TechQA.

HAProxy TCP (443) Loadbalancing with different backend ports

1.8k views Asked by At

I'm implementing a Frontend Loadbalancer which passthrough the traffic coming to port 80 and 443 to different backend ports. SSL termination is happening in the backend and HAproxy should not engage with anything other than forwarding the traffic coming to the frontend port 80 and 443 to the respective backend ports.

Port 80 forwarding seems fine and 443 is not working as expected and giving SSL handshake failure. Even my backend service is not coming up on the web browser with a warning saying this is not trusted. I have no clue why this is happening and my HAProxy experience is not that high and below is the current configuration. Please correct me if I'm wrong.

HAProxy is installed on Ubuntu 18.04.5 LTS

Config after the defaults section

frontend k8s_lb
    mode tcp
    bind x.x.x.x:80
    default_backend kube_minions

frontend k8s_lb_https
    mode tcp
    bind x.x.x.x:443
    default_backend kube_minions_https

backend kube_minions
    mode tcp
    balance roundrobin
    server k8s_worker-01 x.x.x.x:32080
    server k8s_worker-02 x.x.x.x:32080

backend kube_minions_https
    mode tcp
    balance roundrobin
    server k8s_worker-01 x.x.x.x:32443
    server k8s_worker-02 x.x.x.x:32443

The backend story:

I have a k8s cluster and traefik ingress which is running as a DaemonSet on each and every node, and minions are my backend servers. CertManager is in place to do the cert automation with Let's encrypt ACME protocol in the ingress resources, hence SSL termination should be happening through the ingress resources.

I have completed the certificates and everything seems perfect as I have already implemented a similar setup on AWS with a TCP loadbalancer and everything is perfectly working and running prod workloads.

So, I need to mention that backend services are all good and up and running. In this I replaced the AWS loadbalancer with HAProxy and need to implement the same.

Please assist me to fix this as I'm struggling with this and still no luck with the issue.

Thank you.

ssl haproxy kubernetes-ingress traefik haproxy-ingress
Original Q&A
1

There are 1 answers

0
Aruna Fernando On

Sorry, I was able to figure it out and there is nothing to do with traefik and HAProxy for this SSL issue. My Client's DNS is configured in CloudFlare and they have enabled the universal SSL and it caused the issue.

I checked with a new DNS record from route53 working as expected so my HAProxy config do what I need.

Related Questions in SSL

Related Questions in HAPROXY

Related Questions in KUBERNETES-INGRESS

Related Questions in TRAEFIK

Related Questions in HAPROXY-INGRESS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions