Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Justin Rush
Using 1.5-dev25. Sometimes for transitional support, we need to temporarily use a non-standard port for frontend SSL traffic. Is there anything that might prevent identical requests from matching the below frontend/backend if they're sent to :8080 instead of :443? frontend https-in bind *:443

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Manfred Hollstein
Hi Justin, On Tue, 03 Jun 2014, 17:56:49 +0200, Justin Rush wrote: [...] The following is the output and log entry from a request to port 443: $ curl -k https://proxy.prod/health OK haproxy[4424]: 10.20.30.40:53283 [03/Jun/2014:15:49:03.097] https-in~ app.prod/app1 455/0/97/4/556 200

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Justin Rush
Hi Manfred, On Tue, Jun 3, 2014 at 11:12 AM, Manfred Hollstein mhollst...@t-online.de wrote: Can you try if curl -k http://proxy.prod:8080/health; works? If I'm not mistaken, https:// implicitly uses port 443, but don't know how the explicit :8080 might interfere with that. As I expected,

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread PiBa-NL
Justin Rush schreef op 3-6-2014 18:19: Hi Manfred, On Tue, Jun 3, 2014 at 11:12 AM, Manfred Hollstein mhollst...@t-online.de mailto:mhollst...@t-online.de wrote: Can you try if curl -k http://proxy.prod:8080/health; works? If I'm not mistaken, https:// implicitly uses port 443,

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread PiBa-NL
Justin Rush schreef op 3-6-2014 18:19: Hi Manfred, On Tue, Jun 3, 2014 at 11:12 AM, Manfred Hollstein mhollst...@t-online.de mailto:mhollst...@t-online.de wrote: Can you try if curl -k http://proxy.prod:8080/health; works? If I'm not mistaken, https:// implicitly uses port 443,

RE: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Lukas Tribus
Hi guys, Hi Manfred, On Tue, Jun 3, 2014 at 11:12 AM, Manfred Hollstein mhollst...@t-online.demailto:mhollst...@t-online.de wrote: Can you try if curl -k http://proxy.prod:8080/health; works? If I'm not mistaken, https:// implicitly uses port 443, but don't know how the

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Justin Rush
On Tue, Jun 3, 2014 at 12:25 PM, PiBa-NL piba.nl@gmail.com wrote: Can you give it a try with: use_backend ssl_app if { hdr_sub(host) -i app.prod:8080 } Think ive seen at least with sni requests that the (non standard) port is part of the sni name indication, not sure about how plain

Re: Multiple/non-standard ssl ports on one frontend?

2014-06-03 Thread Justin Rush
Hi there! On Tue, Jun 3, 2014 at 12:44 PM, Lukas Tribus luky...@hotmail.com wrote: Justin, can you double check that you are in fact using hdr_sub? My apologies: Through a layer of human-abstraction and another layer of config sanitization, I discovered that we were using hdr_end instead of