Hi,
----- Mail original -----
> De: "Conrad Hoffmann" <con...@soundcloud.com>
> À: "Kevin COUSIN" <ke...@famillecousin.fr>, haproxy@formilux.org
> Envoyé: Lundi 5 Octobre 2015 15:49:36
> Objet: Re: NOSRV error
> Hi,
>
> (comments inline)
>
> On 10/05/2015 03:23 PM, Kevin COUSIN wrote:
>> Hi list
>>
>
> This usually means that there is no server in the backend because they were
> either misconfigured or taken out of the rotation, e.g. due to failed
> health checks.
>
We disabled server tests to debug.
>
> Not sure what exactly you want to achieve here. If you want to loadbalance
> on TCP level, HAProxy doesn't need to know anything about any TLS parameters.
It's a lab HAproxy instance, the ssl ciphers options are for some other Layer 7
LB configuration.
43
>>
>> I got the certificate on my server If I use openssl s_client.
>
> Can you elaborate on this? Are you connecting with s_client to haproxy or
> to your server?
> Can you confirm that you want you web server to do the actual TLS handshake
> and not HAProxy?
I'm connecting to my server with openssl, from the haproxy (to check if SSL
certificate is installed on the target).
Yes, we want the backend server to do the TLS handshake.
We try to LB the Citrix Broker :
User -----> Citrix Netscaler Gateway -----> HAproxy ------> Citrix Brokers
We used the Windows NLB between Citrix NS Gateway and Citrix Brokers and we
want to replace it with HAproxy.
With the HTTP frontend, we can see "HTTP/XML 479 POST /Scripts/CtxSTA.dll
HTTP/1.1". It doesn't work with HTTPS, the Netscaler gateway seems to close the
connection with FIN,ACK.
>
> Conrad
> --
> Conrad Hoffmann
> Traffic Engineer
>
> SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
>
> Managing Director: Alexander Ljung | Incorporated in England & Wales
> with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
> HRB 110657B
------------------------
Kevin
