Tcp Proxy tls Handshake after 12 hours

AdamHachem · February 23, 2022, 10:30am

Hí my name is Adam, im implementing an proxy for a service routing mqtt trafic to a rabbitmq server (Message broker).
Everything is correct at begining but after a few hours, the service start handling an Handshake error.
the port is listening whit tls and mutuals tls verification.

Here is my configuration:

global

stats timeout 30s

daemon

log stdout format raw local0 info

ca-base /etc/ssl/certs

crt-base /etc/ssl/private

ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

ssl-default-bind-options ssl-min-ver TLSv1.0

defaults

log     global

mode    http

option  tcplog

option  dontlognull

timeout connect 1m

timeout client  1m

timeout server  1m

frontend rabbitui-frontend

bind *:8080 ssl crt-ignore-err all crt /etc/ssl/certs/tls.pem verify none

option tcplog

mode http

default_backend rabbitui-backend

frontend rabbittcp-frontend

bind *:8081 ssl crt-ignore-err all crt /etc/ssl/certs/tls.pem verify required ca-file /etc/ssl/certs/ca.pem crl-file /etc/ssl/certs/crl.pem

mode tcp

default_backend rabbittcp-backend

backend rabbitui-backend

mode http

server s1 ${RABBITMQ_HOST}:15672

backend rabbittcp-backend

mode tcp

server s1 ${RABBITMQ_HOST}:5672

lukastribus · February 23, 2022, 3:53pm

Can you share haproxy logs when this happens? I don’t see any maxconn configuration, you should set maxconn in global/frontend and on the individual servers in the backend.

Topic		Replies	Views
MQTTs - TLS verification issues Help!	3	60	September 10, 2024
HAProxy proxy protocol Help!	10	2928	March 31, 2021
Route TCP according to payload Help!	1	204	July 6, 2024
Getting TLS Handshake errors Help!	0	239	April 18, 2024
TCP and HTTP Connections - TCP got considered as HTTP and throws Handshake error Help!	5	33	November 18, 2024

Tcp Proxy tls Handshake after 12 hours

Related topics