Hi Everybody,
Thank you very much for HAProxy and this forum ;-).
I successfully configured multiple domains with multiple certs (requires SNI / Server Name Indication).
frontend config looks like this:
frontend prt-http
mode http
option httplog
bind *:80
bind *:443 ssl crt /cert/firstdomain.com.pem crt /cert/seconddomain.com.pem crt /cert/thirddomain.com.pem
option forwardfor
# and then ACLs for different domains
I tested how to change SSL configuration for everything by for example adding this into global:
global
...
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
And I also tested adding extra configuration to the line with certificates:
bind *:443 ssl crt /cert/firstdomain.com.pem crt /cert/seconddomain.com.pem crt /cert/thirddomain.com.pem no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
But that changes configuration globally / for all certificates / domains. I need to change SSL config for a single domain.
Could you please tell me is there a way how to change configuration for a single certificate (single domain) without need for another public IP?
I know I can do that by adding another frontend. The problem is that I’d need two public IP addresses so I can bind first frontend to bind 1.2.3.4:443 and second to bind 3.4.5.6:443 but adding another IP is a problem at this moment and I’d rather avoid it if possible.
Thank you.
Kind regards,
Ben H.
3 posts - 2 participants