HAProxy community

Stuck with Server Connection Failed problem


#1

Hello,

I have haproxy setup as a reverse proxy to serve several web applications. I have it set to pass through ssl. I’ve added a site that is hosted in IIS 10. I have a letsencrypt certificate for it. If I configure the web server without going through the proxy, it works. However, when I add haproxy, browsers give me a Server Connection Failed or similar. I’m stuck. Below is a portion of my config. IPOLPROD is the backend in question.

frontend https
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

###ACCESS CONTROL LISTS###

#acl for nextcloudprod
acl host_nextcloudprod req_ssl_sni -i nc.example.com

#acl for desktopcentral
acl host_desktopcentral req_ssl_sni -i medc.example.com

#acl for ipolprod
acl host_ipolprod req_ssl_sni -i inventory.example.com

#acl for rocketchat
acl host_rocketchat req_ssl_sni -i chat.example.com

#redirect for nextcloud
use_backend nextcloudprod-https if host_nextcloudprod

#redirect for desktopcentral
use_backend desktopcentral-https if host_desktopcentral

#redirect for ipolprod
use_backend ipolprod-https if host_ipolprod

#redirect for rocket-chat
use_backend rocketchat-https if host_rocketchat

backend nextcloudprod-https
mode tcp
option tcplog
option forwardfor
option ssl-hello-chk
server nextcloudprod 192.168.1.253:9501 check

#backend desktopcentral-https

mode tcp

option forwardfor

option ssl-hello-chk

server desktopcentral 192.168.1.112:8443 check

backend ipolprod-https
mode tcp
option tcplog
option forwardfor
server ipolprod 192.168.1.210:443 check

#backend rocketchat-https
mode tcp
option forwardfor
option ssl-hello-chk
server rocketchat 192.168.1.118:443 check


#2

Could you perhaps try to curl -v -s -o /dev/null https://nc.example.com/ and see if that works?

(Perhaps try to take a look with Wireshark to see what happens.)

Also the option forwardfor is not usable in case of mode tcp. (Although I doubt this is the case.)