[stunnel-users] stunnel - haproxy setup with protocol =?utf-8?Q?=3D_?=proxy

Robert Garcia rgarcia at bighead.net
Thu Jun 7 13:25:21 CEST 2012 

I got it. The reason the port was wrong, was that even though the port was on 443, the Host: header was coming over with a url and no port specified. 

Host: www.somesite.com

When apache2 receives no port specified it assumes 80. So I changed my backend stanza in the haproxy config to rewrite the Host: header, adding the :443 which solves the issue.

backend dev-www
mode http
timeout connect 10s
timeout server 600s
balance roundrobin
#begin_web_config
server ws1 10.168.75.147 maxconn 1000 check port 80
#end_web_config
stats uri /haproxy_stats
stats realm Global\ statistics
stats auth admin:pajama^fire
acl is-ssl dst_port 443
reqirep ^(Host:\ .+):*.*$ \1:443 if is-ssl
reqadd X-Proto:\ SSL if is-ssl


-- 
Robert Garcia
BigHead Technology
15520 Coutolenc Rd
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
rgarcia at bighead.net (mailto:rgarcia at bighead.net) - http://bighead.net/



On Thursday, June 7, 2012 at 3:48 AM, Robert Garcia wrote:

> Maybe I am wrong, but I thought, in my research, that using the new proxy protocol would eliminate the need for both the stunnel x-forward patch and the transparent mode. Since I did get it to work that way, without transparent, I hope it stays that way. ;-) 
> 
> -- 
> Robert Garcia
> BigHead Technology
> 15520 Coutolenc Rd
> Magalia, Ca 95954
> ph: 530.645.4040 x222 fax: 530.645.4040
> rgarcia at bighead.net (mailto:rgarcia at bighead.net) - http://bighead.net/
> 
> 
> 
> On Thursday, June 7, 2012 at 3:30 AM, Scott McKeown wrote:
> 
> > Hi Robert,
> > 
> > I've been doing some work on both HAProxy and STunnel myself over the last month or so.
> > 
> > Your actual configuration files both look fine but one thing that you possibly missed is that you will have needed to have build HAProxy with the TProxy flag enabled, and I'm going to guess that you have also written and applied the Firewall rules for the transparent proxy.
> > 
> > I've attached a DRAFT pdf of the work that I have been doing, its a very basic how-to on setting up both STunnel and HAProxy in Transparent mode on a Centos 6.2 system.
> > 
> > 
> > 
> > -- 
> > With Kind Regards.
> > 
> > Scott McKeown
> > Loadbalancer.org (http://Loadbalancer.org)
> > http://www.loadbalancer.org
> > 
> > 
> > Attachments: 
> > - STunnel-HAProxy transparent on Centos 6.2.pdf
> > 
> > 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120607/b115292e/attachment.html>

More information about the stunnel-users mailing list