Issue with SSL using HAProxy and Nginx
Posted
by
Ben Chiappetta
on Server Fault
See other posts from Server Fault
or by Ben Chiappetta
Published on 2012-09-26T20:53:01Z
Indexed on
2012/09/26
21:39 UTC
Read the original article
Hit count: 371
I'm building a highly available site using a multiple HAProxy load balancers, Nginx web serves, and MySQL servers. The site needs to be able to survive load balancer or web servers nodes going offline without any interruption of service to visitors. Currently, I have two boxes running HAProxy sharing a virtual IP using keepalived, which forward to two web servers running Nginx, which then tie into two MySQL boxes using MySQL replication and sharing a virtual IP using heartbeat. Everything is working correctly except for SSL traffic over HAProxy. I'm running version 1.5 dev12 with openssl support compiled in. When I try to navigate to the virtual IP for haproxy over https, I get the message: The plain HTTP request was sent to HTTPS port. Here's my haproxy.cfg so far, which was mainly assembled from other posts:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
# log 127.0.0.1 local0
user haproxy
group haproxy
daemon
maxconn 20000
defaults
log global
option dontlognull
balance leastconn
clitimeout 60000
srvtimeout 60000
contimeout 5000
retries 3
option redispatch
listen front
bind :80
bind :443 ssl crt /etc/pki/tls/certs/cert.pem
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https if { is_ssl }
reqadd X-Proto:\ SSL if { is_ssl }
server web01 192.168.25.34 check inter 1s
server web02 192.168.25.32 check inter 1s
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:*********
Any idea why SSL traffic isn't being passed correctly? Also, any other changes you would recommend? I still need to configure logging, so don't worry about that section. Thanks in advance your help.
© Server Fault or respective owner