W dniu 2017-12-29 o 15:53, Mariusz Kalota pisze: > W dniu 2017-12-29 o 15:28, Lukas Tribus pisze: >> Hello, >> >> >> On Fri, Dec 29, 2017 at 3:24 PM, Mariusz Kalota <[email protected]> wrote: >>> Hello, thanks for reply. >>> >>> I would like to forward the encrypted HTTPS transparently to the >>> backend. I would like to check health my backend servers, but not only >>> on layer 4, but on layer 7. So I have to get /somefile.asmx, and I have >>> to give client certificate, and I have to check the backend server not >>> using IP, but using hostname. >>> >>> The two backend servers are IIS server, which have binding's: >>> >>> server1: >>> test.site.local:51111 >>> test1.site.local:51111 >>> >>> server2: >>> test.site.local:51111 >>> test2.site.local:51111 >>> >>> If I use in webbrowser test.site.local I go to haproxy. If I use >>> test1.site.local or test2.site.local I go to one of the backend server >>> directly. >>> >>> So currently my main issue is to check healhy of backend servers on >>> layer 7 (http 200 response). >> Understood, please follow the suggestions from the previous mail. Also >> make sure sni and host header are set to the same string. >> >> >> Lukas > Hello, > there is some progres. My current config: > > listen https-test-51111 > bind *:51111 > mode tcp > balance roundrobin > option httpchk GET /somefile.asmx test2.site.local:51111 > server server1 192.168.0.1:51111 check check-ssl verify none crt > /etc/haproxy/cert.pem ssl sni str(test1.site.local) check-sni test1.site.local > server server2 192.168.0.2:51111 check check-ssl verify none crt > /etc/haproxy/cert.pem ssl sni str(test2.site.local) check-sni test2.site.local > > > haproxy stats: > server1 L7STS/400 in 3ms > server2 L7OK/200 in 26ms > > The second server is ok, because there is > > option httpchk GET /somefile.asmx test2.site.local:51111 > > but the first not. > > How can I fix this? > > Regards, > Mariusz Sorry, there are mistake. My current config in line option is:
option httpchk GET /somefile.asmx HTTP/1.1\r\nHost:\ test2.site.local:51111
