Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy - Certificate not presented

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    2
    352
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keewany
      last edited by

      Hello,
      I set up a frontend with offloading + ACLs but the certificate is not presented when i try to connected on the correct URL.

      Weirdly, if i put a wrong certificate, the wrong certificate is presented on the web browser.

      PFsense version : 2.6.0
      HAproxy version : 0.61_5

      Config HAproxy :

      frontend FR_DEV_PORTAIL-ASSURE
	bind			172.16.117.82:443 name 172.16.117.82:443   ssl crt-list /var/etc/haproxy/FR_DEV_PORTAIL-ASSURE.crt_list  
	mode			http
	log			global
	option			httplog
	option			http-keep-alive
	maxconn			1000
	timeout client		30000
	acl			dev-store-plan	var(txn.txnhost) -m str -i dev-store-plan.cpeg.local
	acl			dev-computation-plan	var(txn.txnhost) -m str -i dev-computation-plan.cpeg.local
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-services-plan\.cpeg\.local(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-services-plan(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-computation-plan(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-computation-plan\.cpeg\.local(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-store-plan(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-store-plan\.cpeg\.local(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-assure-plan(:([0-9]){1,5})?$
	acl			aclcrt_FR_DEV_PORTAIL-ASSURE	var(txn.txnhost) -m reg -i ^dev-assure-plan\.cpeg\.local(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	http-request  deny if { req.hdr_cnt(content-length) gt 1 }
	http-response deny if { res.hdr_cnt(content-length) gt 1 }
	use_backend Pool_Dev_PlanStore_ipvANY  if  dev-store-plan aclcrt_FR_DEV_PORTAIL-ASSURE
	use_backend Pool_Dev_PlanComputation_ipvANY  if  dev-computation-plan aclcrt_FR_DEV_PORTAIL-ASSURE

backend Pool_Dev_PlanStore_ipvANY
	mode			http
	id			100
	log			global
	option			log-health-checks
	balance			leastconn
	timeout connect		30000
	timeout server		30000
	retries			3
	server			DEVPORAAPP01.CPEG.LOCAL 172.16.117.92:8081 id 101 ssl  verify none 

backend Pool_Dev_PlanComputation_ipvANY
	mode			http
	id			102
	log			global
	option			log-health-checks
	balance			leastconn
	timeout connect		30000
	timeout server		30000
	retries			3
	server			DEVPORAAPP01.CPEG.LOCAL 172.16.117.92:8091 id 103 ssl  verify none 
	server			DEVPORAAPP11.CPEG.LOCAL 172.16.117.93:8091 id 104 ssl  verify none

      Someone could help me please ?

      Thanks

      K 1 Reply Last reply Reply Quote 0
      • K
        keewany @keewany
        last edited by

        Someone can help me please ?

        I tried the most basic configuration with 1 frontend + offloading and the certificate is not presented.

        There are some specifics parameters for the certificate ?

        b9fd3338-354a-488b-8799-46e96f8a0f76-image.png

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.