Hello haproxy knowledged people,
I am setting up a gateway that is supposed to route traffic from different domains (2 tld and multiple subs) to different backends. I am using certbot with cloudflare for SSL termination and want to route the domains with ACLs.
What I can’t get working is the routing from the domains. All works fine for the default backend, which is commented in the example config (SSL, status, …) but as soon as I comment the default backend and want to access the same service promox.dev.example.de which would be routed through the ACL, I get secure connection failed.
I tried multiple ACLs matching methods like hdr(host) but I can’t get it working. Would be awesome if someone could shine some light on this. I am stuck :-/
############## Configure public https frontend #############
listen https
mode tcp
option tcplog
# HTTP
bind :80
# Redirect all HTTP traffic to HTTPS
redirect scheme https if !{ ssl_fc }
# HTTPS
bind :443 ssl crt /etc/haproxy/ssl/
tcp-request content accept if { req.ssl_hello_type 1 }
acl ACL_promox req.ssl_sni -i promox.example.de
acl ACL_promox_dev req.ssl_sni -i promox.dev.example.de
acl ACL_promox_dev req.ssl_sni -i promox.backup.example.de
acl ACL_artemis req.ssl_sni -i *.apps.artemis.example.de
....
use_backend proxmox_production_backend if ACL_promox
use_backend proxmox_development_backend if ACL_promox_dev
use_backend proxmox_backup_backend if ACL_promox_backup
use_backend proxmox_backup_backend if ACL_artemis
....
# default_backend proxmox_development_backend
############## Configure proxmox development backend #############
backend proxmox_production_backend
mode tcp
option tcplog
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server proxmox-production-0 10.XX.19.XX:8006 ssl check verify none
############## Configure proxmox development backend #############
backend proxmox_development_backend
mode tcp
option tcplog
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server proxmox-development-0 10.XX.19.XX:8006 ssl check verify none
############## Configure proxmox backup backend #############
backend proxmox_backup_backend
mode tcp
option tcplog
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server proxmox-backup-0 10.XX.19.XX:8006 ssl check verify none
############## Configure artemis prodution backend for https #############
backend https_artemis_live_backend
mode http
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server artemis-zerotier-bridge-0 10.XX.19.XX:443 check
server artemis-zerotier-bridge-1 10.XX.19.XX:443 check
server artemis-zerotier-bridge-2 10.XX.19.XX:443 check
```1 post - 1 participant