I am in the process of setting up HAProxy 2.8 via Docker to leverage it's ability to provide TLS offload in my network to avoid having certificates attached to every VM instance I deploy.
My problem is that when I am binding the frontend (HAProxy) to any port other than 80 it gives me the following error:
artifactory.private.domain sent an invalid response.
We have multiple web services running on various ports so this is a common scenario for us.
Currently this HAProxy configuration works but does not meet my needs as we have to ensure that the URL provided to our clients doesn't change that they use to connect to us and they don't use port 80, but 8080:
global
tune.ssl.default-dh-param 2048
defaults
timeout client 10s
timeout connect 10s
timeout server 10s
frontend mysite.com
mode http
bind *:80
bind *:443 crt /etc/ssl/certs/secret-stuff.pem
http-request redirect scheme https unless { ssl_fc }
default_backend web_servers
backend web_servers
mode http
server server1 10.1.0.54:8080
The following is the Dockerfile used to build the docker image for deployment in case it helps in this case:
FROM haproxy:2.8
USER root
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
COPY ./tls/secret-stuff.pem /etc/ssl/certs/secret-stuff.pem
RUN mkdir -p /run/haproxy/
This is the docker command that works as expected:
sudo docker run -it --name hap -p 80:80 -p 443:443 sre-haprox
This is the command that results in the aforementioned error when trying to use docker to provide port 80 under the hood when clients are hitting port 8080:
sudo docker run -it --name hap -p 8080:80 -p 443:443 sre-haprox
I have been at this for over a day and have made no progress. Any help is GREATLY appreciated and apologies if I messed up any formatting or process of asking here as I don't do it very often.
