Request haproxy example configuration for SSL termination

[skinkie]

I am trying to get haproxy support to work as SSL terminator for port 8883. My expectation was the setup below would be in the right direction. I have tested it with mode tcp and mode http.

frontend mqtt
    bind :::8883 ssl crt /etc/haproxy/ssl
    tcp-request content reject unless { req.payload(0,0),mqtt_is_valid }
    use_backend flashmq
    mode tcp
    maxconn 1000

backend flashmq
    mode tcp

    # Create a stick table for session persistence
    stick-table type string len 32 size 100k expire 30m

    # Use ClientID / client_identifier as persistence key
    stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)
    server flashmq 127.0.0.1:2883

listen {
  protocol mqtt
  port 2883
  haproxy on
}

FlashMQ Version 1.4.5 with SSE4.2 support HAProxy version 2.4.18-0ubuntu1 2022/08/25 - https://haproxy.org/

A little bit more elaboration;

The client succesfully gets the SSL handshake done. The log of FlashMQ raises:

[2023-05-24 17:09:53] [NOTICE] Accepting connection from: address='127.0.0.1', transport='TCP/HAProxy/Non-SSL', fd=18
[2023-05-24 17:09:53] [NOTICE] Removing client '[ClientID='', username='', fd=18, keepalive=0s, transport='TCP/HAProxy/Non-SSL', address='127.0.0.1', prot=none, clean=0]'. Reason(s): HAProxy health check, epoll says socket is in ERR or HUP state.

[skinkie]

This must have been something between keyboard and chair.

[halfgaar]

Illusive :) .