Join the community today
Register Now

Sysadmin HAproxy with proxy_protocol cause SSL handshaked failed?

Discussion in 'System Administration' started by Chuong Luong, Jul 26, 2021.

  1. Chuong Luong

    Chuong Luong Member

    Aug 8, 2019
    Local Time:
    1:50 AM

    I have 2 VPS:

    VPS 1: have 4 sites (behind cloudflare)
    VPS 2: only installed haproxy

    I want to set up a reverse proxy with SSL-passthrough with haproxy, so it will become like this:

    Client => Cloudflare => VPS 2 (proxy) => VPS 1 (4 sites)

    So, VPS 2 with haproxy installed and config as below:

       log /dev/log local0
       log /dev/log local1 notice
       chroot /var/lib/haproxy
       stats timeout 30s
       user haproxy
       group haproxy
       log global
       mode tcp
       option tcplog
       option dontlognull
       timeout connect 5000
       timeout client 50000
       timeout server 50000
    frontend http_front
       bind *:80
       bind *:443
       tcp-request inspect-delay 5s
       tcp-request content accept if { req.ssl_hello_type 1 }
       use_backend domain1 if { req_ssl_sni -i domain1 }
       use_backend domain2 if { req_ssl_sni -i domain2 }
    frontend port80-redirect
       mode http
       redirect scheme https
    backend domain1
       balance roundrobin
       option ssl-hello-chk
       server domain1 check send-proxy-v2
    backend domain2
       balance roundrobin
       option ssl-hello-chk
       server domain2 check send-proxy-v2
    And, VPS 1 (used centminmod) with 4 domains, config for Domain 1 & 2: I put "proxy_protocol" in this line in this file /usr/local/nginx/conf/conf.d/domain1(or2).ssl.conf

    server {
      listen 443 ssl http2 proxy_protocol;
      server_name domain1(or2) www.domain1(or2);
    Suddenly, all my sites on the same server have SSL handshakes error. After searching around, I also tried putting

    proxy_protocol on;

    proxy_ssl_server_name on;

    But, I always have syntax error, or it did not solve the SSL handshake error.

    How can I make this work? Thank you.
  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    4:50 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    What is the exact ssl handshake error you are getting ?

    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    With that said, probably best bet is to ask on Haproxy community forums at HAProxy community