Hi,
I don't understand why http mode is no able provide a backend server whereas at same time tcp mode is able to do it.
I am trying to setup Haproxy in front of an Influxdb database running on HTTPS.
When frontend is configured on http mode, requests are failing with NOSRV error.
When fronted is configure on tcp mod, requests are working.
Example below with http mode on tcp/8086 port and tcp mode on tcp/8087 with same backend:
#curl -G https://influxdb-drp.example.net:8086/query -u admin:'xxxx' --data-urlencode "q=SHOW DATABASES"
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
Haproxy log showing NOSRV and SC:
Jul 8 19:59:44 kalinga haproxy[26228]: 192.168.246.17:52946 [08/Jul/2017:19:59:44.661] https_influxdb~ https_influxdb/<NOSRV> -1/-1/136 212 SC 0/0/0/0/0 0/0
#curl -G https://influxdb-drp.example.net:8087/query -u admin:'xxxx' --data-urlencode "q=SHOW DATABASES"
{"results":[{"statement_id":0,"series":[{"name":"databases","columns":["name"],"values":[["_internal"]]}]}]}
Haproxy log:
Jul 8 20:00:16 kalinga haproxy[26228]: 192.168.246.17:37142 [08/Jul/2017:20:00:16.672] https_influxdb_tcp~ influxdb-drp.example.net/https_8086 0/2/123 332 -- 1/1/0/0/0 0/0
Haproxy configuration file:
-------------------------------------------------------------------------------
global
log /dev/log local1 debug
maxconn 4096
debug
tune.ssl.default-dh-param 4096
defaults
log global
mode tcp
option tcplog
retries 3
option redispatch
maxconn 4000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend https_influxdb
bind 192.168.246.17:8086 ssl crt /data/ssl_certs no-sslv3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:!MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES
mode http
option dontlognull
reqadd X-Forwarded-Proto:\ https
option http-server-close
option forwardfor
acl host_influxdb-drp.example.net hdr(host) -i influxdb-drp.example.net
use_backend influxdb-drp.example.net if host_influxdb-drp.example.net
frontend https_influxdb_tcp
bind 192.168.246.17:8087 ssl crt /data/ssl_certs no-sslv3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:!MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES
mode tcp
option dontlognull
option http-server-close
option tcplog
default_backend influxdb-drp.example.net
backend influxdb-drp.example.net
mode http
server https_8086 127.0.0.1:8086 check ssl verify none
-------------------------------------------------------------------------------
How can I configure Haproxy to work on http mode?
M.
I don't understand why http mode is no able provide a backend server whereas at same time tcp mode is able to do it.
I am trying to setup Haproxy in front of an Influxdb database running on HTTPS.
When frontend is configured on http mode, requests are failing with NOSRV error.
When fronted is configure on tcp mod, requests are working.
Example below with http mode on tcp/8086 port and tcp mode on tcp/8087 with same backend:
#curl -G https://influxdb-drp.example.net:8086/query -u admin:'xxxx' --data-urlencode "q=SHOW DATABASES"
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
Haproxy log showing NOSRV and SC:
Jul 8 19:59:44 kalinga haproxy[26228]: 192.168.246.17:52946 [08/Jul/2017:19:59:44.661] https_influxdb~ https_influxdb/<NOSRV> -1/-1/136 212 SC 0/0/0/0/0 0/0
#curl -G https://influxdb-drp.example.net:8087/query -u admin:'xxxx' --data-urlencode "q=SHOW DATABASES"
{"results":[{"statement_id":0,"series":[{"name":"databases","columns":["name"],"values":[["_internal"]]}]}]}
Haproxy log:
Jul 8 20:00:16 kalinga haproxy[26228]: 192.168.246.17:37142 [08/Jul/2017:20:00:16.672] https_influxdb_tcp~ influxdb-drp.example.net/https_8086 0/2/123 332 -- 1/1/0/0/0 0/0
Haproxy configuration file:
-------------------------------------------------------------------------------
global
log /dev/log local1 debug
maxconn 4096
debug
tune.ssl.default-dh-param 4096
defaults
log global
mode tcp
option tcplog
retries 3
option redispatch
maxconn 4000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend https_influxdb
bind 192.168.246.17:8086 ssl crt /data/ssl_certs no-sslv3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:!MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES
mode http
option dontlognull
reqadd X-Forwarded-Proto:\ https
option http-server-close
option forwardfor
acl host_influxdb-drp.example.net hdr(host) -i influxdb-drp.example.net
use_backend influxdb-drp.example.net if host_influxdb-drp.example.net
frontend https_influxdb_tcp
bind 192.168.246.17:8087 ssl crt /data/ssl_certs no-sslv3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:!MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES
mode tcp
option dontlognull
option http-server-close
option tcplog
default_backend influxdb-drp.example.net
backend influxdb-drp.example.net
mode http
server https_8086 127.0.0.1:8086 check ssl verify none
-------------------------------------------------------------------------------
How can I configure Haproxy to work on http mode?
M.