Ejabberd with haproxy ssl termination

any got successful with ssl termination and haproxy 1.7?

frontend ejabberd
bind *:4000 ssl crt /etc/haproxy/certs/my-domain.com.pem

mode tcp
timeout client  3h

        option tcplog
         option clitcpka

default_backend ejabberd

backend ejabberd
mode tcp

timeout server  60m 

option redispatch
option srvtcpka
option independent-streams

balance leastconn

default-server inter 5s rise 3 fall 3 on-marked-down shutdown-sessions

server ejabberd localhost:5222 check slowstart 120s

it works fine without ssl crt. My smack client gives me a No response received within reply timeout. Timeout was 5000ms (~5s). While waiting for establishing TLS, also tried without tls on ejabberd conf

Config on ejabberd c2s is:

define_macro:
  'CERTFILE': "/home/ubuntu/ejabberd-17.09/conf/server.pem"
##   'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
  'TLSOPTS':
##     - "no_sslv2"
    - "no_sslv3"
##     - "no_tlsv1"
##     - "no_tlsv1_1"
##     - "cipher_server_preference"
##     - "no_compression"
##   'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048

##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
  -
    port: 5222
    ## ip: "::"
    module: ejabberd_c2s
    ## starttls: true
    certfile: 'CERTFILE'
    protocol_options: 'TLSOPTS'
    ## dhfile: 'DHFILE'
    ## ciphers: 'CIPHERS'
    ##
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ##
    starttls_required: true
    ##
    ## Stream compression
    ##
    ## zlib: true
    ##
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s

Syndicate content