I have HAproxy configured to send proxy protocol headers to traefik and I cant get it to work.
It looks like traefik is not using the proxy protocol even when configured in traefik.toml
Using traefik 1.7.19-alpine running in k8s, and haproxy outside k8s to load balance worker nodes on port 443. SSL is terminated in k8s in the traefik ingress controller.
My traefik.toml seems to have all config needed, like forwardedHeaders and proxyProtocol
[entryPoints.https]
address = ":443"
[entryPoints.https.proxyProtocol]
insecure = true
trustedIPs = ["10.0.50.0/32"]
[entryPoints.https.forwardedHeaders]
insecure = true
trustedIPs = ["10.0.50.0/32"]
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
And HAProxy configuration is configured to send proxy headers with send-proxy
backend https-backend
mode tcp
balance roundrobin
server worker1 10.0.30.16:30443 check ssl verify none send-proxy
server worker2 10.0.30.19:30443 check ssl verify none send-proxy
server worker3 10.0.30.23:30443 check ssl verify none send-proxy
But Firefox error says SSL_ERROR_RX_RECORD_TOO_LONG if I try to send with proxy protocol v1 from haproxy, and with v2 from haproxy Firefox says instead PR_END_OF_FILE_ERROR and the traefik logs in this case says tls: first record does not look like a TLS handshake","time":"2019-11-23T11:01:43Z"}
Any advice what could be wrong? I dont see any obvious errors in my configuration.
thanx
daniel