haproxy https health checks

load-balancing haproxy

12,553

Solution 1

You can't use option httpchk in tcp mode.

You'll probably want to read up on option ssl-hello-chk.

Solution 2

Yes, you can use option httpchk in tcp mode. Here's the necessary options to search for a string on a page behind ssl:

mode tcp
option httpchk GET /<URI>
http-check expect string <STRING\ WITH\ SPACES\ ESCAPED>
server <YOUR_SERVER_FQDN>:443 <YOUR_SERVER_IP>:443 check ssl verify none

for example, to check a login.html page for "User Name" string:

mode tcp
option httpchk GET /login.html
http-check expect string User\ Name
server www.example.com:443 192.168.1.1:443 check ssl verify none

Note that "check ssl verify none" is required and that any spaces in your search string must be escaped with a \.

12,553

Author by

henry.oswald

I am the founder/creator of ShareLaTeX an online LaTeX editor and DataJoy and online python and R editor for beginners.

Updated on June 23, 2022

Comments

henry.oswald almost 2 years
Hi I am using haproxy to load balance my https connections. I want to do active health checks however they don't seem to work. Any tips on how to correctly write the below would be welcome. I have them working fine for http port 80 connections.
```
frontend incoming_https
  bind *:443
  mode tcp
  default_backend web_https

backend web_https
    mode tcp
    option httpchk GET / HTTP/1.1\r\nHost:\ https://www.mysite.com
    server web-0 xxx.xxx.xxx.xxx:443 check inter 5000 port 443
```
Nickolay Kondratenko almost 6 years

this helps for the check but unfortunately browsers tell the can't establish secure connection
Nickolay Kondratenko almost 6 years

Found the solution. There is another server parameter called check-ssl that forces ssl on health check
Nickolay Kondratenko almost 6 years

Actually you can as it is described in the official documentation. You just need to add check-ssl parameter to server to force health check requests to ssl