I would like to ask why you have non ssl and ssl traffic on the same port? while it seems it is possible it is not the right way to do it.
On 2 Jul 2017 23:37, "Igor Cicimov" <[email protected]> wrote: On 3 Jul 2017 8:35 am, "Igor Cicimov" <[email protected]> wrote: On 3 Jul 2017 6:47 am, "Daren Sefcik" <[email protected]> wrote: On Sat, Jul 1, 2017 at 4:39 PM, Igor Cicimov <[email protected] > wrote: > > > On 29 Jun 2017 2:46 am, "Daren Sefcik" <[email protected]> wrote: > > On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <[email protected]> > wrote: > >> Hi, >> >> >> 2017-06-28 16:47 GMT+02:00 Daren Sefcik <[email protected]>: >> >>> Hi, I have searched for an answer to this and tried several things but >>> cannot seem to figure it out so am hoping someone can point me in the right >>> direction. I have different backend proxy servers (squid) setup to handle >>> specifically HTTP and HTTPS traffic but cannot figure out how to tell >>> haproxy to tell the difference and send appropriately. >>> >>> For example, I have >>> >>> frontend proxy_servers >>> backend http_proxies >>> backend https_proxies >>> >>> how can I tell frontend to send all http traffic to backend http_proxies >>> and all https traffic to https_backend? I have tried using dst_port 443 and >>> the acl https ssl_fc but nothing seems to distinguish https traffic. >>> >> >> Well, it should work. Send a copy of your config to see what's wrong in >> it. >> >> Olivier >> >> >> >>> >>> TIA... >>> >> >> > Here is an example, it continues to direct all https traffic to the web > proxy and not the streaming media one. > > frontend HTPL_PROXY > bind 10.1.4.105:8181 name 10.1.4.105:8181 > mode http > log global > option http-server-close > option forwardfor > acl https ssl_fc > http-request set-header X-Forwarded-Proto http if !https > http-request set-header X-Forwarded-Proto https if https > maxconn 90000 > timeout client 10000 > option tcp-smart-accept > acl is_youtube hdr_sub(host) -i youtube.com > acl is_netflix hdr_sub(host) -i netflix.com > acl is_nflixvideo hdr_sub(host) -i nflxvideo.net > acl is_googlevideo hdr_sub(host) -i googlevideo.com > acl is_google hdr_sub(host) -i google.com > acl is_pandora hdr_sub(host) -i pandora.com > acl is_https dst_port eq 443 > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_youtube > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_netflix > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_nflixvideo > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_googlevideo > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_pandora > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_https > default_backend HTPL_WEB_PROXY_http_ipvANY > > Obviously dst_port 443 method can not work since you are listening on port > 8181. Since both protocols are on same port you can try in tcp mode: > > mode tcp > option tcplog > bind *:8181 > > tcp-request inspect-delay 5s > acl is_ssl req.ssl_hello_type 1 > > Thank you, I have tried that with the below config and it still sends all traffic to the default backend instead of my ssl backend, any other ideas? frontend HTPL_PROXY bind 10.1.4.105:8181 name 10.1.4.105:8181 mode tcp log global maxconn 90000 timeout client 10000 option tcp-smart-accept tcp-request inspect-delay 5s acl is_ssl req.ssl_hello_type 1 use_backend HTPL_SSL_PROXY_tcp_ipvANY if is_ssl default_backend HTPL_WEB_PROXY_tcp_ipvANY Only explenation i can see is that no ssl traffik is hitting haproxy at least not on port 8181 Or the ip it is bind to
