Hi folks,
I’m trying to solve the following problem: I have a third party distributed database application that doesn’t support encrypted traffic and I would like to set up a transparent proxy so that traffic can be routed through it on both ends and handle mTLS (both sides present and validate certificates) for both client-server and server-server communication.
I’ve been trying to use iptables and HaProxy to do this and my idea was to route incoming traffic to the original database port to HaProxy for server side mTLS (present server certificate, validate client certificate), while preserving the original caller IP for tracking and route outgoing traffic to the original database (remote) port locally to HaProxy as well, to perform client side mTLS (present client certificate, validate server certificate).
Is it possible to do this with HAProxy? Most tutorials I’ve seen online are about doing transparent proxying for remote clients and servers, so I’d appreciate any help or pointers
1 post - 1 participant