Hello,
On Fri, Dec 29, 2017 at 3:06 PM, Mariusz Kalota <[email protected]> wrote: > I have two serwers. Servers need client certificate to give answer. My > configuration is like this: > > listen https-test-51111 > bind *:51111 > mode tcp > balance roundrobin > option httpchk GET /somefile.asmx > server server1 192.168.0.1:51111 check check-ssl verify none crt > /etc/haproxy/cert.pem ssl sni str(test1.site.local) check-sni > test1.site.local > server server2 192.168.0.2:51111 check check-ssl verify none crt > /etc/haproxy/cert.pem ssl sni str(test2.site.local) check-sni > test2.site.local > > > if you write in webrowser https://test.site.local:51111 you go to > haproxy which go to one of the two servers. Certificate on that servers > are *.site.local. > > In stats of haproxy I get: > lastChk > L7STS/400 in 3ms > L7STS/400 in 4ms > > What I do wrong? Please clarify what you would like to do. Do you want to forward the encrypted HTTPS transparently to the backend, but use SSL for health checks? In that case you need to remove the ssl option from the command line. L7STS means that the server returned a HTTP5xx error. Perhaps you need some specific Host header for the server to return your checks? Like: option httpchk GET /somefile.asmx HTTP/1.1\r\nHost:\ test1.site.local Regards, Lukas
