Hi all,
I want to use haproxy to reverse proxy for a postgresql service
192.168.7.112 is haproxy (haproxy run as container) (postgres.mydomain.com resolve dns = 192.168.7.112)
192.168.0.205 is postgresql server
haproxy.cfg
global
log 127.0.0.1 local2 info
stats timeout 30s
daemon
maxconn 4096
defaults
log global
option tcplog
mode tcp
timeout connect 10s
timeout client 1m
timeout server 1m
frontend postgres_frontend
bind *:5434 ssl crt /etc/ssl/certs/mycert.pem
#bind *:5434
mode tcp
default_backend postgres_backend
backend postgres_backend
mode tcp
balance roundrobin
#option tcp-check
server postgres1 192.168.0.205:5434
mycert.pem is my valid wildcard certificate for *.mydomain.com with format
-----BEGIN CERTIFICATE-----
<Server Certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediate Certificate>
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
<Private Key>
-----END PRIVATE KEY-----
from a psql client on differrent host
psql "host=postgres.mydomain.com port=5434 dbname=mydb user=postgres password=***** sslmode=require"
psql: error: connection to server at "postgres.mydomain.com" (192.168.7.112), port 5434 failed: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
If I remove ssl from haproxy frontend config
frontend postgres_frontend
#bind *:5434 ssl crt /etc/ssl/certs/mycert.pem
bind *:5434
mode tcp
default_backend postgres_backend
and connect again without ssl , it works ok
psql "host=postgres.mydomain.com port=5434 dbname=mydb user=postgres password=***** sslmode=disable"
please give me some advice, thank you very much.