Às vezes, erro SSL com haproxy

Navegue suas respostas
2

Estou tentando configurar um haproxy para descarregamento de SSL para vários hosts. Isso funciona perfeito com esta configuração: 

# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     15000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    #tune.ssl.default-dh-param 2048

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
 retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 11000

#---------------------------------------------------------------------
# main frontends which proxys to the backends
#---------------------------------------------------------------------


frontend www-https *:443
    bind *:443 ssl crt /etc/ssl/private/starmyhostname.pem no-sslv3

    #Define hosts & ACL's
    acl host_BEADHOSTWWW01 hdr(host) -i wwwtest.myhostname.eu
    acl host_BEADHOSTKB01 hdr(host) -i kb.myhostname.eu

    #Define which backend to use for each host
    use_backend BEADHOSTWWW01 if host_BEADHOSTWWW01
    use_backend BEADHOSTKB01 if host_BEADHOSTKB01

#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
backend BEADHOSTWWW01
    option httpclose
    cookie JSESSIONID prefix
    mode http
    server  WWW01 172.26.75.10:80 cookie A check

backend BEADHOSTKB01
    option httpclose
    cookie JSESSIONID prefix
    mode http
    server  KB01 172.26.75.2:80 cookie A check

No entanto, em alguns casos (digamos 1 de 20), recebo um ERR_SSL_PROTOCOL_ERROR (chrome) ou ssl_error_rx_record_too_long (firefox). Acertar a F5 resolve o problema instantaneamente.

Alguém sabe o que poderia ser a razão para isso e como resolver isso? Obrigado!

    
por mitch2k 17.11.2015 / 11:48

1 resposta

1

Eu resolvi isso:)

alterado 

frontend www-https *:443

para 

frontend www-https
    
por 17.11.2015 / 14:11

Tags

Como procuro uma partição de configuração do AD para uma determinada string? “Módulo Netconsole não carregado” ao tentar verificar todos os serviços