HAProxy community

Cert SSL + tomcat 7 not HA 1.5

#1

Guys good night,

I’ve updated my tomcat 7 application with java 8, and when I enable balancing with HAproxy who owns the SSL certificate up front. some things do not load on the page. Before I did everything I just updated the apps that are behind in HA. in browser research appears:

The “https: /xxxxxxxxxx/xxx/style/xxxne.css” feature has been blocked due to MIME type (“text / html”) does not match (X-Content-Type-Options: nosniff). [Learn More] TXXx .tp

The “https: //xxxxxxxxx/xxxx/script/xxxine.js” feature has been blocked because MIME type (“text / html”) does not match (X-Content-Type-Options: nosniff).

frontend Local_Server_https
bind *:443 ssl crt /etc/haproxy/certs/xxxxxxxxxx.xxxx.xx.pem
reqadd X-Forwarded-Proto:\ https
default_backend Serv

backend Serv
mode http
balance source
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1rnHost:localhost
server 50 xxxxxxxx:8080 cookie check
server 51 xxxxxxx:8080 cookie check
server 52 xxxxxxx:8080 cookie check

OBS - I had to remove HTTPS to run the application. Haproxy 1.5

haproxy -vv
HA-Proxy version 1.5.19 2016/12/25
Copyright 2000-2016 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.31 2012-07-06
Running on PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.