Why does health checking break my TCP proxy


#1

I have this TCP proxy setup in a working config:

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy

However, if I add the following check, everything breaks (except for the check that seems to work fine):

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy check ssl verify none inter 3000

  option httpchk GET /is_alive HTTP/1.1\r\nHost:\ example.org

Why is my ssl check leaking into my general backend connections and breaking them? Is there any way to force haproxy to shut down the connection it is using after the GET is done (and grab a new connection before it starts)

(I can think of a trivial workaround where I ask it to test a different port, but I wonder if that is really needed?)


#2

via twitter:

And indeed this seems to do the trick

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy check check-ssl verify none inter 3000

  option httpchk GET /is_alive HTTP/1.1\r\nHost:\ example.org