Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy - Certificate not presented

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 409 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keewany
      last edited by

      Hello,
      I set up a frontend with offloading + ACLs but the certificate is not presented when i try to connected on the correct URL.

      Weirdly, if i put a wrong certificate, the wrong certificate is presented on the web browser.

      PFsense version : 2.6.0
      HAproxy version : 0.61_5

      Config HAproxy :

      frontend FR_DEV_PORTAIL-ASSURE
      	bind			172.16.117.82:443 name 172.16.117.82:443   ssl crt-list /var/etc/haproxy/FR_DEV_PORTAIL-ASSURE.crt_list  
      	mode			http
      	log			global
      	option			httplog
      	option			http-keep-alive
      	maxconn			1000
      	timeout client		30000
      	acl			dev-store-plan	var(txn.txnhost) -m str -i dev-store-plan.cpeg.local
      	acl			dev-computation-plan	var(txn.txnhost) -m str -i dev-computation-plan.cpeg.local
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-services-plan\.cpeg\.local(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-services-plan(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-computation-plan(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-computation-plan\.cpeg\.local(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-store-plan(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-store-plan\.cpeg\.local(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-assure-plan(:([0-9]){1,5})?$
      	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-assure-plan\.cpeg\.local(:([0-9]){1,5})?$
      	http-request set-var(txn.txnhost) hdr(host)
      	http-request  deny if { req.hdr_cnt(content-length) gt 1 }
      	http-response deny if { res.hdr_cnt(content-length) gt 1 }
      	use_backend Pool_Dev_PlanStore_ipvANY  if  dev-store-plan aclcrt_FR_DEV_PORTAIL-ASSURE
      	use_backend Pool_Dev_PlanComputation_ipvANY  if  dev-computation-plan aclcrt_FR_DEV_PORTAIL-ASSURE
      
      backend Pool_Dev_PlanStore_ipvANY
      	mode			http
      	id			100
      	log			global
      	option			log-health-checks
      	balance			leastconn
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			DEVPORAAPP01.CPEG.LOCAL 172.16.117.92:8081 id 101 ssl  verify none 
      
      backend Pool_Dev_PlanComputation_ipvANY
      	mode			http
      	id			102
      	log			global
      	option			log-health-checks
      	balance			leastconn
      	timeout connect		30000
      	timeout server		30000
      	retries			3
      	server			DEVPORAAPP01.CPEG.LOCAL 172.16.117.92:8091 id 103 ssl  verify none 
      	server			DEVPORAAPP11.CPEG.LOCAL 172.16.117.93:8091 id 104 ssl  verify none 
      

      Someone could help me please ?

      Thanks

      K 1 Reply Last reply Reply Quote 0
      • K
        keewany @keewany
        last edited by

        Someone can help me please ?

        I tried the most basic configuration with 1 frontend + offloading and the certificate is not presented.

        There are some specifics parameters for the certificate ?

        b9fd3338-354a-488b-8799-46e96f8a0f76-image.png

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.