Hi,
I’m using the config file below and I have many more logs entries from “dummy_frontend_without_client_cert~ backend_app1/myapp1server” than from the “real” frontend “tcp-443” !
I’ve explained why I use this config in this post : Display client certificate informations when SSL client certificate is not trusted - #3 by wilvh
For example, for one entry in the frontend “tcp-443” I have 3 request that are redirected to my backend server “myapp1server” !
How is it possible to have more request “outputs” than “inputs” ? I’ve checked on the application server “myapp1server” and the 3 requests from HAProxy are indeed three different requests that should have appeared in the http frontend !
frontend tcp-443
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# App1 is not protected by client cert
acl sni_prodroc req_ssl_sni -i app1-without-client-cert.mydomain.com
use_backend dummy_backend_without_client_cert if app1-without-client-cert.mydomain.com
backend dummy_backend_without_client_cert
mode tcp
server dummy_frontend_without_client_cert 127.0.0.1:5401 send-proxy
frontend dummy_frontend_without_client_cert
bind 127.0.0.1:5401 accept-proxy ssl crt /ssl/app1-without-client-cert.mydomain.com strict-sni
mode http
option forwardfor
use_backend backend_app1
backend backend_app1
mode http
server myapp1server 192.168.1.10:8080
Thank you
1 post - 1 participant