Load-balancing reverse-proxy

Hey everyone

I’m trying to forward http & https traffic to backend server 10.0.11.45 without terminating SSL on vyos.

Following the steps here:
https://docs.vyos.io/en/latest/configuration/loadbalancing/reverse-proxy.html

show load-balancing reverse-proxy
 backend http {
     server backend {
         address 10.0.11.45
         port 80
     }
 }
 backend https {
     server backend-ssl {
         address 10.0.11.45
         port 443
     }
 }
 service http {
     backend http
     listen-address 38.99.139.244
     mode http
     port 80
 }
 service https {
     backend https
     listen-address 38.99.139.244
     mode http
     port 443
 }

I’m able to access http traffic, however https traffic doesn’t seem to work

curl -k https://38.99.139.244
curl: (35) OpenSSL/3.0.9: error:0A00010B:SSL routines::wrong version number

is my configuration correct?

Try to set the TLS min version 1.2

vyos@r14# set load-balancing reverse-proxy global-parameters tls-version-min 
Possible completions:
   1.2                  TLS v1.2
   1.3                  TLS v1.3 (default)
                        

@Viacheslav Thanks for your quick reply. setting ssl version to 1.2 and backend mode to tcp fix it

working config

backend http {
     mode tcp
     server backend {
         address 10.0.11.45
         port 80
     }
 }
 backend https {
     mode tcp
     server backend-ssl {
         address 10.0.11.45
         port 443
     }
 }
 global-parameters {
     tls-version-min 1.2
 }
 service http {
     backend http
     listen-address 38.99.139.244
     mode tcp
     port 80
 }
 service https {
     backend https
     listen-address 38.99.139.244
     mode tcp
     port 443
 }

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.