On Fri, Apr 12, 2024, at 4:01 PM, Amaury Denoyelle wrote: > I have a doubt though, will this kind of configuration really works ? I > though that for the moment if name parameter is specified, it is > mandatory to use a server with SSL+SNI.
It may be mandatory according to the RFC, but I'm not using it that way. Usually it's RHTTP over SSL, and the incoming connection identifies itself securely using the SSL DN. The way I'm using it is RHTTP over HTTP CONNECT - and I'm validating the connection using the headers that came with the HTTP CONNECT. I have tcp server block that strips the HTTP CONNECT header and adds PROXY header instead with the connection pool name sent through using unique-id: listen connect_terminate mode tcp bind ... tcp-request inspect-delay 5s tcp-request content lua.terminate_http_connect # This allows us to send the hostname over the PROXY protocol: unique-id-format "%[var(txn.req_header.x_hostname)]" server srv 127.0.0.1:8001 send-proxy-v2 proxy-v2-options unique-id Then I use that unique id when adding the connection to the connection pool: frontend add_to_http_pool mode http bind 127.0.0.1:8001 proto h2 accept-proxy tcp-request session attach-srv rhttp_frontend/srv name fc_pp_unique_id It's a little roundabout (and this is the simplified version) but quite capable. I plan to use a similar technique to route multiple requests to different hostnames down the same RHTTP connection too. In that case I'll not be using sni req.hdr(host) either - but I haven't got that far yet. Thanks Will --- William Manley Stb-tester.com Stb-tester.com Ltd is a company registered in England and Wales. Registered number: 08800454. Registered office: 13B The Vale, London, W3 7SH, United Kingdom (This is not a remittance address.)