Just adding this back to the list.
> On 14. Feb. 2017, at 18:12, <thibault.dai...@orange.com>
> <thibault.dai...@orange.com> wrote:
>
> Ok thank you for your reply !
> I found my error
> Haproxy was not happy with http request
>
> I was doing https://test-rest.net:8089 <https://test-rest.net:8089/> so error
> because I was checking only “test-rest.net <http://test-rest.net/>”
>
> So I change my file and add ‘:8089’ after “acl host_rest_services
> hdr(Host) -i test-rest.net <http://test-rest.net:8089/>:8089
> <http://test-rest.net:8089/>” :
>
> frontend rest-in
> bind *:8089 ssl crt /etc/ssl/*****
> reqadd X-Forwarded-Proto:\ https
> acl host_rest_services hdr(Host) -i test-rest.net
> <http://test-rest.net:8089/>:8089 <http://test-rest.net:8089/>
> use_backend rest_services if host_rest_services
> backend rest_services
> server shstand 10.0.0.2:8089 ssl verify none
> So It works
>
> De : Daniel Schneller [mailto:daniel.schnel...@centerdevice.com]
> Envoyé : mardi 14 février 2017 17:17
> À : Skarbek, John
> Cc : DAIGNE Thibault OBS/OAB; haproxy+h...@formilux.org
> Objet : Re: Haproxy issue
>
> Hi!
>
> frontend rest-in
> bind *:8089 ssl crt /etc/ssl/*****
> acl host_rest_services hdr(Host) -i test-rest.net
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__test-2Drest.net&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BZ2S09kcMRiJIUh57WZsng&m=552Ig6nEOMH9wg2ks1WhxrWEHEMdG8cMbcbCkjD_Gog&s=UVyuxV46M6Snh0R8nhltBxZLBuVcrVsIcTLAaVp7nQg&e=>
> It would appear that your acl was not matched. It was up to `rest-in` to
> determine how to route the request, and since there's no other backend to
> choose from, there was no place for the request to go. I would advise that
> you validate your acl is configured as you desired.
> My guess would be that the Host header actually says “test-rest.net:8089
> <http://test-rest.net:8089/>”, which would lead the ACL to not match.
>
> It would also be a good idea to setup a `default backend` as a way to help
> test where your requests are going.
> For debugging these kinds of things I usually run haproxy in debug mode:
> haproxy -d -f haproxy.cfg
> That way it will echo incoming and outgoing headers.
>
> Daniel
>
> --
> Daniel Schneller
> Principal Cloud Engineer
>
> CenterDevice GmbH | Hochstraße 11
> | 42697 Solingen
> tel: +49 1754155711 | Deutschland
> daniel.schnel...@centerdevice.de <mailto:daniel.schnel...@centerdevice.de>
> | www.centerdevice.de <http://www.centerdevice.de/>
>
> Geschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina,
> Michael Rosbach, Handelsregister-Nr.: HRB 18655,
> HR-Gericht: Bonn, USt-IdNr.: DE-815299431
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
> ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou
> falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete
> this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
