HAProxy community

Reverse SSL Termination

#1

I’m trying to setup an internal proxy that forward HTTP requests to a HTTPS backend.
An echo server https://echo-5ooike70s.now.sh was used for development. I’ve managed to setup the configuration following previous discussion here, but the following configuration:

defaults
  retries 3
  maxconn 3000
  timeout connect 5s
  timeout server 10s
  timeout client 10s

frontend frontend_http
  bind *:8000
  mode http
  reqadd X-Forwarded-Proto:\ http
  default_backend backend_https

backend backend_https
  mode http
  server remote echo-5ooike70s.now.sh:443 check ssl verify none

Results in errors:

[WARNING] 092/134701 (46341) : Server backend_https/remote is DOWN, reason: Layer6 invalid response, info: "SSL handshake failure", check duration: 13ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

[ALERT] 092/134701 (46341) : backend 'backend_https' has no server available!

HA-Proxy version 1.9.4 2019/02/06
curl -vvk results for the server are shown here https://gist.github.com/hden/7cc26dc03d755e47645fd667e48e87ca#file-curl-vvk

Any help or suggestions are appreciated. Thanks!

0 Likes

#2

Your server needs SNI.

Make sure you use the correct SNI for health checks (or disable health checks):

check-sni echo-5ooike70s.now.sh

And for the actual traffic:

sni str(echo-5ooike70s.now.sh)
0 Likes

#3

Got it, thanks!

0 Likes