1. Forum
  2. Usenet
  3. COMP.INFOSYSTEMS.WWW.SERV

  • health check for reverse proxy with https members

    From Nam Van@21:1/5 to All on Thu Jun 9 00:36:59 2022
    Hi all,

    I am struggling to make the config working for a reverse proxy with members serving with https. All suggestions are welcome and appreciated.

    In my set up I have a few servers serving the same service but not all of them are online at the same time. Hence I got a health check service running as well to detect the offline members.

    My set up was working fine until I added the health check bit. The health check is disabling all members due to SSL handshake issue. The I've been adding a few directives but only can access the service via the reverse proxy for a minute before the
    health check kicks in and marked all members off.

    My config is something like this
    <VirtualHost *:443>
    ServerName <masked-out>

    SSLProxyEngine on
    ProxyRequests off
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    SSLCertificateFile <masked-out>.crt
    SSLCertificateKeyFile <masked-out>.key
    SSLCertificateChainFile <masked-out>.crt

    CustomLog <masked-out>.log combined
    ErrorLog <masked-out>.log


    ProxyHCExpr api_good {hc('body') =~ /Healthy/}

    ProxyHCTemplate hc_dev_ams_sec hcinterval=45 hcpasses=1 hcfails=1 hcmethod=GET hcexpr=api_good hcuri=/sec/health

    <proxy balancer://api_dev_ams_sec>
    BalancerMember https://brgvdhasf16:4301 hctemplate=hc_dev_ams_sec
    BalancerMember https://brgvdhasf17:4301 hctemplate=hc_dev_ams_sec
    </proxy>

    ProxyPreserveHost on
    ProxyPass /sec balancer://api_dev_ams_sec/sec
    ProxyPassReverse /sec balancer://api_dev_ams_sec/sec
    </VirtualHost>

    I could see this in the log

    [Thu Jun 09 17:01:51.899492 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(480): AH03248: Creating hc worker 21c546c7cc0 for https://brgvdhasf16:4301
    [Thu Jun 09 17:01:51.899492 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2123): AH00925: initializing worker 21c546c7cc0 shared
    [Thu Jun 09 17:01:51.899492 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2183): AH00927: initializing worker 21c546c7cc0 local
    [Thu Jun 09 17:01:51.899492 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2214): AH00930: initialized pool in child 61220 for (brgvdhasf16) min=0 max=64 smax=64
    [Thu Jun 09 17:01:51.899492 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(894): AH03256: Health checking https://brgvdhasf16:4301
    [Thu Jun 09 17:01:51.899492 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2532): AH00942: HCOH: has acquired connection for (brgvdhasf16)
    [Thu Jun 09 17:01:51.900491 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(3277): AH02824: HCOH: connection established with 10.130.55.158:4301 (brgvdhasf16)
    [Thu Jun 09 17:01:51.900491 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(3463): AH00962: HCOH: connection complete to 10.130.55.158:4301 (brgvdhasf16)
    [Thu Jun 09 17:01:51.900491 2022] [ssl:info] [pid 61220:tid 812] [remote 10.130.55.158:4301] AH01964: Connection to child 0 established (server ####<masked-out>#######:443)
    [Thu Jun 09 17:01:51.901490 2022] [ssl:info] [pid 61220:tid 812] [remote 10.130.55.158:4301] AH02003: SSL Proxy connect failed
    [Thu Jun 09 17:01:51.901490 2022] [ssl:info] [pid 61220:tid 812] [remote 10.130.55.158:4301] AH01998: Connection closed to child 0 with abortive shutdown (server ####<masked-out>#######:443)
    [Thu Jun 09 17:01:51.901490 2022] [ssl:info] [pid 61220:tid 812] [remote 10.130.55.158:4301] AH01997: SSL handshake failed: sending 502
    [Thu Jun 09 17:01:51.901490 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2547): AH00943: HCOH: has released connection for (brgvdhasf16)
    [Thu Jun 09 17:01:51.901490 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(589): AH03251: Health check GET Status (1) for 21c546c7cc0.
    [Thu Jun 09 17:01:51.901490 2022] [proxy_hcheck:info] [pid 61220:tid 812] AH03303: Health check DISABLING https://brgvdhasf16:4301
    [Thu Jun 09 17:01:51.901490 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(480): AH03248: Creating hc worker 21c546c2940 for https://brgvdhasf17:4301
    [Thu Jun 09 17:01:51.901490 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2123): AH00925: initializing worker 21c546c2940 shared
    [Thu Jun 09 17:01:51.901490 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2183): AH00927: initializing worker 21c546c2940 local
    [Thu Jun 09 17:01:51.901490 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2214): AH00930: initialized pool in child 61220 for (brgvdhasf17) min=0 max=64 smax=64
    [Thu Jun 09 17:01:51.901490 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(894): AH03256: Health checking https://brgvdhasf17:4301
    [Thu Jun 09 17:01:51.901490 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2532): AH00942: HCOH: has acquired connection for (brgvdhasf17)
    [Thu Jun 09 17:01:53.934330 2022] [proxy:error] [pid 61220:tid 812] (OS 10061)No connection could be made because the target machine actively refused it. : AH00957: HCOH: attempt to connect to 10.130.55.160:4301 (brgvdhasf17) failed
    [Thu Jun 09 17:01:53.934330 2022] [proxy:debug] [pid 61220:tid 812] proxy_util.c(2547): AH00943: HCOH: has released connection for (brgvdhasf17)
    [Thu Jun 09 17:01:53.934330 2022] [proxy_hcheck:debug] [pid 61220:tid 812] mod_proxy_hcheck.c(589): AH03251: Health check GET Status (-1) for 21c546c2940.
    [Thu Jun 09 17:01:53.934330 2022] [proxy_hcheck:info] [pid 61220:tid 812] AH03303: Health check DISABLING https://brgvdhasf17:4301

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)