haproxy https health checks
Solution 1
You can't use option httpchk
in tcp mode.
You'll probably want to read up on option ssl-hello-chk
.
Solution 2
Yes, you can use option httpchk in tcp mode. Here's the necessary options to search for a string on a page behind ssl:
mode tcp
option httpchk GET /<URI>
http-check expect string <STRING\ WITH\ SPACES\ ESCAPED>
server <YOUR_SERVER_FQDN>:443 <YOUR_SERVER_IP>:443 check ssl verify none
for example, to check a login.html page for "User Name" string:
mode tcp
option httpchk GET /login.html
http-check expect string User\ Name
server www.example.com:443 192.168.1.1:443 check ssl verify none
Note that "check ssl verify none" is required and that any spaces in your search string must be escaped with a \.
henry.oswald
I am the founder/creator of ShareLaTeX an online LaTeX editor and DataJoy and online python and R editor for beginners.
Updated on June 23, 2022Comments
-
henry.oswald almost 2 years
Hi I am using haproxy to load balance my https connections. I want to do active health checks however they don't seem to work. Any tips on how to correctly write the below would be welcome. I have them working fine for http port 80 connections.
frontend incoming_https bind *:443 mode tcp default_backend web_https backend web_https mode tcp option httpchk GET / HTTP/1.1\r\nHost:\ https://www.mysite.com server web-0 xxx.xxx.xxx.xxx:443 check inter 5000 port 443
-
Nickolay Kondratenko almost 6 yearsthis helps for the check but unfortunately browsers tell the can't establish secure connection
-
Nickolay Kondratenko almost 6 yearsFound the solution. There is another
server
parameter calledcheck-ssl
that forces ssl on health check -
Nickolay Kondratenko almost 6 yearsActually you can as it is described in the official documentation. You just need to add
check-ssl
parameter toserver
to force health check requests to ssl