Haproxy ssl 直通中断 curl 请求

我已将 Haproxy 配置为 TCP 模式，以在 2 台服务器之间实现平衡，并通过 https 连接与它们建立连接。问题是，当我的前端处于 tcp 模式时，curl 请求无法正常进行。

这是我得到的：

* Rebuilt URL to: https://HOSTNAME/
*   Trying IP...
* Connected to HOSTNAME (IP) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: HOSTNAME (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=HOSTNAME
*    start date: Sun, 03 Jul 2016 13:07:00 GMT
*    expire date: Sat, 01 Oct 2016 13:07:00 GMT
*    issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: HOSTNAME
> User-Agent: curl/7.47.0
> Accept: */*
> 
* Connection #0 to host HOSTNAME left intact
����%

这是我的haproxy.cfg：

global
    log 127.0.0.1 local0 notice
    maxconn 2000
    user haproxy
    group haproxy
    stats socket /etc/haproxy/sock.stat level admin
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2
    tune.ssl.default-dh-param 2048
defaults
    log global
    retries 3
    option redispatch
    timeout connect 5000
    timeout client 5000
    timeout server 5000
frontend https
    mode tcp
    option tcplog
    bind :443 ssl crt /etc/letsencrypt/live/HOSTNAME/haproxy.pem ciphers TLSv1.2 alpn h2,http/1.1
    default_backend nodes
    backend nodes
    mode tcp
    option tcplog
    server node-nginx 172.17.0.73:9999 check
    server node-maint 172.17.0.74:9999 backup
frontend http
    bind :80
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

我能做些什么吗？我需要 OpenGraph 预览，但因此失败了。