Hi. Am 13.02.2019 um 00:21 schrieb Norman Branitsky: > I have an HAProxy 1.7 server sitting in front of a number of Docker Enterprise > Manager nodes and Worker nodes. > > The Worker nodes don’t appear to have any problem with HAProxy terminating the > SSL and connecting to them via HTTP. > > The Manager nodes are the problem. > > They insist on installing their own certificates (either self-signed or CA > signed). > > They will only listen to HTTPS traffic. > > So my generic frontend_main-ssl says: > > bind :443 ssl crt /etc/CONFIG/haproxy-1.7/certs/cert.pem > > > > The backend has the following server statement: > > server xxx 10.240.12.248:443 ssl verify none > > > > But apparently this doesn’t work – the client gets the SSL certificate > provided > by the HAProxy server > > instead of the certificate provided by the Manager node. This causes the > Manager > node to barf.
Do you have added the manger certificates in the cert.pem? > Do I have to make HAProxy listen on 8443 and just do a tcp frontend/backend > for > the Manager nodes? It's one possibility. This way makes the setup easier and I don't think that you want to intercept some http layer stuff for the docker registry. > Norman Branitsky Regards aleks
