Hi Shane,
Le 09/01/2015 18:03, Shane Kelly a écrit :
Lukas, thanks for the quick reply!
Although I think the issue is a bug, I was able to find a work around
this morning :)
This is not a bug, this is a configuration issue ;-)
This configuration WORKS:
frontend Secured *:443
Here you are declaring a listener on *:443 in plain text
bind 127.0.0.1:443 ssl crt callcorpcert.pem
and here the one for your ssl need.
Remove the listener on your frontend line and it will work I guess.
bind 192.168.20.11:443 ssl crt callcorpcert.pem
default_backend webserverpool
All of these variations DO NOT Work:
frontend Secured *:443
bind 0.0.0.0:443 ssl crt callcorpcert.pem
default_backend webserverpool
frontend Secured *:443
bind *:443 ssl crt callcorpcert.pem
default_backend webserverpool
frontend Secured 127.0.0.1:443
bind 127.0.0.1:443 ssl crt callcorpcert.pem
default_backend webserverpool
As long as I leave “*” in the frontend section and explicitly bind to
each ip address, everything works perfectly.
If I bind to “any ip” it fails miserably.
Hopefully that helps track down the issue.
Please find attached a copy of haproxy –vv
And a copy of strace output
(strace -v -ff -tt haproxy -f /etc/haproxy/haproxy.cfg) &> trace.output
The trace includes 7 requests:
Success
Success
Success
Fail
Success
Success -
Fail – around 960
The last failure starts around *line 960* in the trace (if that helps)
Thanks,
Shane
--
Cyril Bonté
