Hi, I’m trying to figure out how to do the equivalent of this working nginx sample configuration using HAProxy 1.5-dev22:
server { listen 443 ssl default; ssl_certificate /etc/nginx/certs/cloud.appcelerator.com.combined.crt; ssl_certificate_key /etc/nginx/certs/cloud.appcelerator.com.key; location / { proxy_pass https://www.google.com:443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_next_upstream error; proxy_redirect off; } } HAProxy documentation such as http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-stick%20store-response indicates setting the backend mode to tcp: global maxconn 4000 daemon defaults timeout server 5s timeout connect 5s timeout client 5s frontend proxy-secure bind :443 ssl crt /etc/haproxy/cloud.appcelerator.com.pem reqadd X-Forwarded-Proto:\ https default_backend https backend https mode tcp server google-secure www.google.com<http://www.google.com>:443 However, this results in an empty response: $ curl -v https://haproxy-ssl-test.cloud.appcelerator.com * Adding handle: conn: 0x7f7fea003a00 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7f7fea003a00) send_pipe: 1, recv_pipe: 0 * About to connect() to haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com> port 443 (#0) * Trying 54.203.245.228... * Connected to haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com> (54.203.245.228) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * Server certificate: *.cloud.appcelerator.com<http://cloud.appcelerator.com> * Server certificate: Go Daddy Secure Certificate Authority - G2 * Server certificate: Go Daddy Root Certificate Authority - G2 * Server certificate: Go Daddy Class 2 Certification Authority > GET / HTTP/1.1 > User-Agent: curl/7.30.0 > Host: > haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com> > Accept: */* > * Empty reply from server * Connection #0 to host haproxy-ssl-test.cloud.appcelerator.com<http://haproxy-ssl-test.cloud.appcelerator.com> left intact curl: (52) Empty reply from server So I think that I am configuring the backend incorrectly. I can get https -> http proxying working just fine, but I need to be able to proxy (not redirect) to an https endpoint. Any suggestions are greatly appreciated. thanks! Mike -- Michael Goff Director of Engineering, DevOps Appcelerator, Inc. The Next Generation Mobile Platform