(Migrated) version of haproxy when using ssl/tls

forum-admin · June 20, 2016, 4:18pm

(This message has been automatically imported from the retired mailing list)

Hi

I am trying to enable ssl/tls with HAProxy following the instructions in =
the documentation found here=C2=A0https://zato.io/docs/admin/guide/tls/cl=
ient-lb.html.
I have added this section to my config (after creating the server.pem fil=
e):

frontend front=5Ftls=5Fno=5Fclient=5Fcerts

=C2=A0 =C2=A0 mode http
=C2=A0 =C2=A0 default=5Fbackend bck=5Fhttp=5Fplain
=C2=A0 =C2=A0 option forwardfor
=C2=A0 =C2=A0 reqadd X-=46orwarded-Proto:=5C https
=C2=A0 =C2=A0 acl has=5Fx=5Fforwarded=5Fproto req.fhdr(X-=46orwarded-Prot=
o) -m found
=C2=A0 =C2=A0 http-request deny if has=5Fx=5Fforwarded=5Fproto
=C2=A0 =C2=A0 bind 0.0.0.0:21223 ssl crt /opt/zato/certs/server.pem
=C2=A0

It is not working well and HAProxy gives me this when trying to parse the=
config:

error detected while parsing ACL =5C’has=5Fx=5Fforwarded=5Fproto=5C=E2=80=
=99.

According to what I can read ssl/tls was introduced in HAProxy 1.5, but t=
he one installed with zato 2.0.3 is 1.4.

Have I missed any instructions when installing or do I just need to upgra=
de HAProxy=3F

Br, Daniel Grindelid

forum-admin · June 20, 2016, 4:18pm

On 15/04/15 14:48, Daniel Grindelid wrote:

do I just need to upgrade HAProxy?

Hi Daniel,

yes, please simply upgrade to 1.5.

1.4 was installed because that was the default in your system but indeed
TLS needs HAProxy 1.5+

I’ll update the documentation to make it clearer.

thanks,

forum-admin · June 20, 2016, 4:18pm

Good.

I did this:

sudo apt-add-repository ppa:vbernat/haproxy-1.5

sudo apt-get update

sudo apt-get install haproxy

It seems to work fine.

–=C2=A0
Daniel

=46r=C3=A5n:=C2=A0Dariusz Suchojad <dsuch=40zato.io>
Svara:=C2=A0Dariusz Suchojad <dsuch=40zato.io>>
Datum:=C2=A015 april 2015 at 15:08:26
Till:=C2=A0Daniel Grindelid <daniel.grindelid=40gmail.com>>, zato-discuss=
=40lists.zato.io <zato-discuss=40lists.zato.io>>
=C3=84mne:=C2=A0 Re: =5BZato-discuss=5D version of haproxy when using ssl=
/tls =20

On 15/04/15 14:48, Daniel Grindelid wrote: =20

do I just need to upgrade HAProxy=3F =20

Hi Daniel, =20

yes, please simply upgrade to 1.5. =20

1.4 was installed because that was the default in your system but indeed =
=20
TLS needs HAProxy 1.5+ =20

I’ll update the documentation to make it clearer. =20

thanks, =20