0

I am trying to configure HaProxy - Tomcat communication over HTTPS. That is, I need to configure SSL on both HaProxy and Tomcat. I started with Tomcat and it works fine on port 8443. I imported the client certificate on the browser and it loads tomcat page with ssl. Then I started SSL on HaProxy and proxied this to Tomcat over SSL. Basically, I need to pass the tomcat certificate through HaProxy which is also on SSL(HaProxy(https) <-> Tomcat(https)). But always I get 503 Service Unavailable No server is available to handle this request. on the browser. The below is my haproxy configuration. Can anybody please help me to rectify this issue?

global
    daemon
    maxconn 256
    log /dev/log    local0
    log /dev/log    local1 debug
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    ssl-server-verify required
    tune.ssl.cachesize 100000
    tune.ssl.lifetime 600
    tune.ssl.maxrecord 1460
    tune.ssl.default-dh-param 2048
defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    log global

frontend localhost
    bind *:443 ssl crt /etc/ssl/tomcat/client.pem npn http/1.1,http/1.0
    mode http
    reqadd X-Forwarded-Proto:\ https
    reqadd X-Forwarded-Port:\ 443
    default_backend nodes

backend nodes
    server mybackendserver 127.0.0.1:8443 ssl verify required ca-file /etc/ssl/tomcat/ca.pem
Uvais Ibrahim
  • 113
  • 9

0 Answers0