On Wed, Jul 13, 2011 at 5:04 PM, Christopher Ravnborg <christopher.ravnb...@gmail.com> wrote: > Hi > I'm looking for a solution which can do the following: > Client need to connect to https webserver via haproxy. Encryption all the > way.
You can't read the https stream, because it's encrypted. > Log on webserver needs to contain client ip, this can be done, at least on > http with forwardfor, that works fine. > I have setup haproxy and read about stunnel with a patch to do https to > haproxy, if i understand it right, stunnel will then decrypt/unwrap the > stream, and pass it on to the server. > If this is the case - does it send the non-https traffic to the https server > - and will this be possible at all or am i misunderstanding this totally ? No. You terminate the ssl at the load-balancer, and send the http to the backend. You need to configure the backend servers to accept and trust the http traffic from the LB. If you *need* https the whole way, then you can only loadbalance at a lower level, i.e. in haproxy you use 'mode tcp'