I’m currently trying to set up haproxy to redirect requests to our local nexus repository. I configured haproxy for SSL termination and started everything up. If I navigate to the repo using a browser, it throws a warning about our self signed certificate, but it goes to the right place. When I try to make maven requests against the same repo however it fails with the error:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
If I look at the logs for haproxy I can see a bunch of
http-in/2: SSL handshake failure
errors. I’m not quite sure what I’m missing here. Can anyone help?
Here are the relevant sections of my haproxy config:
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
mode http
#process all requests made on port 80
bind *:80
bind *:443 ssl crt /etc/apache2/ssl/nexus.local.tura.com/nexus.local.tura.com.pem no-sslv3
option forwardfor
option http-server-close
option http-pretend-keepalive
#reqadd X-Forwarded-Proto:\ http
default_backend backend_www_nexus
backend backend_www_nexus
timeout server 86400000
timeout connect 5000
server web01 nexus.local.tura.com:9081
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }