Dear All,
Is it reasonable to use ssl on the frontend in tcp mode?
I found a configuration like this:
listen service_https
bind :443 ssl crt domain.pem
mode tcp
option tcp-check
server srv1 <backend_ip1>:3000 check inter 1s weight 1
server srv2 <backend_ip2>:3000 check inter 1s weight 1
The “mode tcp” dictates that the frontend and backend is in tcp mode, as I think in this mode the haproxy simply pass the tcp packets to the backends, and doesn’t care about the above tls/ssl protocol.
However the bind use the ssl option. The admin page shows : “cap proxy, mode:tcp”
So if the frontend use ssl option, shouldn’t the mode be in http mode?
PS: sorry for bad english
thank you
2 posts - 2 participants