Hello!
I have two servers (192.168.0.101/2) running two web servers (via containers), one of them listening on port 443 and the other on 1443.
I set up HAproxy on TCP mode and each web server is serving its own certificates.
Postman → https://a.domain.com/ → HAPROXY:443 → SRV1/2:443 works
Postman → https://b.domain.com/ → HAPROXY:443 → SRV1/2:1443 doesn’t work, and Postman gives me a “Client network socket disconnected before secure TLS connection was established”.
If I change the port from 1443 to 443 (and stopping the other container), it works without an issue.
Here’s my config file:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend https
mode tcp
option tcplog
bind 192.168.0.100:443
tcp-request inspect-delay 3s
tcp-request content accept if { req_ssl_hello_type 1 }
acl SRV_A req.ssl_sni -i a.domain.com
acl SRV_B req.ssl_sni -i b.domain.com
use_backend A_HTTPS if SRV_A
use_backend B_HTTPS if SRV_B
backend A_HTTPS
mode tcp
balance source
timeout tunnel 600s
stick-table type ip size 1m expire 15m
stick on src
server SRV01.domain.com 192.168.0.101:443 check inter 1s fall 1 rise 2
server SRV02.domain.com 192.168.0.102:443 check inter 1s fall 1 rise 2
backend B_HTTPS
mode tcp
balance source
timeout tunnel 600s
stick-table type ip size 1m expire 15m
stick on src
server SRV01.domain.com 192.168.0.101:1443 check inter 1s fall 1 rise 2
server SRV02.domain.com 192.168.0.102:1443 check inter 1s fall 1 rise 2
Any idea what could be the issue?
Thanks a lot!