Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Thierry
Title: Re: HAproxy / Reverse proxy Debian Bonjour Daniel, From my first post, you can see the config with ssl. To switch to TCP mode, I have removed: - All ciphers - In defaults, I have switch from "mode http" to "mode tcp" - In frontend email-https, I have remove "

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Daniel Schneller
, > Michael Rosbach, Handelsregister-Nr.: HRB 18655, > HR-Gericht: Bonn, USt-IdNr.: DE-815299431 > > > > On 12. Jan. 2017, at 14:14, Thierry <lenai...@maelenn.org > <mailto:lenai...@maelenn.org>> wrote: > > Re: HAproxy / Reverse proxy Debian > Bonjour D

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Thierry
Title: Re: HAproxy / Reverse proxy Debian Bonjour Daniel, I am not sure to understand. I am using iRedMail as email server. This email server do have ssl/TLS activated. ** listen 888 http2;        ssl on;    ssl_certificate /etc/ssl/certs/cert.chained.crt;    ssl_certificate_key /etc

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Daniel Schneller
Sounds as if you have nginx set up for TLS termination, too. This does not make sense, because haproxy will already have decrypted the traffic. Make sure nginx does not expect https on what in your config would be ip_email_server:888. -- Daniel Schneller Principal Cloud Engineer

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Thierry
Title: Re: HAproxy / Reverse proxy Debian Bonjour Daniel, I have resolved my problem, HAproxy do start now (ssl ok). But when trying to reach my email server, I now do have a: 400 Bad gateway - The plain HTTP request was sent to HTTPS port - Nginx It should not be the case because 'reqadd x

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Daniel Schneller
Re-adding the list. And: > Do I have to "cat file.key file.crt file.pem > certi.chained.crt" ?? Yes. Though I am not sure what file.crt and file.pem are :) Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11

Re: HAproxy / Reverse proxy Debian

2017-01-12 Thread Daniel Schneller
Thierry, always helps to know the haproxy version you use. As for your error message, do you have private key, your site’s certificate and all necessary chain certificates in the crt files you reference in your config? IIRC they need to be in the order 1. key 2. site cert (“leaf”) 3.

HAproxy / Reverse proxy Debian

2017-01-12 Thread Thierry
Hi, Hi, Seems to have a little problem with my SSL config: ... ... # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This