Eu resolvi isso:)
alterado
frontend www-https *:443
para
frontend www-https
Estou tentando configurar um haproxy para descarregamento de SSL para vários hosts. Isso funciona perfeito com esta configuração:
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 15000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#tune.ssl.default-dh-param 2048
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 11000
#---------------------------------------------------------------------
# main frontends which proxys to the backends
#---------------------------------------------------------------------
frontend www-https *:443
bind *:443 ssl crt /etc/ssl/private/starmyhostname.pem no-sslv3
#Define hosts & ACL's
acl host_BEADHOSTWWW01 hdr(host) -i wwwtest.myhostname.eu
acl host_BEADHOSTKB01 hdr(host) -i kb.myhostname.eu
#Define which backend to use for each host
use_backend BEADHOSTWWW01 if host_BEADHOSTWWW01
use_backend BEADHOSTKB01 if host_BEADHOSTKB01
#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
backend BEADHOSTWWW01
option httpclose
cookie JSESSIONID prefix
mode http
server WWW01 172.26.75.10:80 cookie A check
backend BEADHOSTKB01
option httpclose
cookie JSESSIONID prefix
mode http
server KB01 172.26.75.2:80 cookie A check
No entanto, em alguns casos (digamos 1 de 20), recebo um ERR_SSL_PROTOCOL_ERROR (chrome) ou ssl_error_rx_record_too_long (firefox). Acertar a F5 resolve o problema instantaneamente.
Alguém sabe o que poderia ser a razão para isso e como resolver isso? Obrigado!
Tags ssl haproxy ssl-certificate