Hy sir, could someone help me please…
i want configure my server to hit https site using haproxy…
i already try so hard to raise my foal… but still fail…
Nov 09 02:59:02 HAPROXY haproxy[3051]: [ALERT] 312/025902 (3054) : Proxy ‘nodes’, server ‘web01’ [/etc/haproxy/haproxy.cfg:60] verify is enabled by default but no CA file specified. If you’re running on a LAN where you’re certain to trust the server’s certificate, please set an explicit ‘verify none’ statement on the ‘server’ line, or use ‘ssl-server-verify none’ in the global section to disable server-side verifications by default.
Well what you need to do is right there explained in the error message. Either configure a certificate-authority to verify the server certificate against or disable certificate verification with verify none.
Also, the frontend configuration is wrong, you cannot just configure bind :443 without any ssl settings or certificates. I assume you just want port 80 there, so I suggest you remove bind :443.
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE] spoe
“404 Not found” comes from your backend server. This means haproxy works and forwards traffic to and from your backend server.
Why your backend server respond with a 404 Not found response is something you’d have to find out: is the URL simply wrong? Does the backend server expect a specific Host header or SNI?
That’s exactly it. When you curl to the https site both Host header and SNI value are exactly what the backend server expects. When you curl to haproxy, both Host header and SNI value are certainly wrong, which is why your backend server does not recognize it, causing a 404 Not Found error in response.
Haproxy does not emit 404 Not Found errors at all.
Set SNI and Host header in your backend configuration:
i want access https site, https 1 and https 2 , when i access https site haproxy can balance traffic… thats what i want achieve sir… can i do that with haproxy?
Those are not serving the same content. emos.enseval.com is a website and api.enseval.com is not - the latter probably being some kind of API endpoint.
You cannot load-balance between the two.
I assume you want to switch requests belonging to the website to one server, and request belonging to the API to the other server. That’s not what round-robin load-balancing does though.
If that is the case, you need to distinguish between the two kinds of application at haproxy layer. You can do that with Host headers, for example, and then route to different backends based on that.
Emos and api is the same thing… they are handle same request… thats why i want use roundrobin… if i just hit emos, emos load will high… i want make it round robin so emos will not high again… thats why emos and api work togther to balance traffic and performance…
Emos and api is same sir… my server sent the same request to both… emos is primary and api is secondary… but if all traffic go to emos, emos load will high… thats why i want use roundrobin to balance performance emos and api…
Thats my point to achieve sir… many thanks sir… from here with love
The api server probably wants api.enseval.com as Hostname.
Try removing http-request set-header Host emos.enseval.com and adding http-send-name-header Host, this will add the servername as a Host header individually.
Still, this setup is very confusing. I assume you are not in control of the backend servers and are trying to solve a local client problem? Otherwise I’d recommend revamping this entire setup.