Http health check with SSL backend


#1

Hello, I’m having a problem with haproxy health checks.

I have a backend that is serving the main service on HTTPS 8443 and serving a health endpoint on HTTP 9000.

Is there a way to have the haproxy health check over http while the backend server is https? My current config (which does not work) looks like this:

backend my_backend
  mode http
  timeout check 2000
  option httpchk GET "/health" "HTTP/1.0"
  cookie my-cookie insert nocache postonly domain example.com
  server my_server 10.42.38.175:8443 ssl verify none check port 9000 inter 2000 rise 2 fall 3 cookie my_server
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Port %[dst_port]

I’m thinking the issue is that because there is the ssl option on the server line, it’s expecting everything to be SSL, even the check port? Is there a way around this?


#2

Please ignore this thread. The above config does work.

The root cause of my issue was due to the fact that haproxy closes the health check connection with RST instead of FIN, and therefore I was seeing ClientAbortException errors in my backend application. Totally different topic.