We have haproxy in place to perform two-way (mutual) TLS for TCP connections through a SOCKS proxy. This is the setup:
client --> haproxy --> socks proxy (gateway) --> Internet --> server
This is the haproxy configuration:
global
log stdout format iso local7 debug
defaults
log global
mode tcp
option tcplog
maxconn 10
timeout connect 5000
timeout client 50000
timeout server 50000
option tcp-check
listen ssl-over-socks-1080
bind 0.0.0.0:1080
server ssl_over_socks example.com:10000 ssl crt /cert/client.pem ca-file /cert/server.pem verify required socks4 1.2.3.4:1080 check inter 30000 fastinter 1000
This setup works fine for TCP+TLS over SOCKS proxy.
Now we want to configure haproxy to do HTTP+TLS over HTTP proxy:
client --> haproxy --> http proxy (gateway) --> Internet --> server
The configuration currently looks like this:
global
log stdout format iso local7 debug
defaults
log global
mode http
option httplog
maxconn 10
timeout connect 5000
timeout client 50000
timeout server 50000
option tcp-check
listen ssl-over-proxy-1080
bind 0.0.0.0:1080
server ssl_over_http example.com:20000 ssl crt /cert/client.pem ca-file /cert/server.pem verify required socks4 1.2.3.4:8080 check check-via-socks4 inter 30000 fastinter 1000
We receive the following output from haproxy:
Server ssl-over-proxy-1080/ssl_over_http is DOWN, reason: Layer6 invalid response, info: "SOCKS4 Proxy deny the request at initial connection step of tcp-check", check duration: 3ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
I see that the socks4 parameter in the configuration might be wrong. However, I could not find the equivalent of the socks4 parameter for HTTP connections in the haproxy documentation.
With Apache httpd we could us the following configuration:
ProxyRemote "*" https://1.2.3.4:8080
ProxyPass / https://example.com:20000
How can we configure haproxy to pass the http request through another http proxy?
