hi everybody,
i am new to haproxy and today found some kind of configuration weirdness
that gave me a headache.
i was configuring haproxy as ssl termination and used this config:
listen apps.https 1.2.3.4:443
bind 1.2.3.4:443 ssl crt /etc/haproxy/my_ha.pem
reqadd X-Forwarded-Proto:\ https
balance roundrobin
server webserver 192.168.201.124:80 check
the config test worked fine, and haproxy started to work without any
warning.
but my tests gave some weird results. accessing the page multiple times
often worked but some other times i received: "Error code:
ssl_error_rx_record_too_long" in firefox.
after some debugging without luck, i did this: netstat -tln and to my
surprise this was the result:
root@lb4:~# netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:443 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:443 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
so, i had the 443 port opened "twice". and in a roundrobin fashion, it
redirected me to one listening server or the other. and one of them was
binded to port 443 without any ssl configuration, so from time to time i
received an http plain response over 443 port.
i already know that I made a terrible mistake with the config, and already
fixed that.
just writing to let you know about this config weird config behaviour.
--
Roberto Scattini
i am new to haproxy and today found some kind of configuration weirdness
that gave me a headache.
i was configuring haproxy as ssl termination and used this config:
listen apps.https 1.2.3.4:443
bind 1.2.3.4:443 ssl crt /etc/haproxy/my_ha.pem
reqadd X-Forwarded-Proto:\ https
balance roundrobin
server webserver 192.168.201.124:80 check
the config test worked fine, and haproxy started to work without any
warning.
but my tests gave some weird results. accessing the page multiple times
often worked but some other times i received: "Error code:
ssl_error_rx_record_too_long" in firefox.
after some debugging without luck, i did this: netstat -tln and to my
surprise this was the result:
root@lb4:~# netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:443 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:443 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
so, i had the 443 port opened "twice". and in a roundrobin fashion, it
redirected me to one listening server or the other. and one of them was
binded to port 443 without any ssl configuration, so from time to time i
received an http plain response over 443 port.
i already know that I made a terrible mistake with the config, and already
fixed that.
just writing to let you know about this config weird config behaviour.
--
Roberto Scattini