503 Unavailable in ssl mode


#1

Hi,
I am new to HAProxy (its my first attempt).
I am trying to set up HAProxy in front of Kibana (on client nodes) in Elasticsearch cluster. Set up works fine for http requests (http://my_public_IP/p04), but gives 503 Unvailable reponse when tried with https (https://my_public_IP/p04)

I am using self signed certificate as it is in testing phase.
My config file is as follows

global
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 4000
tune.ssl.default-dh-param 2048
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/haproxy/ssl

ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

frontend http-in
bind *:80
mode http
default_backend p04
timeout connect 300s
timeout client 300s
timeout server 300s

frontend https-in
bind *:443 ssl crt /etc/ssl/haproxy/haproxy.pem no-sslv3
mode http
option forwardfor
option http-server-close
option httpclose
reqadd X-Forwarded-Proto:\ https
acl acl_kibana path_beg /p04
use_backend p04 if acl_kibana

backend p04
mode http
option redispatch
option forwardfor
option httpchk GET /
reqrep ^([^\ :])\ /p04/(.) \1\ /\2
server api-es-cn-1 10.130.0.9:5601 check inter 1000 fastinter 500 rise 2 fall 1
server api-es-cn-2 10.130.0.18:5601 check inter 1000 fastinter 500 rise 2 fall 1 backup
timeout connect 300s
timeout client 300s
timeout server 300s

defaults
option forwardfor
log global
mode http
option httplog
option dontlognull
option http-keep-alive
option http-server-close
timeout http-keep-alive 5m
timeout http-request 5s
timeout connect 300s
timeout client 300s
timeout server 300s
timeout check 300s
stats hide-version
stats refresh 10s

I can see my certificate (.pem) in the following format

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

I am stuck and can’t figure out what’s missing!!

Thanks in advance for your help.

muj33b