git-server-git.apps.pok.os.sepia.ceph.com Git

author	Benedikt Heine <bebe@bebehei.de>
	Mon, 30 Dec 2024 14:26:16 +0000 (15:26 +0100)
committer	Benedikt Heine <bebe@bebehei.de>
	Mon, 30 Dec 2024 14:26:16 +0000 (15:26 +0100)
commit	cb43999432073c197c59b3c6e30fa67904fd5209
tree	a66743c42f01f2158518860efa40a84bafe64f6e	tree \| snapshot
parent	226cba1c5219f5bb8d0cd056721711c87d9bf2fd	commit \| diff

doc/mgr/dashboard: Fix HAProxy TLS example

With `ssl` set on the `server` option, HAProxy strips the TLS protocol
for all clients. You would need to connect to it with `http://<ip>:443`.

To have an active health check, which uses SSL, but does not strip it
for clients, you'd need to add:

- `check` to enable active health checks.
- `check-ssl` to instruct the health check to use TLS
- `verify none` to skip verification on the health check requests from
HAProxy
- _REMOVE_ `ssl` to stop stripping TLS

The active health checks are required to not route any requests to the
inactive managers. These would redirect to any unusable IP from the
active mgr.

---

Alternatively you could add another certificate in the frontend and then
re-encrypt the traffic. But this would require tracking the certs also
in HAProxy.

Signed-off-by: Benedikt Heine <bebe@bebehei.de>