@e1ts wrote:
Hello community!
I am trying to get haproxy to work with REQ_SSL_SNI and SSL termination.
Guides I have followed https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ https://stuff-things.net/2016/11/30/haproxy-sni/
Setup: HA-Proxy version 1.6.3 Ubuntu 16.04
Log generates following:
HTTP-in ~ http-in/NOSRV-1/-1/12 0 SC 0/0/0/0/0 0/0
frontend http-in bind *:443 ssl crt /etc/haproxy/certs/ log global reqadd X-Forwarded-Proto:\ https mode tcp option tcplog # wait up to 5 seconds from the time the tcp socket opens # until the hello packet comes in (otherwise fallthru to the default) tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } acl is_site1 req_ssl_sni -i foo.foobar.com acl is_site2 req_ssl_sni -i foobar.com use_backend www-foo-foobar if is_site1 use_backend www-foobar if is_site2 backend www-foo-foobar log global mode tcp option tcplog redirect scheme https if !{ ssl_fc } server www-1 127.0.0.1:3030 check backend www-foobar log global mode tcp option tcplog redirect scheme https if !{ ssl_fc } server www-1 127.0.0.1:5000 checkWhat am I missing?
Can someone point me in the right direction?
Posts: 1
Participants: 1