TLS Pass through from HAProxy to 2 2k8 servers

I have a simple (not) pass-through proxy issue with an haproxy server

the backend has 2 2k8 windows servers using multiple sites separated by TCP port

listen stats:8181
bind 10.10.135.30:8181 # wsdlb:8181
stats enable
stats uri /stats
stats hide-version

stats show-modules

listen valen:5000
bind 10.10.131.215:5000
mode tcp
balance roundrobin
server valen1 valen1.ftc.xxxxx.net:5000 check
server valen2 valen2.ftc.xxxxx.net:5000 check

listen valen:5001
bind 10.10.131.215:5001
mode tcp
balance roundrobin
server valen1 valen1.ftc.xxxxx.net:5001 check
server valen2 valen2.ftc.xxxxx.net:5001 check

listen valen:10000
bind 10.10.131.215:10000
mode tcp
balance roundrobin
server valen1 valen1.ftc.xxxxx.net:10000 check
server valen2 valen2.ftc.xxxxx:10000 check

listen valen:10001
bind 10.10.131.215:10001
mode tcp
balance roundrobin
server valen1 valen1.ftc.xxxxx.net:10001 check
server valen2 valen2.ftc.xxxxx.net:10001 check

All I get is site cannot be reached
Thanks

Do the sites you’re visiting resolve to the HAProxy address? Do the logs show that HAProxy is receiving requests? If so, have you checked the session states at disconnect? Do the backend servers resolve where HAProxy is running? “Sites cannot be reached” could be a multitude of problems that might be outside of your HAProxy setup.

The sites resolve to the backend server address

HAProxy load balancer is configured as: hostname, servers are: hostname1 and hostname2
SSL Certs are installed on hostname1 and hostname2

Will have to look at the logs to see if the requests are getting to the IIS servers

Disclaimer: I might be misunderstanding this statement.

If you’re not visiting the IP directly, you’ll need an address that resolves to HAProxy’s address (hopefully 10.10.131.215). When you visit that site on a specified port (or the IP directly), HAProxy should pass that through to a backend server. When checking logs, I recommend including HAProxy’s logs to see if it’s receiving your requests. If so, those logs should give some additional information about the request. If not, there’s a chance you are visiting a backend server directly, bypassing HAProxy altogether.