W dniu 2017-12-29 o 15:28, Lukas Tribus pisze: > Hello, > > > On Fri, Dec 29, 2017 at 3:24 PM, Mariusz Kalota <[email protected]> wrote: >> Hello, thanks for reply. >> >> I would like to forward the encrypted HTTPS transparently to the >> backend. I would like to check health my backend servers, but not only >> on layer 4, but on layer 7. So I have to get /somefile.asmx, and I have >> to give client certificate, and I have to check the backend server not >> using IP, but using hostname. >> >> The two backend servers are IIS server, which have binding's: >> >> server1: >> test.site.local:51111 >> test1.site.local:51111 >> >> server2: >> test.site.local:51111 >> test2.site.local:51111 >> >> If I use in webbrowser test.site.local I go to haproxy. If I use >> test1.site.local or test2.site.local I go to one of the backend server >> directly. >> >> So currently my main issue is to check healhy of backend servers on >> layer 7 (http 200 response). > Understood, please follow the suggestions from the previous mail. Also > make sure sni and host header are set to the same string. > > > Lukas Hello, there is some progres. My current config:
listen https-test-51111 bind *:51111 mode tcp balance roundrobin option httpchk GET /somefile.asmx test2.site.local:51111 server server1 192.168.0.1:51111 check check-ssl verify none crt /etc/haproxy/cert.pem ssl sni str(test1.site.local) check-sni test1.site.local server server2 192.168.0.2:51111 check check-ssl verify none crt /etc/haproxy/cert.pem ssl sni str(test2.site.local) check-sni test2.site.local haproxy stats: server1 L7STS/400 in 3ms server2 L7OK/200 in 26ms The second server is ok, because there is option httpchk GET /somefile.asmx test2.site.local:51111 but the first not. How can I fix this? Regards, Mariusz
