Re: HTTP and HTTPS simultaneously to the same server

From: Patrick Viet <patrick.viet#gmail.com>
Date: Mon, 15 Dec 2008 21:07:11 +0100


use stunnel or nginx in front of haproxy to do the https part. otherwise haproxy cannot do anything

Patrick

2008/12/15 "André Gustavo N. Lopes" <andre#ondacorp.com.br>:
> hello list,
>
>
> I'm using ha-proxy in recent weeks to balance the traffic of 2
> webservers (iis 6).
>
> The web application published in that webservers runs over http and
> https, and the client connection must be forwarded to the same webserver
> even when the proto is changed (http->https). But when i use http mode
> (Just like documentation):
>
>
>> Examples :
>> ----------
>>
>> # make a same IP go to the same server whatever the service
>>
>> listen http_proxy
>> bind :80,:443
>> mode http
>> balance source
>> server web1 192.168.1.1
>> server web2 192.168.1.2
>
> i get some problems. Using a similar configuration, with http mode, the
> connections on port 80 are ok, but https connections (443) simply doesnt
> work. Below my configuration.
>
>> global
>> log 127.0.0.1 local1 info
>> daemon
>> nopoll
>> maxconn 32000
>> nbproc 8
>>
>> listen http_proxy
>> bind 200.195.194.208:80,200.195.194.208:443
>> clitimeout 180000
>> srvtimeout 180000
>> contimeout 4000
>> mode http
>> balance source
>> option forwardfor except 127.0.0.1/8
>> option dontlognull
>> server web1 200.200.200.201 check port 80
>> server web2 200.200.200.202 check port 80
>
>
> So i had to change the mode to tcp. Then both protocols works, but the
> option forwardfor just works in http mode. I need x-forwarded-for header
> because i have to create some statics over the access of the web
> application.
>
> I tried to create 2 listenners, one with http mode and listening the
> port 80, and the other with tcp mode listening the port 443, but that is
> probally wrong, because the listenners probally will handle distinct
> source hashs.
>
> Is there some way to handle https connections with http mode? If not is
> there some way to configure two listenners to use the same source hash?
>
> Is there some other alternative?
>
> Regards,
>
>
> --
> André Gustavo N. Lopes
> Analista de Suporte
> Tel: +55(41)3331-8293
> Fax: +55(41)3331-8256
>
> Onda Empresas
> www.ondaempresas.com.br
> Hospedagem, E-mail, Banda Larga, Telefonia IP, Data Center.
>
>
> "Este endereço de e-mail se destina exclusivamente ao uso profissional.
> Todo o conteúdo nele inserido é de responsabilidade exclusiva de seu
> remetente e não reflete, necessariamente, a opinião ou o ponto de vista
> oficial do Onda Provedor de Serviços S/A.
>
> A mensagem, incluindo seus anexos, pode conter informações legais
> privilegiadas e/ou confidenciais, não podendo ser retransmitida,
> arquivada, divulgada ou copiada sem autorização expressa do remetente.
> Caso tenha recebido esta mensagem por engano, por favor, informe o
> remetente e em seguida apague-a do seu computador."
>
>
>
>
>
>
Received on 2008/12/15 21:07

This archive was generated by hypermail 2.2.0 : 2008/12/15 21:15 CET