Hi Rob, Just make you stunnel point to your frontend on the port 80, and you're done.
cheers On Thu, Nov 29, 2012 at 1:05 AM, Rob Cluett <[email protected]> wrote: > All, wondering if you can point me in the right direction. I have stunnel > installed with the x-forwarded-for patch. I also have haproxy working so all > incoming http requests are forwarded from my router to happroxy. haproxy > then determines where to route the request based on the domain name. > Configs below. I'd like to implement something similar with stunnel and > haproxy so that all inbound requests can be routed in the same manner for > https. > > > > global > > log 127.0.0.1 local2 > > chroot /var/lib/haproxy > > pidfile /var/run/haproxy.pid > > maxconn 4000 > > user haproxy > > group haproxy > > daemon > > # turn on stats unix socket > > stats socket /var/lib/haproxy/stats > > > > defaults > > mode http > > log global > > option httplog > > option dontlognull > > option http-server-close > > option forwardfor except 127.0.0.0/8 > > option redispatch > > retries 3 > > timeout http-request 10s > > timeout queue 1m > > timeout connect 10s > > timeout client 1m > > timeout server 1m > > timeout http-keep-alive 10s > > timeout check 10s > > maxconn 3000 > > > > frontend http_proxy > > bind *:80 > > acl is_rbc-com hdr_dom(host) -i robcluett.com > > acl is_rbc-net hdr_dom(host) -i robcluett.net > > acl is_iom-com hdr_dom(host) -i iomerge.com > > use_backend cluster1 if is_rbc-com > > use_backend cluster2 if is_rbc-net > > use_backend cluster3 if is_iom-com > > > > backend cluster1 > > server web2 10.10.10.51:80 > > #server web5 192.168.1.128 > > > > backend cluster2 > > server web3 10.10.10.52:80 > > #server web6 192.168.1.129:80 > > > > backend cluster3 > > server web4 10.10.10.53:80 > > > > Rob Cluett > > [email protected] > > 978.381.3005 > > > > *Please use this address for all email correspondence. The phone number > listed in the signature above replaces any other phone number you may have > for me. > > > > This email contains a digitally signed certificate authenticating the > sender. This certificate prevents others from posing as or spoofing the > sender, guarantees that it was sent from the named sender and when necessary > encrypts the email such that only the sender and reciepient(s) can read it's > contents. If you receive an email from this sender without the digitally > signed certificate it is not from the sender and therefore it's contents > should be disregarded. > > > > This e-mail, and any files transmitted with it, is intended solely for the > use of the recipient(s) to whom it is addressed and may contain confidential > information. If you are not the intended recipient, please notify the sender > immediately and delete the record from your computer or other device as its > contents may be confidential and its disclosure, copying or distribution > unlawful. > >
