Anyone have done the Configuration that I am stating in here? I tried with version 1.8.8 / 1.8.9
Somehow it seems, the connection gets established ( and uses H2 protocol but at some point in the requests some https requests fails stating invalid ssl response type of thing )
frontend marathon_https_proxy_in
bind-process 2
bind *:442 # accept-proxy (cannot use accept proxy?)
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl simpletest req.ssl_sni -i a.domain.i.own.com # ext1
use_backend alb_external_ssl if simpletest req.ssl_sni # ext2
backend alb_external_ssl
mode tcp
option ssl-hello-chk
default-server init-addr none resolvers dns resolve-prefer ipv4
server amazon-internal-alb-1 testalb.us-east-1.elb.amazonaws.com:443 resolvers dns resolve-prefer ipv4
server amazon-internal-alb-2 testalb.us-east-1.elb.amazonaws.com:443 resolvers dns resolve-prefer ipv4
Is something like this supposed to work ? I believe ALB doesn’t supports proxy protocol (yet) so unfortunately the IP of the original request is lost also…
Any inputs would be interesting if anyone else have tried that.
I figured out with multiple different configs, that at first it works, then after few requests it receives ERR_SSL_PROTOCOL_ERROR and at some point the worker process dies also…
This was using the latest 1.9-dev from github. I believe it probably have something to do with http/2
I dont think HA Proxy (without the SSL on it) can tell to only use http 1.1 protocol ?
Unless you want to test a particular feature or bugfix, I suggest you use a stable relase from haproxy.org instead (1.8.13 currently). There is no point in running a development release otherwise.
How do you know its H2? Where do you see this error, the browser?
You have provided a very limited picture of what you are trying to do and I am not sure what you mean here.
Please explain what the entire setup is supposed to accomplish and share the complete configuration.
And why does it exit? Does it segfault, does it get oom-killed?