You *can* set up haproxy to act as tcp proxy which passes requests to backend https servers but then u cant use any of the "advanced" functions of load balancer (u cant for example forward requests to different backend based on path, or use cookie-based persistence). Can't u just turn off SSL (or connect to non-ssl port) on application server ? and do SSL before haproxy ? I mean instead of
[client](HTTPS) -> (HTTPS)[haproxy in tcp mode](HTTPS) -> [appserver](HTTPS) do [client](HTTPS) -> (HTTPS)[stunnel or lighttpd](HTTP) -> (HTTP)[haproxy in http mode](HTTP) -> [appserver](HTTP) Dnia 2010-03-13, sob o godzinie 17:27 -0500, Anne Moore pisze: > Very interesting. Thank you for the reply. That's very disappoint that > haproxy doesn't support SSL. > > However, what if I my haproxy was HTTP, and it forwarded requests to > my two backend HTTPS (SSL) URL servers? > > Would this scenario work fine with haproxy? > > Thank you > > Anne > > > > > ______________________________________________________________________ > From: XANi [mailto:xani...@gmail.com] > Sent: Saturday, March 13, 2010 4:25 PM > To: Anne Moore > Cc: haproxy@formilux.org > Subject: Re: setup with Oracle and SSL > > > > > Hi > Dnia 2010-03-13, sob o godzinie 13:34 -0500, Anne Moore pisze: > > > Greetings to all, > > I'm new to this group, but have really been working hard on getting > > haproxy working for Oracle Application HTTP server over SSL. > > I've looked through the website, but can't seem to find anything > > that shows how to setup SSL on the haproxy. I also can't find > > anything on how to setup haproxy with Oracle Application HTTP > > server. > > Would someone on this list have that knowledge, and be willing to > > share? > > Thank you! > > Anne > > That's because haproxy doesn't support SSL in http mode, if u want > HTTPS u need to set up "SSL proxy" in form of for example Lighttpd. > so it works like that: > Lighttpd( https:443) -> Haproxy(http:80) ->your_backend_servers. > > Only thing to watch out is loggin client IP, basically u have to add > to config > option forwardfor except 127.0.0.1 > where "127.0.0.1" is ur SSL proxy address > Then proxy will be passing original client IP thru "X-Forwarded-For" > header > > "except 127.0.0.1" is because lighttpd adds "X-Forwarded-For" when > used as proxy so haproxy doesn't have to (obv. replace it with other > ip if ur SSL proxy is on different host) > > Regards > XANi > > -- > Mariusz Gronczewski (XANi) <xani...@gmail.com> > GnuPG: 0xEA8ACE64 > http://devrandom.pl -- Mariusz Gronczewski (XANi) <xani...@gmail.com> GnuPG: 0xEA8ACE64 http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo