Hi,
We’re in a situation where we’d like to use HAProxy to sit in front of a couple of 3rd party HTTP(S) proxies to ensure that we’re resilient in the case that one of them fails.
So far we have managed to configure a something basic, but we’re a little unsatisfied with using just a tcp-check since we’ve seen cases where HTTP devices will accept TCP connections but are not actually functioning. Ideally we’d like our checks to traverse the proxy and hit one of our services on the other side.
We tried to configure an httpchk but it’s not working because the endpoint we’d like to call through the proxy to is using SSL/TLS. It’s seemingly not possible since in this case we need to first ask the proxy to open a connection (i.e. CONNECT) to the HTTPS endpoint and then start sending requests using SSL. This is where we’re stuck.
Does anyone have any suggestions on how we might get this working? We’ve searched for “proxy” and “SSL" in the HAProxy docs but as you’d expect we get a lot of good but irrelevant information.
We’re running version 1.5.14.
Thanks,
Tom & Will
┌──────────┐ ┌──────────┐
│ │ │ │
│ │ │3rd party │
│ │ │ Explicit │
┌───▶│ HAProxy │───┬───▶│ HTTP(S) │────┐
│ │ │ │ │ Proxy │ │
┌──────────┐ │ │ │ │ │ │ │ ┌──────────┐
│ │ │ │ │ │ │ │ │ │ │
│ │ │ └──────────┘ │ └──────────┘ │ │ │
│ HTTP │ │ ▲ │ │ │ HTTPS │
│Client(s) │───┤ │VRRP │ ├───▶│ Endpoint │
│ │ │ ▼ │ │ │ │
│ │ │ ┌──────────┐ │ ┌──────────┐ │ │ │
│ │ │ │ │ │ │ │ │ │ │
└──────────┘ │ │ │ │ │3rd party │ │ └──────────┘
│ │ │ │ │ Explicit │ │
└───▶│ HAProxy │───┴───▶│ HTTP(S) │────┘
│ │ │ Proxy │
│ │ │ │
│ │ │ │
└──────────┘ └──────────┘
We’re in a situation where we’d like to use HAProxy to sit in front of a couple of 3rd party HTTP(S) proxies to ensure that we’re resilient in the case that one of them fails.
So far we have managed to configure a something basic, but we’re a little unsatisfied with using just a tcp-check since we’ve seen cases where HTTP devices will accept TCP connections but are not actually functioning. Ideally we’d like our checks to traverse the proxy and hit one of our services on the other side.
We tried to configure an httpchk but it’s not working because the endpoint we’d like to call through the proxy to is using SSL/TLS. It’s seemingly not possible since in this case we need to first ask the proxy to open a connection (i.e. CONNECT) to the HTTPS endpoint and then start sending requests using SSL. This is where we’re stuck.
Does anyone have any suggestions on how we might get this working? We’ve searched for “proxy” and “SSL" in the HAProxy docs but as you’d expect we get a lot of good but irrelevant information.
We’re running version 1.5.14.
Thanks,
Tom & Will
┌──────────┐ ┌──────────┐
│ │ │ │
│ │ │3rd party │
│ │ │ Explicit │
┌───▶│ HAProxy │───┬───▶│ HTTP(S) │────┐
│ │ │ │ │ Proxy │ │
┌──────────┐ │ │ │ │ │ │ │ ┌──────────┐
│ │ │ │ │ │ │ │ │ │ │
│ │ │ └──────────┘ │ └──────────┘ │ │ │
│ HTTP │ │ ▲ │ │ │ HTTPS │
│Client(s) │───┤ │VRRP │ ├───▶│ Endpoint │
│ │ │ ▼ │ │ │ │
│ │ │ ┌──────────┐ │ ┌──────────┐ │ │ │
│ │ │ │ │ │ │ │ │ │ │
└──────────┘ │ │ │ │ │3rd party │ │ └──────────┘
│ │ │ │ │ Explicit │ │
└───▶│ HAProxy │───┴───▶│ HTTP(S) │────┘
│ │ │ Proxy │
│ │ │ │
│ │ │ │
└──────────┘ └──────────┘