HAPROXY：PR - TLS 终止失败

我在这里发帖，因为我正在尝试将 HAProxy 设置为具有 SSL/TLS 终止的反向代理，并且在日志中出现以下错误：

Oct 17 12:10:03 localhost haproxy[2789]: xxx.xxx.xxx.xxx:33724 [17/Oct/2020:12:10:03.784] www-https www-https/<NOSRV> -1/-1/-1/-1/0 400 188 - - PR-- 1/1/0/0/0 0/0 "<BADREQ>"

我不明白为什么 HAProxy 会阻止该请求。

你可以帮帮我吗 ？

这是我的 haproxy.cfg：

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 5s
        user haproxy
        group haproxy
        daemon

        tune.ssl.default-dh-param 4096

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option forwardfor
        option http_proxy
        timeout connect 5000
        timeout client  50000
        timeout server  5000 
        stats enable
        stats hide-version
        stats refresh 5s
        stats uri /hastats



frontend www-http
        bind *:80
        reqadd X-Forwarded-Proto:\ http
        default_backend www-backend

        # Test URI to see if its a letsencrypt request
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl


frontend www-https
        bind *:8000-9000 crt /etc/haproxy/certs/www.example.com.pem
        bind *:443 crt /etc/haproxy/certs/www.example.com.pem
        reqadd X-Forwarded-Proto:\ https
        default_backend www-backend


backend www-backend
        mode http
        http-request set-header X-Forwarded-For %[src]
        reqadd X-Forwarded-Proto:\ https
        option http-server-close
        balance roundrobin
        redirect scheme https if !{ ssl_fc }
        server web1 xxx.xxx.xxx.101:80 check
        server web2 xxx.xxx.xxx.102:80 check

backend letsencrypt-backend
        server letsencrypt 127.0.0.1:8080