Olivier, Am 06.05.20 um 15:15 schrieb Olivier D: > This morning I tried to upgrade HAProxy 2.0.13 to 2.0.14 but had to > rollback immediately : some backends checks started to fail. > Error reported was : SOCKERR - SSL handshake failure > > The backends failing have a specific configuration as follows (I removed > anything unnecessary to trigger the issue) > listen webtruc:443 > mode tcp > bind X.X.X.X:443 > server xxx X.X.X.X:443 check weight 5 send-proxy-v2-ssl-cn check-ssl > verify none > > Backend is an Apache 2.4 with "RemoteIPProxyProtocol On". > In apache logs I have : > [remoteip:error] [pid 1067 [client XXXX:26847] AH03507: > RemoteIPProxyProtocol: unsupported command 20 > > I can link this error to this bugreport : > https://bz.apache.org/bugzilla/show_bug.cgi?id=63893 > So I applied this patch to Apache 2.4 and then get this error : > HAproxy side: L7STS Bad request > Apache side : RemoteIPProxyProtocol data is missing, but required! Aborting > request. > > I was not aware there were any change in the way HAProxy was doing its > checks over proxy-protocol in 2.0.14 ... any hint ?
This sounds like this issue we've seen with Dovecot: https://firstname.lastname@example.org/msg36890.html Try applying this commit: https://github.com/haproxy/haproxy/commit/02c88036a61e09d0676a2b6b4086af677b023b94 Best regards Tim Düsterhus