Willy Tarreau <w <at> 1wt.eu> writes: > > Then in theory what you're looking for is called "content switching" : use > whatever information you can find in a request to decide where to forward > it. The principle will be to have as many backends as possible destinations > (20 in your case) and to use ACLs + "use_backend" rules to direct them. > > The issue I see in your case is that you can't know what domain is being > requested when looking at SSL. In fact, there is the SNI (server name > indication) extension which some browsers do use but not all to the best > of my knowledge. If we see enough adoption of this, I would have no problem > implementing a decoder for it, as it would help !
With the adoption of the cloud in masses lately, most cloud providers don't allow more than one IP per server, which ties the hands of people that need multiple SSL Vhosts. I would agree that HAProxy should have an SNI decoder, especially since most browsers now support it in the latest versions and it would only help IPv4 IP space ;) -k
