SNI routing to servers - only ever sent to first server

Hi there.

I'm trying to get HAProxy setup to receive requests on port 443 for a range of different subdomains, then use SNI based ACLs to direct them to an appropriate server for that domain.
The problem is that when I try going to support.domain.com.au it just sends my request to the webserver for cloud.domain.com.au.

I've followed this guide: https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/

My current (mildly santized) config is below, and any help would be greatly appreciated!

Thanks in advance.

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 15s
        timeout client  15s
        timeout server  15s
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

#Define Frontends

frontend http-in
        bind 10.1.1.1:80
        mode http
        redirect scheme https code 301 if !{ ssl_fc }
		
frontend https-in
        bind 10.1.1.19:443
        mode tcp

		tcp-request inspect-delay 5s
		tcp-request content accept if { req.ssl_hello_type 1 }
		
		default_backend ssl_default

#Define Backends

backend ssl_default
        mode tcp
		
        acl servercloud_acl req.ssl_sni -i cloud.domain.com.au
	    acl serversupport_acl req.ssl_sni -i support.domain.com.au

        use-server servercloud_https if servercloud_acl
	    use-server serversupport_https if serversupport_acl

        option ssl-hello-chk		
        server servercloud_https 192.168.1.1:443 check
        server serversupport_https 192.168.1.2:443 check

Posts: 2

Participants: 2

Read full topic

SNI routing to servers - only ever sent to first server

Trending Articles

Activation error during step MAIN_SHDRUN/ACT_UPG - DB Prozedur Proxy

Murder charge millionaire Clint Spearpoint gets bail to help firm

Moondru Mudichu 27-05-2016 – Polimer tv Serial

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Critical Reasoning (CR) | Re: Outsourcing is the practice of obtaining from...

Film – Atacul cavaleriei ușoare – The Charge of the Light Brigade (1968)...

Who Is Sisanda Jonas? | Biography| Profile| History Of South African Media...

Practice Sheet of Modifier for HSC Students

India Westbrooks NAKED!!!

Ulster's King Coke Barney 'Rubble' Morgan leaves mansion to rot

What Position Is Faffy Iannarella Playing In The Philly Mafia? Scarfo Era...

Throw Back: Samini — Where My Baby Dey (Prod by Kaywa)

Ndebele names

New Malayalam kambi Audio Talk Sussiyude cycle paditham

Black Angus Grilled Artichokes

New head teacher takes over in Stallingborough

Mp3 Download: Mdu - Nammer

SANIDAPA LIVE IN GADAMBUWANA 2017

Does brandi on storage wars smoke in real life

Download New Album: Wizkid – Morayo (Full Album)