stunnel + haproxy + ssl + ddns + multiple domains

[Rob Cluett]

All, wondering if you can  point me in the right direction. I have stunnel
installed with the x-forwarded-for patch. I also have haproxy working so
all incoming http requests are forwarded from my router to happroxy.
haproxy then determines where to route the request based on the domain
name.  Configs below.  I'd like to implement something similar with stunnel
and haproxy so that all inbound requests can be routed in the same manner
for https.



global

    log         127.0.0.1 local2

    chroot      /var/lib/haproxy

    pidfile     /var/run/haproxy.pid

    maxconn     4000

    user        haproxy

    group       haproxy

    daemon

    # turn on stats unix socket

    stats socket /var/lib/haproxy/stats



defaults

    mode                    http

    log                     global

    option                  httplog

    option                  dontlognull

    option http-server-close

    option forwardfor       except 127.0.0.0/8

    option                  redispatch

    retries                 3

    timeout http-request    10s

    timeout queue           1m

    timeout connect         10s

    timeout client          1m

    timeout server          1m

    timeout http-keep-alive 10s

    timeout check           10s

    maxconn                 3000



frontend http_proxy

  bind *:80

  acl is_rbc-com hdr_dom(host) -i robcluett.com

  acl is_rbc-net hdr_dom(host) -i robcluett.net

  acl is_iom-com hdr_dom(host) -i iomerge.com

  use_backend cluster1 if is_rbc-com

  use_backend cluster2 if is_rbc-net

  use_backend cluster3 if is_iom-com



backend cluster1

  server web2 10.10.10.51:80

  #server web5 192.168.1.128



backend cluster2

  server web3 10.10.10.52:80

  #server web6 192.168.1.129:80



backend cluster3

  server web4 10.10.10.53:80



Rob Cluett

r...@robcluett.com

978.381.3005



**Please use this address for all email correspondence. The phone number
listed in the signature above replaces any other phone number you may have
for me.*



*This email contains a digitally signed certificate authenticating the
sender. This certificate prevents others from posing as or spoofing the
sender, guarantees that it was sent from the named sender and when
necessary encrypts the email such that only the sender and reciepient(s)
can read it's contents. If you receive an email from this sender without
the digitally signed certificate it is not from the sender and therefore
it's contents should be disregarded. *

* *

*This e-mail, and any files transmitted with it, is intended solely for the
use of the recipient(s) to whom it is addressed and may contain
confidential information. If you are not the intended recipient, please
notify the sender immediately and delete the record from your computer or
other device as its contents may be confidential and its disclosure,
copying or distribution unlawful.***

smime.p7s
Description: S/MIME cryptographic signature