Hello M Looking at your configuration you are trying to use HTTPS/TCP/SSL Connection for HTTP
frontend https_influxdb bind 192.168.246.17:8086 ssl crt /data/ssl_certs no-sslv3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE- RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA: DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:! MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES mode http option dontlognull I would make this assuming port 8086 is a HTTP Connection frontend https_influxdb bind 192.168.246.17:8086 mode http option dontlognull TCP Mode will work with any connection however HTTP will only work with unencrypted HTTP Type traffic as it is application aware. Also TCP Mode is really Layer4 and non application aware. Andrew Smalley Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 asmal...@loadbalancer.org Leave a Review <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment Guides <https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017> | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> On 8 July 2017 at 21:19, M <m...@mannu.net> wrote: > Hi, > > I don't understand why http mode is no able provide a backend server > whereas at same time tcp mode is able to do it. > > I am trying to setup Haproxy in front of an Influxdb database running on > HTTPS. > > When frontend is configured on http mode, requests are failing with NOSRV > error. > When fronted is configure on tcp mod, requests are working. > > Example below with http mode on tcp/8086 port and tcp mode on tcp/8087 > with same backend: > > #curl -G https://influxdb-drp.example.net:8086/query -u admin:'xxxx' > --data-urlencode "q=SHOW DATABASES" > <html><body><h1>503 Service Unavailable</h1> > No server is available to handle this request. > </body></html> > > Haproxy log showing NOSRV and SC: > Jul 8 19:59:44 kalinga haproxy[26228]: 192.168.246.17:52946 > [08/Jul/2017:19:59:44.661] https_influxdb~ https_influxdb/<NOSRV> -1/-1/136 > 212 SC 0/0/0/0/0 0/0 > > > #curl -G https://influxdb-drp.example.net:8087/query -u admin:'xxxx' > --data-urlencode "q=SHOW DATABASES" > {"results":[{"statement_id":0,"series":[{"name":"databases", > "columns":["name"],"values":[["_internal"]]}]}]} > > Haproxy log: > Jul 8 20:00:16 kalinga haproxy[26228]: 192.168.246.17:37142 > [08/Jul/2017:20:00:16.672] https_influxdb_tcp~ influxdb-drp.example.net/ > https_8086 0/2/123 332 -- 1/1/0/0/0 0/0 > > Haproxy configuration file: > > ------------------------------------------------------------ > ------------------- > > global > log /dev/log local1 debug > maxconn 4096 > debug > tune.ssl.default-dh-param 4096 > > defaults > log global > mode tcp > option tcplog > retries 3 > option redispatch > maxconn 4000 > timeout connect 5000ms > timeout client 50000ms > timeout server 50000ms > > frontend https_influxdb > bind 192.168.246.17:8086 ssl crt /data/ssl_certs no-sslv3 ciphers > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE- > RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA: > DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:! > MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES > mode http > option dontlognull > > reqadd X-Forwarded-Proto:\ https > > option http-server-close > option forwardfor > > acl host_influxdb-drp.example.net hdr(host) -i influxdb-drp.example.net > use_backend influxdb-drp.example.net if host_influxdb-drp.example.net > > frontend https_influxdb_tcp > bind 192.168.246.17:8087 ssl crt /data/ssl_certs no-sslv3 ciphers > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE- > RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA: > DHE-RSA-AES128-SHA:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!RC2:! > MEDIUM:!LOW:!EXPORT:!DES:!MD5:!PSK:!3DES > mode tcp > option dontlognull > option http-server-close > option tcplog > > default_backend influxdb-drp.example.net > > backend influxdb-drp.example.net > mode http > server https_8086 127.0.0.1:8086 check ssl verify none > > ------------------------------------------------------------ > ------------------- > > How can I configure Haproxy to work on http mode? > > M. >
