Why does health checking break my TCP proxy

sam · June 6, 2016, 1:09am

I have this TCP proxy setup in a working config:

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy

However, if I add the following check, everything breaks (except for the check that seems to work fine):

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy check ssl verify none inter 3000

  option httpchk GET /is_alive HTTP/1.1\r\nHost:\ example.org

Why is my ssl check leaking into my general backend connections and breaking them? Is there any way to force haproxy to shut down the connection it is using after the GET is done (and grab a new connection before it starts)

(I can think of a trivial workaround where I ask it to test a different port, but I wonder if that is really needed?)

sam · June 6, 2016, 1:41am

via twitter:

And indeed this seems to do the trick

listen ssl
  mode tcp
  bind 127.0.0.1:443
  server ssl-server 10.0.0.1:443 send-proxy check check-ssl verify none inter 3000

  option httpchk GET /is_alive HTTP/1.1\r\nHost:\ example.org

Topic		Replies	Views
SSL requests pass through although check is off Help!	4	336	September 22, 2020
Http health check with SSL backend Help!	1	5614	October 6, 2016
How to setup HTTP check for TCP backend in HAProxy? Help!	1	9698	May 19, 2018
L6RSP health-check error on the SSL-backend Help!	10	12481	January 21, 2021
SSL Passthrough Not Working Help!	2	7805	March 18, 2020

Why does health checking break my TCP proxy

Related Topics