Hello community,
I’m trying to setup a reverse HAProxy to connect to a forward, LDAP auth based Squid. Both aplications run on the same machine and I have been able to make it work over http with the following config:
global
log 127.0.0.1:514 local2
daemon
maxconn 256defaults
log global
mode http
option httplog
timeout connect 5s
timeout client 50s
timeout server 50sfrontend squid_front
bind *:3128bind *:3128 ssl crt /etc/haproxy/cert.pem
mode http
use_backend squid1backend squid1
mode http
balance roundrobin
option forwardfor
server squid1 127.0.0.1:3129 check port 3129 inter 2000 rise 2 fall 3
However, the second I turn on https, I get:
squid_front/1: SSL handshake failure
Using ssldump on port 3128 I see only:
1 0.0013 (0.0013) S>C TCP FIN
1 0.0021 (0.0007) C>S TCP FIN
and nothing in the squid logs.
cert.pem contains a crt and a key. I have double checked them both with openssl.
selinux is set to permissive and iptables allows all on port 3128.
It’s late, I’m tired, there must be something I’m not seeing or simply missing here.
Pls give me a hand.
haproxy -vv:
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau willy@haproxy.org
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18
OPTIONS = USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.