I am in the process of setting up HAProxy for Oracle OEM traffic as below:
OMS server (SSL) → HAProxy server → Multiple DB servers (SSL)
HAProxy is not able to identify for which DB server traffic is to go to hence sending everything to default_backen and removing the default_backend results into " handshake has no peer" error in OEM. Anyone else ran into this, please share the resolution?
Configuration is as below:
frontend SSL_3872
# Bind to the IMZ Interface using the same ports as will be used by all the target VIPs using SSL:
bind *:3872
# HAProxy will passthrough SSL connections:
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# Select each backend based on target VIP's URL. The URL must match the SSL hostname of the certificate:
use_backend d01_3872 if { req_ssl_sni db001 }
backend d01_3872
mode tcp
balance roundrobin
option ssl-hello-chk
server dd001 123.123.123.123:3872