ssl pass-through not working in haproxy

[nike]

Sir
i have a frontend centos 7 (server) configured with Haproxy using pass-through ssl support.My Haproxy server was configured like below

----------------------------------------------------------------------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global

log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
log global
option tcplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend https-in
bind *:80
bind *:443
mode tcp
default_backend app

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
mode tcp
option ssl-hello-chk
balance roundrobin
server name of backend host x.x.x.p:443 check
---------------------------------------------------------------------------------------------------------------------------------------------------
and my backend centos7 (server) configured ssl-httpd with php application (self-signed ssl certificate)......when i run it from any client within local network it is working fine but via haproxy it is not running properly . i am browsing web-application with via proxy-server ip address ---say
https://x.x.x.x/app it is working but when i call subfolder under app (https://x.x.x.x/app/main) it will open with backend server ip address like https://x.x.x.p/app/main....

I cannot understand if there is any configuration problem...plz help ..thanks in advance

[hunter86_bg]

Anything in haproxy logs ?

[nike]

Anything in haproxy logs ?

thanks for quick reply
this is log ......file report
Jun 29 11:18:36 localhost haproxy[3897]: Proxy https-in started.
Jun 29 11:18:36 localhost haproxy[3897]: Proxy app started.
Jun 29 11:20:44 localhost haproxy[3899]: 192.168.0.32:41424 [29/Jun/2019:11:20:39.091] https-in app/server 1/2/5419 90936 -- 0/0/0/0/0 0/0
Jun 29 11:22:23 localhost haproxy[3899]: 192.168.0.77:49311 [29/Jun/2019:11:22:21.885] https-in app/server 1/1/1197 1587 -- 1/1/1/1/0 0/0
Jun 29 11:22:24 localhost haproxy[3899]: 192.168.0.77:49312 [29/Jun/2019:11:22:21.885] https-in app/server 1/1/2720 1587 -- 0/0/0/0/0 0/0
Jun 29 11:23:11 localhost haproxy[3899]: 192.168.0.77:49315 [29/Jun/2019:11:22:29.529] https-in app/server 1/1/42447 1587 -- 1/1/0/0/0 0/0
Jun 29 11:23:25 localhost haproxy[3899]: 192.168.0.77:49329 [29/Jun/2019:11:23:11.977] https-in app/server 1/1/13375 1587 -- 1/1/1/1/0 0/0
Jun 29 11:23:25 localhost haproxy[3899]: 192.168.0.77:49336 [29/Jun/2019:11:23:24.898] https-in app/server 1/1/946 1587 -- 0/0/0/0/0 0/0
Jun 29 11:23:30 localhost haproxy[3899]: 192.168.0.77:49341 [29/Jun/2019:11:23:29.773] https-in app/server 1/1/237 1587 -- 1/1/1/1/0 0/0
Jun 29 11:23:30 localhost haproxy[3899]: 192.168.0.77:49342 [29/Jun/2019:11:23:29.774] https-in app/server 1/1/396 1587 -- 0/0/0/0/0 0/0
Jun 29 11:23:59 localhost haproxy[3899]: 192.168.0.29:44182 [29/Jun/2019:11:23:59.428] https-in app/server 1/2/17 1587 -- 0/0/0/0/0 0/0
Jun 29 11:23:59 localhost haproxy[3899]: 192.168.0.29:44186 [29/Jun/2019:11:23:59.474] https-in app/server 1/6/30 1587 -- 1/1/1/1/0 0/0
Jun 29 11:23:59 localhost haproxy[3899]: 192.168.0.29:44222 [29/Jun/2019:11:23:59.789] https-in app/server 1/1/4 137 -- 1/1/1/1/0 0/0
Jun 29 11:24:59 localhost haproxy[3899]: 192.168.0.29:44184 [29/Jun/2019:11:23:59.461] https-in app/server 1/6/60368 181629 cD 0/0/0/0/0 0/0
[root@centssl log]#

[hunter86_bg]

I don't see anything going out (according to logs).

I think that haproxy thinks the backend is dead.
Enable the status page of haproxy, so you can verify that.
I think the following should advise you:
HAproxy

[nike]

I don't see anything going out (according to logs).

I think that haproxy thinks the backend is dead.
Enable the status page of haproxy, so you can verify that.
I think the following should advise you:
HAproxy

------------------------------------------------------------
i have configured haproxy for layer 4 i.e. mode tcp but in Lastchk of backend server status showing "L6OK/1ms"

Session rate Sessions Bytes Denied Errors Warnings Server
Cur Max Limit Cur Max Limit Cur Max Limit Total LbTot Last In Out Req Resp Req Conn Resp Retr Redis Status LastChk Wght Act Bck Chk Dwn Dwntme Thrtle
server 0 0 - 0 3 0 2 - 3




3 5m29s 2168 89685 0 0 0
0 0 5m58s UP L6OK in 1ms
1

what problem in configuration? plz help

[hunter86_bg]

I'm out if ideas. The config should be OK.

Try to use curl from outside network towards the haproxy (use more verbosity) and paste the output here.

Edit: If the backend has a test page - it will reduce the output.