Backend HTTP fallback?

Hi guys,

I’m running a rocket chat server on port 3000 which I secured with ha proxy. I thought I setup rocket chat with caddy to accept SSL connections on port 3000. So I configured haproxy backend to connect to port 3000 SSL:

backend RocketChat_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server RocketChat 192.168.10.215:3000 id 103 ssl verify none

It worked perfect, so I did not care further. Now, by instance, I checked caddy on the rocket chat, it was not working for some reason and I could not open the rocket chat server via the IP and HTTPS directly. It only works via IP and HTTP. But, if I connect through haproxy, everything works fine. In the haproxy logs I can see some SSL failures but it’s working. So does the haproxy use some kind of HTTP fallback here, if HTTPS is not working?

Thanks for a short answer…

Chris

Hi, me again. So I think there is no HTTP fallback, it is more or less a bug in pfSense. I use haProxy in pfSense CE 2.7.2. I simply edited the rocket chat backend, and ticked the SSL checkmark, saved the settings and manually restarted the haProxy service with the circled arrow. But this did obviously not enable SSL, because it still worked while rocket chat was not providing a SSL connection. A restart of the whole pfSense system then activated SSL: The connection was no longer working, I got a 503 message.
But on the other side disabling SSL worked immediately without a manual service restart and also without a reboot of the whole pfSense. So maybe there is something a bit buggy…

Can anyone confirm or disconfirm my analysis? Or is it even a feature, not a bug?

Thanks!
Chris