I have quite a complicated way my data takes:
internet -> hetzner haproxy -> rathole tunnel -> homelab haproxy -> services
(rathole listenes at 127.0.0.1:443)
This (old) way works:
internet -> (hetzner) rathole tunnel -> homelab haproxy -> services
Why the extra proxy? I want a service for file sharing which has the high download speed from the cloud. All the other traffic is supposed to be forwarded further. I refuse to get an extra ip for that lol.
I tried to set the backend on the tunnel side to ssl verify none and the frontend bind to use ssl. I also set the backend to just localhost:443 and no ssl on the frontend bind. Both cause the same ssl error.
My haproxy on hetzner:
haproxy journalctl output:
SSL error: SSL_ERROR_RX_RECORD_TOO_LONG
Both proxies use a cert aquired from certbot *.mydomain.dev
What could be the issue here? I am not that good at SSL.