Http health check with SSL backend

cavemandaveman · October 5, 2016, 9:05pm

Hello, I’m having a problem with haproxy health checks.

I have a backend that is serving the main service on HTTPS 8443 and serving a health endpoint on HTTP 9000.

Is there a way to have the haproxy health check over http while the backend server is https? My current config (which does not work) looks like this:

backend my_backend
  mode http
  timeout check 2000
  option httpchk GET "/health" "HTTP/1.0"
  cookie my-cookie insert nocache postonly domain example.com
  server my_server 10.42.38.175:8443 ssl verify none check port 9000 inter 2000 rise 2 fall 3 cookie my_server
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Port %[dst_port]

I’m thinking the issue is that because there is the ssl option on the server line, it’s expecting everything to be SSL, even the check port? Is there a way around this?

cavemandaveman · October 6, 2016, 6:17pm

Please ignore this thread. The above config does work.

The root cause of my issue was due to the fact that haproxy closes the health check connection with RST instead of FIN, and therefore I was seeing ClientAbortException errors in my backend application. Totally different topic.

Topic		Replies	Views
Healthcheck on HTTP port with redirection to HTTPS Help!	2	1458	September 16, 2021
L6RSP health-check error on the SSL-backend Help!	10	12953	January 21, 2021
Configure Backend have different health-check endpoints Help!	0	705	August 15, 2019
Why does health checking break my TCP proxy Help!	1	4453	June 6, 2016
HAProxy 1.9.4 http healthcheck for h2 backends Help!	1	863	March 14, 2019

Http health check with SSL backend

Related Topics