@mbx wrote:
Hi there,
I currently explore the possibilities of HAProxy. This thing can do a lot
Now I’ve reached a point where I do not know what to do next. I’ve compiled HAProxy from sources with version 1.7-dev6 (See -vv below).
The goal is to accomplish SSL/TLS bridging with some extensions as described here https://www.haproxy.com/doc/aloha/7.0/deployment_guides/tls_layouts.html#ssl-tls-bridging-or-re-encryption
The traffic between Client and HAProxy should be H2 or HTTPS/1.1, the traffic between HAProxy and Server can only be HTTPS/1.1 (thank you, legacy application!), and I need to use SNI.My configuration so far:
frontend frontend_https-sni
bind *:443 ssl crt /etc/haproxy/ssl/
mode http
use_backend %[ssl_fc_sni,lower,map_dom(/etc/haproxy/switch_ssl.map)]
backend backend_ssl_1
mode http
server web0 127.0.0.1:443 ssl verify none check
backend backend_ssl_2
mode http
server web0 127.0.0.2:443 ssl verify none checkThis works fine. But as soon as I try to add „alpn h2,http1.1“ to the bind param the configuration does not work anymore. I have reached a bunch of different configurations, but none of them did work..
My questions are:
1) Is it even possible to accomplish what I am trying to do? I haven’t found anyone doing it already. I would be really happy if I do not have to deploy nginx..
2) If yes, can you give me some direction where I need to go, please?Thank you very much!
Kind regards,
Max
Posts: 2
Participants: 2