Hey, I have an HA proxy (release 2,22) on ubuntu 22.04. The setup is performed with TLS 1.3 and the backend server is a Tornado python App exposing a WebServer implemented in python as well as RestAPI.
The client is supposed to authenticate with a certificate verified by the HAProxy. All is working and at the first connection, the browser prompt the user to select a cert issued by the expected CA.
I expect the HA proxy to close the TLS session between the client and the HAproxy when the client is not doing anything on the Web Portal (hosted by the tornado app) or the Tornado app updating the client which is how i am understanding the timeout settings. I can’t see this as i would expect the client would have to re-authenticate selecting a new certificate from the web truststore when nothing happens since 30 second.
Anything I am missing? Logs are verbose and i see nothing after 30 seconds. I did try to have only one server on the back end with same result…
Any ideas.
Thanks
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5s
timeout client 30s
timeout server 30s
frontend localserver
bind 192.168.20.46:443 ssl crt server.crt ca-file ca-chain.crt verify required
capture request header X-Custom-Header len 256
log-format “%ci:%cp [%t] %ft %b/%s %Tq/%Tw/%Tc/%Tr/%Tt %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]} %{+Q}r”
default_backend web_servers
backend web_servers
balance roundrobin
server server1 127.0.0.1:8888 cookie server1
server server2 127.0.0.1:8889 cookie server2