After Upgrade to 1.16 HAProxy SNI stops working.
This is the message in the HAProxy log:
5/14/2018 10:29:48 AMtime="2018-05-14T15:29:48Z" level=info msg=" -- starting haproxy\n * Starting haproxy haproxy\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for frontend '443' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : parsing [/etc/haproxy/haproxy.cfg:63] : HTTP log/header format not usable with backend '443_service1_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (34) : config : 'http-request' rules ignored for backend '443_service1_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for backend '443_service1_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : parsing [/etc/haproxy/haproxy.cfg:71] : HTTP log/header format not usable with backend '443_service3_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (34) : config : 'http-request' rules ignored for backend '443_service3_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for backend '443_service3_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : parsing [/etc/haproxy/haproxy.cfg:79] : HTTP log/header format not usable with backend '443_testservice3_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (34) : config : 'http-request' rules ignored for backend '443_testservice3_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for backend '443_testservice3_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : parsing [/etc/haproxy/haproxy.cfg:87] : HTTP log/header format not usable with backend '443_service2_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (34) : config : 'http-request' rules ignored for backend '443_service2_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for backend '443_service2_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (34) : parsing [/etc/haproxy/haproxy.cfg:95] : HTTP log/header format not usable with backend '443_testservice2_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (34) : config : 'http-request' rules ignored for backend '443_testservice2_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (34) : config : 'option forwardfor' ignored for backend '443_testservice2_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for frontend '443' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : parsing [/etc/haproxy/haproxy.cfg:63] : HTTP log/header format not usable with backend '443_service1_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (35) : config : 'http-request' rules ignored for backend '443_service1_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for backend '443_service1_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : parsing [/etc/haproxy/haproxy.cfg:71] : HTTP log/header format not usable with backend '443_service3_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (35) : config : 'http-request' rules ignored for backend '443_service3_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for backend '443_service3_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : parsing [/etc/haproxy/haproxy.cfg:79] : HTTP log/header format not usable with backend '443_testservice3_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (35) : config : 'http-request' rules ignored for backend '443_testservice3_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for backend '443_testservice3_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : parsing [/etc/haproxy/haproxy.cfg:87] : HTTP log/header format not usable with backend '443_service2_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (35) : config : 'http-request' rules ignored for backend '443_service2_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for backend '443_service2_domian_name_com_' as it requires HTTP mode.\n[WARNING] 133/152947 (35) : parsing [/etc/haproxy/haproxy.cfg:95] : HTTP log/header format not usable with backend '443_testservice2_domian_name_com_' (needs 'mode http').\n[WARNING] 133/152947 (35) : config : 'http-request' rules ignored for backend '443_testservice2_domian_name_com_' as they require HTTP mode.\n[WARNING] 133/152947 (35) : config : 'option forwardfor' ignored for backend '443_testservice2_domian_name_com_' as it requires HTTP mode.\n ...done.\n"
I should note that this was working fine before the upgrade.
Version: image: rancher/lb-service-haproxy:v0.9.1
I opened the following github issue for this. It will get tracked and investigated better there: