Load-balancing reverse-proxy

deank · July 24, 2023, 1:32pm

Hey everyone

I’m trying to forward http & https traffic to backend server 10.0.11.45 without terminating SSL on vyos.

Following the steps here:
https://docs.vyos.io/en/latest/configuration/loadbalancing/reverse-proxy.html

show load-balancing reverse-proxy
 backend http {
     server backend {
         address 10.0.11.45
         port 80
     }
 }
 backend https {
     server backend-ssl {
         address 10.0.11.45
         port 443
     }
 }
 service http {
     backend http
     listen-address 38.99.139.244
     mode http
     port 80
 }
 service https {
     backend https
     listen-address 38.99.139.244
     mode http
     port 443
 }

I’m able to access http traffic, however https traffic doesn’t seem to work

curl -k https://38.99.139.244
curl: (35) OpenSSL/3.0.9: error:0A00010B:SSL routines::wrong version number

is my configuration correct?

Viacheslav · July 24, 2023, 1:36pm

Try to set the TLS min version 1.2

vyos@r14# set load-balancing reverse-proxy global-parameters tls-version-min 
Possible completions:
   1.2                  TLS v1.2
   1.3                  TLS v1.3 (default)

deank · July 24, 2023, 1:43pm

@Viacheslav Thanks for your quick reply. setting ssl version to 1.2 and backend mode to tcp fix it

working config

backend http {
     mode tcp
     server backend {
         address 10.0.11.45
         port 80
     }
 }
 backend https {
     mode tcp
     server backend-ssl {
         address 10.0.11.45
         port 443
     }
 }
 global-parameters {
     tls-version-min 1.2
 }
 service http {
     backend http
     listen-address 38.99.139.244
     mode tcp
     port 80
 }
 service https {
     backend https
     listen-address 38.99.139.244
     mode tcp
     port 443
 }

system · July 26, 2023, 1:44pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.