Hey I seem to have issues with HAProxy but can't seem to find the root of the problem.
Setup:
1 Load Balancer
3 Servers (Splunk Search Heads)
Both Load Balancer and the 3 servers are only accessible through https and all have different SSL certs. I'm trying to have encrypted traffic from the Client to the Load Balancer and then encrypted traffic from the Load Balancer to the Server. These sessions in the future will also need to be sticky. As an FYI I've changed the IPs in the config below to private IPs for this.
I can ping the servers from the load balancer and access them correctly from a browser (not going through load balancer). The SSL cert on the Load Balancer is working but instead of redirecting to one of the servers I get a 503 error: "503 Service Unavailable – No servers are available to handle this request."
Below is my config file. Any help would be appreciated as this is my first time using HAProxy.
global
ssl-server-verify none
frontend https443
mode http
bind *:443 ssl cert /ect/haproxy/cert/haproxy.pem
timeout client 60s
reqadd X-Forwarded-Proto:\ https
default_backend allservers
backend allservers
mode http
balance roundrobin
timeout connect 10s
timeout server 100s
server server1 192.168.23.1:8000 check ssl
server server2 192.168.23.2:8000 check ssl
server server3 192.168.23.3:8000 check ssl
Best Answer
Check that the respective SSL certs on the backends cover 192.168.23.x. If not, then HAProxy considers their cert to be invalid.
Solution should be either (a) update HAProxy config so that the backend servers are referred to by a DN/IP covered by the existing SSL on each backend node; or (b) update the SSL on the backend nodes to cover the private IP; or (c) disable SSL certificate validation.