Moving SSL termination from web server to HAProxy - L7 Timeout

kingsloi · July 17, 2018, 11:29am

Hi,

I’m sure it’s something that I am overseeing.

I am moving from my web servers (apache/httpd) handling ssl termination, and instead handling ssl termination on the HAProxy instance instead. I already have the same setup for a different site of mine with HAProxy, but with nginx as my web server, and that works perfectly. I’ve copied the working config, but switched out the ip/addresses but to no avail.

Here’s my config:
https://hastebin.com/oxademeqar.pl

Here’s my status page:
https://imgur.com/5xIQXsT

I have disabled the http -> https redirect on my web server, and instead just have a standalone vhost (I can post here if needed).

Any advice would be much, much appreciated!

lukastribus · July 17, 2018, 11:52am

Your health check fails with L7TOUT, meaning a layer 7 timeout.

Make sure your backend server responds to the healthcheck request coming from haproxy. Maybe tcpdump and checkout what happens at layer 7, and chechkout backend logs.

Topic		Replies	Views
Http health check with SSL backend Help!	1	5768	October 6, 2016
A proper way to do SSL health check? Help!	9	13552	January 22, 2021
SSL termination, listening but not working Help!	1	2053	July 11, 2017
Layer6 timeout, check duration Help!	1	2889	October 11, 2016
Healthcheck on HTTP port with redirection to HTTPS Help!	2	1462	September 16, 2021

Moving SSL termination from web server to HAProxy - L7 Timeout

Related topics