Closed kvramana closed 7 years ago
Specifically, i want my HAPROXY to be running in SSL pass through over a backend. Outside, Docker, id' have done
backend default_service
mode tcp
But i don't see a hook or environment variable to add to my Docker compose file for achieving TCP mode for my backend. Is there such an environment variable?
For my frontend, i used EXTRA_FRONTEND_SETTINGS_443=mode tcp
to set its mode to tcp but didn't find equivalent for backend.
What about the MODE
environment variable? If you have that set to tcp
it should work:
https://github.com/docker/dockercloud-haproxy#user-content-global-and-default-settings-of-haproxy
Without mode
in below snippet, i get a browser response of 502 Bad Gateway - The server returned an invalid or incomplete response.
With mode
in below snippet, i get a browser response of localhost didn’t send any data
.
I get backend response only If i turn-on backend helloworld nodejs port, and reaching directly on its backend port bypassing fronting haproxy from browser.
# The HAPROXY service to provide high-availability, load balancing and proxying to NODEJS service.
svc_haproxy:
image: dockercloud/haproxy
depends_on:
- svc_nodejs_helloworld
links:
- svc_nodejs_helloworld
environment:
- DOCKER_TLS_VERIFY
- DOCKER_HOST
- DOCKER_CERT_PATH
- CERT_FOLDER=/certs
- EXTRA_FRONTEND_SETTINGS_80=mode tcp
- EXTRA_FRONTEND_SETTINGS_443=mode tcp
# - MODE=tcp # Did not work, i see a "localhost didn’t send any data" response in browser.
volumes:
- $PWD/tls/pem:/certs
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
networks:
- nimnet
Or else, i need to set my own haproxy.cfg from outside container into inside container. That way, the mode it set to tcp on default backend service and haproxy container simply loads developer supplied haproxy.cfg file. However, i did not find a way to neither:
BTW, i am using a self-signed certificate and not a commercial CA authority signed certificate.
Both those errors sound very odd.
MODE
environment variable in place whats the output of:
curl -v IP_OF_HAPROXY_NODE
?If you don't terminate SSL at proxy level, haproxy knows nothing about the HTTP headers. As a result, you can only run haproxy in TCP mode.
To do this, simply add TCP_PORTS=443
in your application service will work.
I need HAPROXY to be setup not in SSL Termination mode but in pass through mode. It should pass an incoming HTTPS request, in pass through mode only, onto its backend services.
However, i tried several environment variable settings specified in https://github.com/docker/dockercloud-haproxy wiki and found none of them startup HAPROXY in SSL passthrough mode.
Please let me know if you have any information.