Willy, you saved me.
Thank you for patience and help.
On Oct 29, 2012, at 17:58 , Willy Tarreau <[email protected]> wrote:
> On Mon, Oct 29, 2012 at 05:35:37PM +0400, Samat Galimov wrote:
>> Hello,
>>
>> Thank you very much for help.
>>
>> I can't make req_ssl_sni work and don't know how to troubleshoot it without
>> digging into source code.
>>
>> Here is my config:
>>
>> ...
>> listen https
>> mode tcp
>> bind :443
>> tcp-request inspect-delay 5s
>> use-server decipher if { req_ssl_sni example.com }
>> server decipher 127.0.0.1:4443 weight 0
>> server forward 127.0.0.1:5443
>>
>> frontend decipher
>> mode http
>> bind :4443 ssl crt cert.pem
>> ...
>>
>> I say
>> openssl s_client -connect 127.0.0.1:443 -servername example.com -debug
>> And nc -l :5443 shows that connection is forwarded, not deciphered.
>>
>> Is there anything I missed?
>
> Yes, you skipped the "tcp-request content-accept" line in the config I sent.
>
> Willy
>
