I am working through an issue where I can’t quite get HAProxy 1.7 to properly reverse proxy to a non-SSL connection to the backend server (Tomcat server on port 8090). The config line that fails is:
server <myhost.domain.com>:8090 maxconn 1000
However, if I configure HAProxy to proxy to an SSL connection on the backend server (port 8443) using the following line, it proxies without issue:
server <myhost.domain.com>:8443 ssl verify none cookie s1 maxconn 1000
Is there any downside to proxying a front end SSL (443) to a backend SSL connection (8443)?
Can you provide the “curl -vv” output against the frontend when the issue occurs (showing the 503 error) and can you provide the log message from haproxy (see example logging configuration)?
Here is the results of curl -vv <myhost.domain.com> I can’t determine if the 503 is being generated from the backend server, or the HAProxy:
About to connect() to <myhost.domain.com> port 443 (#0)
Trying 10.20.5.81…
Connected to wiki.corp.xperi.com (10.20.5.81) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Server certificate:
subject: CN=*.<mydomain.com,OU=Business Technologies,O=,L=San Jose,ST=CA,C=US
start date: Oct 31 00:00:00 2017 GMT
expire date: Nov 04 12:00:00 2020 GMT
common name: *.corp.xperi.com
issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: <myhost.domain.com>
Accept: /
HTTP 1.0, assume close after body
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
503 Service Unavailable
No server is available to handle this request.
Closing connection 0