Passbolt behind marathon-lb 400 Bad Request The plain HTTP request was sent to HTTPS port


#1

Checklist
[X ] I have read intro post: About the Installation Issues category
[ X] I have read the tutorials, help and searched for similar issues
[ X] I provide relevant information about my server (component names and versions, etc.)
[X ] I provide a copy of my logs and healthcheck
[ X] I describe the steps I have taken to trouble shoot the problem
[ X] I describe the steps on how to reproduce the issue

   +------------------------+                +----------------------------+              +-----------------------------+
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |  HAProxy 443 listening 443              |                            |              |  Container listening 443    |
   |                        |                |   Marathon-lb listening:443|              |                             |
   |                        +--------------->+                            +--------------+                             |
   |                        |                |                            |              ^                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   |                        |                |                            |              |                             |
   +------------------------+                +----------------------------+              +-----------------------------+

Hi,
I am using the latest Passbolt version 2.7.1, deployed in a DC/OS cluster that has marathon-lb as a reverse proxy, and before this reverse proxy is siting another HAProxy (physical one). So I from the HAProxy I forward port 80 to 443, then it reaches the of the Marathon-lb frontend on port 443 already, and this is forwarding the request to the container on port 443.
Certificates are installed in the first physical LB, and to the marathon-lb is trusted, and in the container I am mounting the right certificate. But I still get his error in the Passbolt container:

2019/02/19 17:28:14 [info] 55#55: *1 client sent plain HTTP request to HTTPS port while reading client request headers, client: 44.128.0.8, server: , request: "GET / HTTP/1.1", host: "pass.domain.com"
44.128.0.8 - - [19/Feb/2019:17:28:14 +0000] "GET / HTTP/1.1" 400 264 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0

#2

Fixed. I wasn’t passing ssl traffic from marathon-lb to passbolt, I had to add "ssl"directive.


closed #3

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.