I can hit my backend servers through a browser just fine. On the HAProxy machine, I can curl successfully to the backend servers as well and get the expected response. I the configuration I put above, there was no browser output. I’ve changed it to the following:
backend nodes
server servername1 12.12.12.12:9900 check ssl verify none
And I get 502 Bad Gateway
The server returned an invalid or incomplete response.
I’d like to leave certificates out of haproxy, and just have it pass everything to the backend. I apologize in advance for switching the config around, just trying anything at this point
What this test was supposed to show is whether you can curl to your backend server by using the ip address only, instead of the hostname, to check whether or not the backend server needs Host header or SNI.
Does it work when you curl with the IP address only?
Please remove the check keyword from the server configuration for now; you don’t need another variable in there if nothing works in the first place.
This may be a SSL issue at this point. Can you provide the output of haproxy -vv as well as your default/global configuration? The (successful) curl -v output regarding the SSL handshake would help as well as ultimately a tcpdump capture between haproxy and the backend server (something like tcpdump -pns0 -w ssl.cap port 9900).