Issues configuring SSL on HAProxy reverse proxy after 2023.05 upgrade
Followed by 2 people
I'm having issues getting SSL to work between HAProxy and TeamCity after the 2023.05 upgrade on our 3 node cluster. I had it working fine in the old 2022 config, but having issues getting the new config to work. After the upgrade, I still had the old config in place working with SSL but got the health warning about an outdated reverse proxy config. I got the new config working with HTTP but when trying to implement HTTPS it fails with a 503 error. I was even able to change the backend ports to 443 and the page still loaded but still got the health warning about Insecure Proxy Config. I tried to enable the option in the GUI to redirect browser sessions to HTTPS and it completely broke the site and wouldn't let me back in until I found the config file to revert the setting. Do you have any examples of the Connector and HAProxy config with SSL? I'm trying to set it up like recommended to have the reverse proxy take care of SSL. Thanks for any help.
Please sign in to leave a comment.
I have also followed every possible guide I could find in TeamCity documentation. All of the 3rd party guides on the web are for an outdated config. The 2023.05 HAProxy config is so new nobody else has posted anything about it I could find.
Hi Anatoly, I appreciate the response. With your configuration does it say in the Server Health screen that Requests with incorrect HTTP proxy configuration is detected? I have my config setup almost the same but with port 80 and 443. My server url still works when using https and shows our Digicert being applied. It's just the Server Health that shows it coming in over HTTP instead of HTTPS. I'm also not positive if I need to import my certificate into the java keystore on my secondary server to allow the second server to host browser sessions.
In my 2022 config I had the backend ports for browser session set to 443 which made that Server Health warning go away for being insecure. I have the ports currently set to 80 because I get 503 errors on the HAProxy page when set to 443. Before I had agents talking over 80 and browsers over 443. In the 2023 config I'm not 100% which of the 3 backend server sections handle only browser sessions to enable 443.