Unknown keyword 'ssl'. registered keywords haproxy

MayankRSG · January 21, 2020, 12:38pm

Below is my haproxy details. I am getting unknown keyword ‘ssl’. registered keywords issue. I am trying to implement ssl termination in haproxy

HA Proxy configuration file

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

#frontend
#---------------------------------
frontend http_front
bind *:80
bind *:443 ssl crt /etc/ssl/xip.io/xip.io.pem
mode http
stats uri /haproxy?stats
default_backend http_back

#round robin balancing backend http
#-----------------------------------
backend http_back
balance roundrobin
#balance leastconn
mode http
#server webserver1 10.10.31.179:8000 check # ip_address_of_1st_centos_webserver (RLV4WB01)
#server webserver2 10.10.31.171:8080 check # ip_address_of_2nd_centos_webserver (RLV4WB03)
#server webserver3 10.10.32.51:8000 check # ip_address_of_2nd_centos_webserver (RLV4WB02)
#server webserver4 10.10.31.171:8080 check # ip_address_of_2nd_centos_webserver (RLV4WB03)
server webserver1 10.10.31.188:80 check # (RLV4WB07)
server webserver2 10.10.22.88:80 check backup # (FJFBG32)

[root@rlv4wb02 rightslogic]# haproxy -vv
HA-Proxy version 2.1.2 2019/12/21 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2021.
Known bugs: http://www.haproxy.org/bugs/bugs-2.1.2.html
Build options :
TARGET = linux-glibc
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
OPTIONS =

Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO -OPENSSL -LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 -ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=8).
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built without PCRE or PCRE2 support (using libc’s regex instead)
Encrypted password support via crypt(3): yes
Built without compression support (neither USE_ZLIB nor USE_SLZ are set).
Compression algorithms supported : identity(“identity”)

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as cannot be specified using ‘proto’ keyword)
h2 : mode=HTTP side=FE|BE mux=H2
fcgi : mode=HTTP side=BE mux=FCGI
: mode=HTTP side=FE|BE mux=H1
: mode=TCP side=FE|BE mux=PASS

Available services : none

Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[TRACE] trace
[COMP] compression

[root@rlv4wb02 rightslogic]# haproxy -db -f /etc/haproxy/haproxy.cfg
[ALERT] 020/182014 (5791) : parsing [/etc/haproxy/haproxy.cfg:22] : ‘bind *:443’ unknown keyword ‘ssl’. Registered keywords :
[STAT] level
[STAT] expose-fd
[STAT] severity-output
[ TCP] defer-accept
[ TCP] interface
[ TCP] mss
[ TCP] tcp-ut
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ TCP] namespace
[ ALL] accept-netscaler-cip
[ ALL] accept-proxy
[ ALL] backlog
[ ALL] id
[ ALL] maxconn
[ ALL] name
[ ALL] nice
[ ALL] process
[ ALL] proto
[UNIX] gid
[UNIX] group
[UNIX] mode
[UNIX] uid
[UNIX] user
[ALERT] 020/182014 (5791) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 020/182014 (5791) : Fatal errors found in configuration.

[root@rlv4wb02 rightslogic]# journalctl -xe

– The start-up result is done.
Jan 21 18:30:01 rlv4wb02.rsgsys.com CROND[6124]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jan 21 18:30:01 rlv4wb02.rsgsys.com CROND[6125]: (pcp) CMD ( /usr/libexec/pcp/bin/pmlogger_daily -p)
Jan 21 18:30:01 rlv4wb02.rsgsys.com systemd[1]: Removed slice User Slice of root.
– Subject: Unit user-0.slice has finished shutting down
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-0.slice has finished shutting down.
Jan 21 18:30:01 rlv4wb02.rsgsys.com systemd[1]: Removed slice User Slice of pcp.
– Subject: Unit user-985.slice has finished shutting down
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-985.slice has finished shutting down.
Jan 21 18:33:49 rlv4wb02.rsgsys.com sudo[6242]: rightslogic : TTY=pts/0 ; PWD=/home/rightslogic ; USER=root ; COMMAND=/bin/ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
Jan 21 18:33:49 rlv4wb02.rsgsys.com sudo[6242]: pam_unix(sudo:session): session opened for user root by rightslogic(uid=0)
Jan 21 18:33:49 rlv4wb02.rsgsys.com sudo[6242]: pam_unix(sudo:session): session closed for user root
Jan 21 18:34:13 rlv4wb02.rsgsys.com polkitd[5429]: Registered Authentication Agent for unix-process:6246:217650364 (system bus name :1.23480 [/usr/bin/pkttyagent --notify-fd 5 --fa
Jan 21 18:34:13 rlv4wb02.rsgsys.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments…
– Subject: Unit haproxy.service has begun start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit haproxy.service has begun starting up.
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ALERT] 020/183413 (6258) : parsing [/etc/haproxy/haproxy.cfg:22] : ‘bind *:443’ unknown keyword ‘ssl’. Registered keywords :
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [STAT] level
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [STAT] expose-fd
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [STAT] severity-output
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] defer-accept
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] interface
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] mss
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] tcp-ut
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] tfo
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] transparent
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] v4v6
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] v6only
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ TCP] namespace
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] accept-netscaler-cip
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] accept-proxy
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] backlog
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] id
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] maxconn
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] name
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] nice
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] process
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ ALL] proto
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [UNIX] gid
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [UNIX] group
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [UNIX] mode
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [UNIX] uid
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [UNIX] user
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ALERT] 020/183413 (6258) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: [ALERT] 020/183413 (6258) : Fatal errors found in configuration.
Jan 21 18:34:13 rlv4wb02.rsgsys.com haproxy[6253]: Errors found in configuration file, check it with ‘haproxy check’.
Jan 21 18:34:13 rlv4wb02.rsgsys.com systemd[1]: haproxy.service: control process exited, code=exited status=1
Jan 21 18:34:13 rlv4wb02.rsgsys.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments…
– Subject: Unit haproxy.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit haproxy.service has failed.

– The result is failed.
Jan 21 18:34:13 rlv4wb02.rsgsys.com systemd[1]: Unit haproxy.service entered failed state.

lukastribus · January 21, 2020, 1:51pm

You need to install openssl header files and recompile haproxy with USE_OPENSSL=1, to include SSL support.

Topic		Replies	Views
Unknown keyword 'ssl' Help!	0	2156	March 8, 2017
HAProxy unknown keyword Help!	2	4327	January 10, 2021
Need SSL termination with HA proxy Help!	1	461	April 15, 2019
SSL termination, listening but not working Help!	1	1989	July 11, 2017
Strange cipher issue Help!	4	2322	April 29, 2021

Unknown keyword 'ssl'. registered keywords haproxy

[root@rlv4wb02 rightslogic]# journalctl -xe

– Unit user-0.slice has finished shutting down. Jan 21 18:30:01 rlv4wb02.rsgsys.com systemd[1]: Removed slice User Slice of pcp. – Subject: Unit user-985.slice has finished shutting down – Defined-By: systemd – Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit haproxy.service has failed.

Related Topics

– Unit user-0.slice has finished shutting down.
Jan 21 18:30:01 rlv4wb02.rsgsys.com systemd[1]: Removed slice User Slice of pcp.
– Subject: Unit user-985.slice has finished shutting down
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel