Scenario:
I have a mobile application that needs to talk to a service hosted by an IBM Datapower appliance. However, the Datapower appliance requires bi-directional SSL and that will not work for the mobile app. So, my solution was to run an intermediate server using Apache/mod_ssl (with ssl termination) and from there, forward the service request to the Datapower appliance. However, Apache would not be able to do the bi-directional SSL conversation with the Datapower appliance. I installed HAProxy to listen locally for the Apache forward of the service request and have HAProxy do the bi-directional SSL conversation with DataPower (using stunnel as a virtual server for HAProxy) like this:
Mobile App->Apache(mod_ssl)->HAProxy(through stunnel)->Datapower
Question:
My issue seems to be that Apache is either not forwarding the transaction to HAProxy or I don't have HAProxy configured correct to listen for the request. My HAProxy configuration looks like this:
######## The first public address as seen by the clients
frontend frt
# address:port to listen to
bind 127.1.0.1:1
mode http
log global # use global log parameters
option httplog # Enable HTTP logging
maxconn 4000 # max conn per instance
timeout client 25s # maximum client idle time (ms)
default_backend bckend_dp # send everything to this backend by default
Thoughts on why HAProxy is not picking up the transaction? Or, is my entire thought process on how to resolve this dilemma (mobile app talking to DataPower) hosed and I should think of something else?
