192
     resolve_retries       30
     timeout resolve       1s
     timeout retry         2s
     hold valid            30s
     hold other            30s
     hold refused          30s
     hold nx               30s
     hold timeout          30s
     hold obsolete         30s

frontend fe_https
     bind *:8443 ssl crt /etc/haproxy/ssl.d/ alpn h2,http/1.1
     mode http
     option httplog
     use_backend %[req.hdr(host),word(1,:),lower]

backend host.mydomain.com <http://host.mydomain.com>
     mode tcp
     option tcp-check
     tcp-check connect port 443 ssl
     balance source
    default-server inter 60s downinter 30s rise 2 fall 2 slowstart 10s weight 100 ca-file /etc/ssl/certs/ca-certificates.crt on-marked-down shutdown-sessions     server myhost host.mydomain.com:443 <http://host.mydomain.com:443> verify none check resolvers vpc resolve-prefer ipv4

Hi Igor,

You cannot plug an HTTP frontend to a TCP backend. There are some checks during the configuration parsing to prevent this mistake. Unfortunately, you are using a dynamic expression to choose your backend. So it is not possible to warn you at startup. Use the http mode for your backend. It should solve your issue.

Christopher Faulet

Reply via email to