Hi,
I would like to provide a webmail service under https. Regarding the
docs, haproxy isn't able to talk ssl itself so I decided to go for
stunnel + haproxy. However things don't work as I thought. This is the
scenario:
LB1: stunnel + haproxy
A: webmail SUN messenger
B: webmail SUN messenger
My stunnel contains the following lines:
....
[https]
accept=ip_number:443
connect=ip_number:80
xforwardedfor = yes
I would like to use https with a generic certificate like
webmail.company.org. I've installed it on stunnel and I can see it on my
browser. My first question is how I would be able to use this
LBA1+stunnel to traffic more https sites in future? Is there a way to
manage several certificates with this configuration?
However, I have a problem with this configuration. When I connect to
https://mysite, it shows the certificate I put on stunnel but it
redirects my https to http and everything goes in clear. I thought it
will keep talking https.
I am wondering if I really need stunnel. Stopping it, haproxy redirects
my https traffic to my backends (they are able to talk https). It works
but it shows the certificate stored on each backend instead of a generic
one.
This is my haproxy config file:
....
backend b_webmail_secured
mode tcp
balance source
option ssl-hello-chk
server secure-A ip_number:443 weight 10
server secure-B ip_number:443 weight 10
I would appreciate some suggestions on how setting it up.
Thanks a lot,
Xavi
