I'm running a load balancing server with HAproxy and implementing Https using stunnel on the same machine, on the actual webpages end i've got 2 diferent webs, A and B, with similar behaviour.
Here are the configurations for Stunnel:
sslVersion = SSLv3
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
sslVersion = SSLv3
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
pid = /stunnel.pid
debug = 7
output = /var/log/stunnel.log
[web_A]
accept = 192.168.5.241:443
connect = 192.168.5.241:80
verify = 1
cert = /etc/stunnel/webA-cert-key.pem
CAfile = /etc/stunnel/cert.ca.pem
key = /etc/ssl/certs/webA-private.key
[web_B]
accept = 192.168.5.242:443
connect = 192.168.5.242:80
cert = /etc/stunnel/webB/webB.cert.pem
key = /etc/ssl/certs/webB/webB.key.pem
CAfile = /etc/stunnel/ca.cert.pem
and for HAproxy:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 100000
user haproxy
group haproxy
daemon
defaults
log global
mode http
option http-server-close
option httplog
retries 3
option redispatch
maxconn 100000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webA-farm 192.168.5.241:80
stats enable
stats auth admin:admin
stats uri /stats/
balance roundrobin
option forwardfor
cookie JSESSIONID prefix
server web1 192.168.1.231:80 cookie JSESSIONID_S1 weight 100 check
listen webB-farm 192.168.5.242:80
stats enable
stats auth admin:admin
stats uri /stats/
balance roundrobin
option forwardfor
cookie CL insert indirect nocache
server web2 192.168.1.233:80 weight 100 check cookie CL2
And it works fine for web A, but is NOT WORKING for web B, and that is my problem. I tried using the same type of cookies on both webs but that didn't work. Also redid the keys and certs (I'm being my own CA) but the problem persists.
What else can I check in order to solve this?
Thanks.
Edit 1:
Here are httpd proxy configurations for both webs:
Web A Here i'm redirecting connections from the port 80 to tomcat on port 8020 where web A is, and making sure it request https instead of http:
NameVirtualHost *:80
<VirtualHost 192.168.1.231:80>
ServerAdmin webmaster@weba.com.pe
DocumentRoot /var/www/
ServerName webA.com
ServerAlias webA.com
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/(.*)$ /Track [R,L]
#RewriteRule ^(.*)$ http://127.0.0.1:8020/trackA/Track [P,L]
RewriteCond %{REQUEST_URI} ^/Track$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackA/$1 [P,L]
RewriteCond %{REQUEST_URI} ^/Track(.*)
RewriteRule ^/(Track)/(.*)$ http://127.0.0.1:8020/track3/$2 [P,L]
RewriteCond %{REQUEST_URI} ^.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackA/$1 [P,L]
ProxyPassReverse / /track3/
#ProxyPassReverse / https://127.0.0.1:8020/trackA/
ProxyPassReverseCookiePath / /
#ProxyPassReverseCookiePath / http://192.168.5.241/track3/
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 5
ErrorLog "logs/error.log"
CustomLog "logs/access.log" common
</VirtualHost>
Same for Web B:
NameVirtualHost *:80
<VirtualHost 192.168.1.233:80>
ServerAdmin webmaster@webb.com
DocumentRoot /var/www/
ServerName webB.com
ServerAlias webB.com
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/(.*)$ /Track [R,L]
RewriteCond %{REQUEST_URI} ^/Track$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackB/$1 [P,L]
RewriteCond %{REQUEST_URI} ^/repot/(.*)$
RewriteRule ^/(.*)$ http://192.168.1.121/$1 [P,L]
RewriteCond %{REQUEST_URI} ^.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackB/$1 [P,L]
#ProxyPassReverse / http://192.168.5.242/
ProxyPassReverse / /
ProxyPassReverseCookiePath / /
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 5
ErrorLog "logs/errror.log"
CustomLog "logs/access.log" common
</VirtualHost>
Edit 2:
When i go to web B i get this message:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.