HAProxy SSL offloading/termination


#1

Hello everyone,

I’m trying to setup HAProxy with SSL offloading/termination.
Basically I have HAProxy in front of a Docker Container where is running WebLogic.

This is my configuration :

global
ca-base /etc/pki/tls/certs
chroot /var/lib/haproxy
crt-base /etc/pki/tls/certs
daemon
group haproxy
log localhost local0
maxconn 2000
ssl-server-verify none
tune.ssl.default-dh-param 2048
user haproxy

defaults
log global
maxconn 2000
mode http
option redispatch
option httplog
option dontlognull
option log-separate-errors
retries 3
timeout http-request 5s
timeout queue 50000
timeout connect 5000
timeout client 50000
timeout server 50000
timeout check 10s

listen stats
bind *:1936 ssl crt /etc/haproxy/full_cert_host_v2.pem
mode http
stats enable
stats hide-version
stats uri /haproxy?stats
stats realm Haproxy\ Statistics
stats refresh 10s
stats show-legends

listen weblogic
bind :10000 ssl crt /etc/haproxy/full_cert_host_v2.pem
log global
mode http
balance roundrobin
cookie JSESSIONID prefix indirect nocache
maxconn 2002
option httplog
option httpchk HEAD /console
option http-server-close
option forwardfor
timeout check 10s
timeout http-keep-alive 3000
server 172.17.0.2 172.17.0.2:8001 cookie 172.17.0.2 maxconn 256 check inter 2000 rise 2 fall 5.

When I try to connect to https:// host:10000/console I have this :

[root@host haproxy]# wget https:// host:10000/console
–2017-03-31 16:29:57-- https:// host:10000/console
Resolving host (host)… host, hostIPv6
Connecting to host (host)|host|:10000… connected.
HTTP request sent, awaiting response… 302 Moved Temporarily
Location: http:// host:10000/console/ [following]
–2017-03-31 16:29:57-- http:// host:10000/console/
Connecting to host (host)|host|:10000… connected.
HTTP request sent, awaiting response… No data received.
Retrying.

instead if I try direct to access to the container I obtain something like that :

[root@host haproxy]# wget 172.17.0.2:8001/console
–2017-03-31 16:34:04-- http:// 172.17.0.2:8001/console
Connecting to 172.17.0.2:8001… connected.
HTTP request sent, awaiting response… 302 Moved Temporarily
Location: http:// 172.17.0.2:8001/console/ [following]
–2017-03-31 16:34:04-- http:// 172.17.0.2:8001/console/
Reusing existing connection to 172.17.0.2:8001.
HTTP request sent, awaiting response… 302 Moved Temporarily
Location: http:// 172.17.0.2:8001/console/login/LoginForm.jsp [following]
–2017-03-31 16:34:04-- http:// 172.17.0.2:8001/console/login/LoginForm.jsp
Reusing existing connection to 172.17.0.2:8001.
HTTP request sent, awaiting response… 200 OK

Someone could help to figure out how fix it ?
Thank you a lot!

Cheers,
Antonio


#2

Your backend redirects from HTTPS to HTTP, at which point haproxy it no longers works (of corse HTTP on port 10000 is not available, this is a HTTPS port only). Find out why your backend emits a redirect to HTTP and fix it.