Hi Robert,<br><br>Thats great news. I'll also have to try and remember that one as I'm sure that will possible pop up again some time.<br><br><br>~Scott<br><br><div class="gmail_quote">On 7 June 2012 12:25, Robert Garcia <span dir="ltr"><<a href="mailto:rgarcia@bighead.net" target="_blank">rgarcia@bighead.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                <div>
                    I got it. The reason the port was wrong, was that even though the port was on 443, the Host: header was coming over with a url and no port specified.
                </div><div><br></div><div>Host: <a href="http://www.somesite.com" target="_blank">www.somesite.com</a></div><div><br></div><div>When apache2 receives no port specified it assumes 80. So I changed my backend stanza in the haproxy config to rewrite the Host: header, adding the :443 which solves the issue.</div>
<div><br></div><div><div class="im"><div>backend dev-www</div><div><span style="white-space:pre-wrap">        </span>mode http</div><div><span style="white-space:pre-wrap">        </span>timeout connect 10s</div><div><span style="white-space:pre-wrap">      </span>timeout server 600s</div>
<div><span style="white-space:pre-wrap">  </span>balance roundrobin</div><div><span style="white-space:pre-wrap">       </span>#begin_web_config</div><div><span style="white-space:pre-wrap">        </span>server ws1 10.168.75.147 maxconn 1000 check port 80</div>
<div><span style="white-space:pre-wrap">  </span>#end_web_config</div><div><span style="white-space:pre-wrap">  </span>stats uri /haproxy_stats</div><div><span style="white-space:pre-wrap"> </span>stats realm Global\ statistics</div>
<div><span style="white-space:pre-wrap">  </span>stats auth admin:pajama^fire</div></div><div><span style="white-space:pre-wrap"> </span>acl is-ssl dst_port 443</div><div><span style="white-space:pre-wrap">  </span>reqirep ^(Host:\ .+):*.*$ \1:443 if is-ssl</div>
<div><span style="white-space:pre-wrap">  </span>reqadd X-Proto:\ SSL if is-ssl</div></div><div class="im HOEnZb">
                <div><div><br></div><div><div style="font-size:13px">-- </div><div style="font-size:13px">Robert Garcia</div><div style="font-size:13px">BigHead Technology</div><div style="font-size:13px">15520 Coutolenc Rd</div>
<div style="font-size:13px">Magalia, Ca 95954</div><div style="font-size:13px">ph: <a href="tel:530.645.4040%20x222" value="+15306454040" target="_blank">530.645.4040 x222</a> fax: <a href="tel:530.645.4040" value="+15306454040" target="_blank">530.645.4040</a></div>
<div style="font-size:13px"><a href="mailto:rgarcia@bighead.net" style="color:rgb(0,106,227)" target="_blank">rgarcia@bighead.net</a> - <a href="http://bighead.net/" style="color:rgb(0,106,227)" target="_blank">http://bighead.net/</a></div>
</div></div>
                 
                </div><div class="HOEnZb"><div class="h5"><p style="color:#a0a0a8">On Thursday, June 7, 2012 at 3:48 AM, Robert Garcia wrote:</p>
                <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px">
                    <span><div><div>
                <div>
                    Maybe I am wrong, but I thought, in my research, that using the new proxy protocol would eliminate the need for both the stunnel x-forward patch and the transparent mode. Since I did get it to work that way, without transparent, I hope it stays that way. ;-)
                </div>
                <div><div><br></div><div><span style="font-size:13px"><div>-- </div><div>Robert Garcia</div><div>BigHead Technology</div><div>15520 Coutolenc Rd</div><div>Magalia, Ca 95954</div><div>ph: <a href="tel:530.645.4040%20x222" value="+15306454040" target="_blank">530.645.4040 x222</a> fax: <a href="tel:530.645.4040" value="+15306454040" target="_blank">530.645.4040</a></div>
<div><a href="mailto:rgarcia@bighead.net" style="color:rgb(0,106,227)" target="_blank">rgarcia@bighead.net</a> - <a href="http://bighead.net/" style="color:rgb(0,106,227)" target="_blank">http://bighead.net/</a></div></span></div>
</div>
                  
                <p style="color:#a0a0a8">On Thursday, June 7, 2012 at 3:30 AM, Scott McKeown wrote:</p><blockquote type="cite"><div>
                    <span><div><div>Hi Robert,<br><br>I've been doing some work on both HAProxy and STunnel myself over the last month or so.<br><br>Your actual configuration files both look fine but one thing that you possibly missed is that you will have needed to have build HAProxy with the TProxy flag enabled, and I'm going to guess that you have also written and applied the Firewall rules for the transparent proxy.<br>

<br>I've attached a DRAFT pdf of the work that I have been doing, its a very basic how-to on setting up both STunnel and HAProxy in Transparent mode on a Centos 6.2 system.<br><br><br clear="all"><br>-- <br>With Kind Regards.<br>

<br>Scott McKeown<br><a href="http://Loadbalancer.org" target="_blank">Loadbalancer.org</a><br><a href="http://www.loadbalancer.org" target="_blank">http://www.loadbalancer.org</a><br><br>
</div></div></span>
                  
                  
                <div style="border-bottom:1px solid #f0f0f0;min-height:10px">
                </div>
                <br>
                  
                <div style="font-weight:bold;font-size:14px;margin-bottom:5px">Attachments:</div>
                  
                  
                  
                  
                  
                <div>
                      
                    <div>- STunnel-HAProxy transparent on Centos 6.2.pdf</div>
                      
                </div>
                  
                  
                  
                  
                  
                </div></blockquote><div>
                    <br>
                </div>
            </div></div></span>
                 
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>
            </div></div></blockquote></div><br><br clear="all"><br>-- <br>With Kind Regards.<br><br>Scott McKeown<br>Loadbalancer.org<br><a href="http://www.loadbalancer.org" target="_blank">http://www.loadbalancer.org</a><br>
<br>