Olivier,

Am 06.05.20 um 15:15 schrieb Olivier D:
> This morning I tried to upgrade HAProxy 2.0.13 to 2.0.14 but had to
> rollback immediately : some backends checks started to fail.
> Error reported was : SOCKERR - SSL handshake failure
> 
> The backends failing have a specific configuration as follows (I removed
> anything unnecessary to trigger the issue)
> listen webtruc:443
>     mode tcp
>     bind X.X.X.X:443
>     server xxx X.X.X.X:443 check weight 5 send-proxy-v2-ssl-cn check-ssl
> verify none
> 
> Backend is an Apache 2.4 with "RemoteIPProxyProtocol On".
> In apache logs I have :
> [remoteip:error] [pid 1067 [client XXXX:26847] AH03507:
> RemoteIPProxyProtocol: unsupported command 20
> 
> I can link this error to this bugreport :
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63893
> So I applied this patch to Apache 2.4 and then get this error :
> HAproxy side: L7STS Bad request
> Apache side : RemoteIPProxyProtocol data is missing, but required! Aborting
> request.
> 
> I was not aware there were any change in the way HAProxy was doing its
> checks over proxy-protocol in 2.0.14 ... any hint ?

This sounds like this issue we've seen with Dovecot:
https://www.mail-archive.com/haproxy@formilux.org/msg36890.html

Try applying this commit:
https://github.com/haproxy/haproxy/commit/02c88036a61e09d0676a2b6b4086af677b023b94

Best regards
Tim Düsterhus

Reply via email to