Haproxy passthru errors with more backend navigating from firefox

ignazioc · November 11, 2022, 4:31pm

Hello Everyone,
I have a strange problem with my haproxy.
I have a setup like this

frontend localhost443
bind *:443
option tcplog
mode tcp
acl tls req.ssl_hello_type 1
acl is_logwatch req.ssl_sni -i logwatch.nivolapiemonte.it
acl is_rancher req.ssl_sni -i nivola-rancher.glb.nivolapiemonte.it
use_backend backend-logwatch if is_logwatch
use_backend backend-rancher if is_rancher

backend backend-logwatch
mode tcp
option ssl-hello-chk
server elk-to2-kibana-user 10.138.154.38:443 check

ackend backend-rancher
mode tcp
option ssl-hello-chk
server nivola-rancher01 10.138.154.191:443 check

If on my firefox browser I cannot open two tabs with logwatch.nivolapiemonte.it and nivola-rancher.glb.nivolapiemonte.it.

One of them gives me:

404 Not Found

It works if one of them is opened in firefox private window.
Please help me.
Ignazio

lukastribus · November 12, 2022, 7:47am

The browser will reuse a TLS session for a different hostname, if the server certificate validates for it.

So … if you have a logwatch.nivolapiemonte.it and nivola-rancher.glb.nivolapiemonte.it SANs on the same certificate or a corresponding wildcard certificate, then this is what will happen.

You need to use specific certificates to avoid this problem.

ignazioc · November 12, 2022, 10:07am

Thanks.
Ignazio

Topic		Replies	Views
Haproxy with hashicorp vault Help!	10	2222	October 25, 2022
ACL filters when using mode tcp? Help!	3	4923	August 27, 2021
SSL passthru not working Help!	4	582	December 10, 2020
SSL Passthrough Not Working Help!	2	8553	March 18, 2020
Ignore / pass-through SSL for some domains and terminate / decrypt for other Help!	2	2565	October 20, 2020

Haproxy passthru errors with more backend navigating from firefox

404 Not Found

Related topics