I have HAproxy configured to send proxy protocol headers to traefik and I cant get it to work.
It looks like traefik is not using the proxy protocol even when configured in traefik.toml
Using traefik 1.7.19-alpine running in k8s, and haproxy outside k8s to load balance worker nodes on port 443. SSL is terminated in k8s in the traefik ingress controller.
My traefik.toml seems to have all config needed, like forwardedHeaders and proxyProtocol
[entryPoints.https] address = ":443" [entryPoints.https.proxyProtocol] insecure = true trustedIPs = ["10.0.50.0/32"] [entryPoints.https.forwardedHeaders] insecure = true trustedIPs = ["10.0.50.0/32"] [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] CertFile = "/ssl/tls.crt" KeyFile = "/ssl/tls.key"
And HAProxy configuration is configured to send proxy headers with send-proxy
backend https-backend mode tcp balance roundrobin server worker1 10.0.30.16:30443 check ssl verify none send-proxy server worker2 10.0.30.19:30443 check ssl verify none send-proxy server worker3 10.0.30.23:30443 check ssl verify none send-proxy
But Firefox error says
SSL_ERROR_RX_RECORD_TOO_LONG if I try to send with proxy protocol v1 from haproxy, and with v2 from haproxy Firefox says instead PR_END_OF_FILE_ERROR and the traefik logs in this case says
tls: first record does not look like a TLS handshake","time":"2019-11-23T11:01:43Z"}
Any advice what could be wrong? I dont see any obvious errors in my configuration.