Hi,
I’m trying to setup the following configuration:
client → (SSL + SNI) → HAProxy → (SSL + retain original SNI + proxy protocol) → backend service
I’ve tried with the following configuration:
frontend haproxy
bind 127.0.0.1:9000 strict-sni ssl crt server.pem
mode tcp
use_backend mybackend
backend mybackend
mode tcp
server atlasproxy_server snihostname:9001 ssl ca-file ca.pem check-sni snihostname sni str(snihostname) send-proxy-v2-ssl check
Client connections fail as HAProxy isn’t passing through the SNI to the backend.
If I omit the send-proxy-v2-ssl option, SNI is sent, but then I’m not getting the proxy protocol header on the backend.
How can I set up such configuration?
Thanks!
1 post - 1 participant