I'm trying to setup Chef Server HA using a load balancer (haproxy) for the two front ends.
I have my own certs (I created a CA for home and my laptop has the root cert installed so my certs are working and I can sign whatever certs I want)
I'm just not sure how to setup haproxy to properly work with Chef Server HA.
I tried this:
frontend haproxy_inbound
bind *:443 ssl crt /etc/ssl/chefha.pem
mode tcp
option tcplog
default_backend haproxy_chef
backend haproxy_chef
mode tcp
balance source
option ssl-hello-chk
server chef-ha01.mydomain.local 192.168.1.28:443 check
server chef-ha02.mydomain.local 192.168.1.29:443 check
and it yields the following error:
400 Bad Request
The plain HTTP request was sent to HTTPS port
digging in on the error, I found that haproxy is sending non-ssl data to chef servers and the way to solve the issue is by using "ssl verify none" in the backend for each server, however, if I do that. I receive an even nastier error:
Firefox says:
Error code: SEC_ERROR_UNKNOWN_ISSUER
Chrome says:
chefha.mydomain.local didn’t send any data.
ERR_EMPTY_RESPONSE
So I'm stuck here...
does anyone had experience with haproxy as a load balancer for Chef HA?
I also tried to disable HTTP>HTTPS redirection in Chef but that didn't seem to be the issue either