About haproxy



  • Dear all

    this my configuration of Haproxy

    global
            maxconn                100
            uid                    80
            gid                    80
            nbproc                  1
            chroot                  /var/empty
            daemon

    frontend public_RP
            bind                    192.168.172.251:443
            mode                    tcp
            log                    global
            option                  dontlognull
            maxconn                2
            timeout client          2
            default_backend        RPservice1_tcp

    backend RPservice1_tcp
            mode                    tcp
            balance                roundrobin
            contimeout              1
            srvtimeout              1
            option                  httpchk HEAD / HTTP/1.0
            server                  ws.test.com 80.12.8.213:443    weight 11

    the problem when i tape https://vip_haproxy
    i has this erreur curl: (35) Unknown SSL protocol error in connection to 192.168.172.251:443

    what i need  to loadbalancing me to my https server  https://ws.test.com  and  acced to his website  https://ws.test.com

    who can explain the cause of the problem?

    if we have a solution

    how can i do that?
    any idea

    thanks in advance



  • Try increasing those timeouts a bit 1millisecond is not enough to for most stuff.. Make it them something like 4000 or even more.



  • thanks,

    my website has a certificate ssl  this is the url https://ws.test.com

    i would like to know what i need in haproxy to acced to my website and i dont lost the certificate  i like allaws use a secure url for my website.

    which url  or ip adresse can i use in the browser .

    it's that enough: 192.168.172.251:443 ? the acces will be throw  the protocl ssl?



  • The config like you have should allow you to access the website with: https://192.168.172.251:443  , though i do find it strange that the frontend has a private ip, and your backend seems to point to a public ip..

    The backend server is usually on the lan/dmz network and likely using a private ip..
    The frontend should be listening on the wan-ip (or where you want to accept connections) firewall rule is needed to allow access to this port.

    Not sure if this answers your question..? I couldnt make complete sense of it.


Log in to reply