HAProxy: Client sent an HTTP request to an HTTPS server

04CC40 · April 29, 2024, 10:35pm

Clearly I’m failing to grasp the SSL settings within HAProxy, but I had a spare computer and wanted to experiment with running some Docker containers for local services (nothing is going to be accessed from the outside). I have once again set it up using this vid https://www.youtube.com/watch?v=bU85dgHSb2E

I have set up a Virtual IP, installed Docker and Portainer and can access Portainer using the https://ip:9443 address but when I try to use https://portainer.mydomain.tld I keep getting the “Client sent an HTTP request to an HTTPS server.” As per the instructions SSL offloading in the frontend and SSL in the backend are enabled, A records are in place and a wildcard certificate has been issued using the Namecheap API.

Any pointers are appreciated. Thanks.

LTS_Tom · April 30, 2024, 10:06am

Are you sure the proper box is checked for the back end under Encrypt(SSL)?

04CC40 · April 30, 2024, 3:06pm

Yes to encrypt, no to checks.

LTS_Tom · April 30, 2024, 9:19pm

Have you tried unchecking the Encrypt(SSL)?

04CC40 · April 30, 2024, 11:20pm

Yes. I have tried SSL on and off and the message persists.

I tried to get a more verbose logging going on and this is the message displayed when the service is restarted:

Nonetheless I can access the server just fine using the IP:

HAProxy frontend config:

And HAProxy backend config:

xMAXIMUSx · April 30, 2024, 11:50pm

Can you try to uncheck encryption and change to port to 9000? See if that has any effect?

04CC40 · May 1, 2024, 2:35am

Unchecked SSL and changed port to 9000, saved, applied, rebooted: same result.

Checked SSL and changed port back to 9443, saved, applied, rebooted (twice): now it works.

I’m still stumped, though…

04CC40 · May 1, 2024, 2:57am

Started another container and after a couple of reboots it too works (after a 503 on the first attempt).

Thanks for all the help solving this.

04CC40 · May 2, 2024, 12:17am

If I had to summarize the solution for MY setup (pfSense+ 24.03 on a Netgate 2100) I’d say: changes made to the HAProxy service settings via the pfSense GUI require a reboot (maybe two) to start working properly.

xMAXIMUSx · May 2, 2024, 2:40am

I can’t say I have run into the same issues and need to reboot to get it to work.

David · September 11, 2024, 1:51pm

I came across the same issue. It’s checked to encrypt the connection, yet packet captures are showing that it’s not doing that. This is obviously a pfsense bug with it not applying the config correctly. To resolve this issue. I deleted the backend and recreated it in pfsense.