i’m migrating an haproxy setup to a new machine … when connecting to one server (backend stunnel-openvpn-backend) i receive the error the other entry haproxy stats (backend haproxy-backend) works fine. any ideas as what is wrong … i’ve used this cfg segment on a prior server.
OpenSSL error[0xa00010b] (null): wrong version number. (see cfg file below)
global
maxconn 100
daemon
tune.ssl.default-dh-param 2048
chroot /var/empty
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 600 expose-fd listeners level user
defaults
mode http
log global
option tcplog
option httplog
option logasap
option http-keep-alive
timeout connect 5000
timeout client 50000
timeout server 50000
timeout tunnel 1h
userlist AuthUsers
user dan password xxxxxxxxxxxxxxxxxxxxxxxxxx
listen stats
bind 192.168.1.167:9000
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
stats uri /haproxy?stats
frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend stunnel-openvpn-backend if { req.ssl_sni -i openvpn.pontebella.danmarotta.org }
default_backend https-back
frontend https-front
bind 127.0.0.1:9001 ssl crt /etc/letsencrypt/live/pontebella.danmarotta.org/haproxy.pem accept-proxy
mode http
use_backend haproxy-backend if { ssl_fc_sni -i haproxy.pontebella.danmarotta.org }
backend https-back
mode tcp
server https-front 127.0.0.1:9001 send-proxy-v2
Openvpn with stunnel
backend stunnel-openvpn-backend
mode tcp
timeout server 2h
server stunnel-openvpn 192.168.1.167:1194 check
Haproxy Stats
backend haproxy-backend
mode http
timeout server 2h
server haproxy 192.168.1.167:9000 no-ssl check
http-request redirect location /haproxy?stats if { path / }
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
acl auth_ok http_auth(AuthUsers)
http-request auth realm haproxy-stats unless auth_ok