Hi Shane,
Le 09/01/2015 18:03, Shane Kelly a écrit :
Lukas, thanks for the quick reply! Although I think the issue is a bug, I was able to find a work around this morning :)
This is not a bug, this is a configuration issue ;-)
This configuration WORKS: frontend Secured *:443
Here you are declaring a listener on *:443 in plain text
bind 127.0.0.1:443 ssl crt callcorpcert.pem
and here the one for your ssl need. Remove the listener on your frontend line and it will work I guess.
bind 192.168.20.11:443 ssl crt callcorpcert.pem default_backend webserverpool All of these variations DO NOT Work: frontend Secured *:443 bind 0.0.0.0:443 ssl crt callcorpcert.pem default_backend webserverpool frontend Secured *:443 bind *:443 ssl crt callcorpcert.pem default_backend webserverpool frontend Secured 127.0.0.1:443 bind 127.0.0.1:443 ssl crt callcorpcert.pem default_backend webserverpool As long as I leave “*” in the frontend section and explicitly bind to each ip address, everything works perfectly. If I bind to “any ip” it fails miserably. Hopefully that helps track down the issue. Please find attached a copy of haproxy –vv And a copy of strace output (strace -v -ff -tt haproxy -f /etc/haproxy/haproxy.cfg) &> trace.output The trace includes 7 requests: Success Success Success Fail Success Success - Fail – around 960 The last failure starts around *line 960* in the trace (if that helps) Thanks, Shane
-- Cyril Bonté