Posted on 26 September 2012
A short post about a problem we were having.
If you are load balancing https traffic with haproxy in tcp
mode, and you are fronting this with nginx, and you get 502 errors
accompanied by these SSL errors in nginx’s error log:
SSL_do_handshake() failed (SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed)
then you need to turn off the
proxy_ssl_session_reuse
option
:
proxy_ssl_session_reuse off;
By default, nginx tries to reuse ssl sessions for an https upstream;
but when HAProxy is round-robining the tcp connections between
different backends, the ssl session will not be valid from one
tcp connection to the next.
UPDATE:
@zaargy
points out that the
development branch of haproxy
has https support. Awesome!
