Hi there! I’m new to Haproxy, I’m trying to achive this goal:
Redirect port 81 traffic to port 81 on my apache2 server
Redirect port 4043 traffic to port 443 on my apache2 server
Haproxy and Apache are running on same raspberry machine (192.168.0.100)
I copy my actual configuration here:
frontend http
mode http
log 127.0.0.1:514 local0 info
bind 192.168.0.100:81
bind 192.168.0.100:4043 ssl crt /etc/letsencrypt/live/mysite.com/mysite.com.pem
option forwardfor except 127.0.0.0/8
timeout connect 10s
timeout server 100s
default_backend http
backend http
mode http
log 127.0.0.1:514 local0 info
server s1 192.168.0.100:443 check maxconn 20
server s2 192.168.0.100:80 check maxconn 20
timeout connect 10s
timeout server 100s
My router (192.168.0.1) send 80 and 443 req. to 81 and 4043 on 192.168.0.100
Please help!
I always receive from browser:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.38 (Raspbian) Server at paulbonvi.com Port 80
You cannot mix and load balance between HTTP and HTTPS.
Separate them.
defaults
mode tcp
frontend http
bind 192.168.0.100:81
default_backend httpbk
backend httpbk
server s2 192.168.0.100:80 check maxconn 20
frontend https
bind 192.168.0.100:4043
default_backend httpsbk
backend httpsbk
server s1 192.168.0.100:443 check maxconn 20
1 Like
Thank You very much for your time and help, lukastribus.
I tried your .cfg but obtain always the same result, bad request…
Please help me!!! I can’t give up and it’s 3 days I’m trying everything…
I just added my “ssl cert /etc/…” at line bind… :443
Do NOT add your SSL certificates here. Doing so will break the configuration.
You want tcp port 4043 to connect to 443 transparently. You don’t need an SSL certificate to connect 2 TCP ports together. When you add ssl configuration there, then Haproxy decrypts it and you end up sending unencrypted traffic to port 443.
Just use the configuration I proposed.
Obviously You were right, and now it works! Thks again so much.
Now I’m going to try to complete with the part that really require the usage of Haproxy, which is to secure websocket connection /wss … to my 8181 port. But never mind lukastribus, before to stress You again I have to try about 150 directions by as many sites talkin’ about haproxy !!!
Have a nice sunday,
Sorry Lukastribus… I can’t find a working solution to my problem.
I understood that I have to work on layer 7 to redirect https call wss to my websocket server listening on 8181 port. By the way all the solutions I found on google didn’t work… trying to recognize the https upgrade request and proxying to my ws server.
Could You (or anyone else…) please help me again ? Thanks so much