Thank you Baptiste. I am implementing this now. The procedure I was looking at had me making it more complicated than it needed to be.
-----Original Message----- From: Baptiste [mailto:bed...@gmail.com] Sent: Thursday, November 29, 2012 2:29 AM To: Rob Cluett Cc: haproxy@formilux.org Subject: Re: stunnel + haproxy + ssl + ddns + multiple domains Hi Rob, Just make you stunnel point to your frontend on the port 80, and you're done. cheers On Thu, Nov 29, 2012 at 1:05 AM, Rob Cluett <r...@robcluett.com> wrote: > All, wondering if you can point me in the right direction. I have > stunnel installed with the x-forwarded-for patch. I also have haproxy > working so all incoming http requests are forwarded from my router to > happroxy. haproxy then determines where to route the request based on the domain name. > Configs below. I'd like to implement something similar with stunnel > and haproxy so that all inbound requests can be routed in the same > manner for https. > > > > global > > log 127.0.0.1 local2 > > chroot /var/lib/haproxy > > pidfile /var/run/haproxy.pid > > maxconn 4000 > > user haproxy > > group haproxy > > daemon > > # turn on stats unix socket > > stats socket /var/lib/haproxy/stats > > > > defaults > > mode http > > log global > > option httplog > > option dontlognull > > option http-server-close > > option forwardfor except 127.0.0.0/8 > > option redispatch > > retries 3 > > timeout http-request 10s > > timeout queue 1m > > timeout connect 10s > > timeout client 1m > > timeout server 1m > > timeout http-keep-alive 10s > > timeout check 10s > > maxconn 3000 > > > > frontend http_proxy > > bind *:80 > > acl is_rbc-com hdr_dom(host) -i robcluett.com > > acl is_rbc-net hdr_dom(host) -i robcluett.net > > acl is_iom-com hdr_dom(host) -i iomerge.com > > use_backend cluster1 if is_rbc-com > > use_backend cluster2 if is_rbc-net > > use_backend cluster3 if is_iom-com > > > > backend cluster1 > > server web2 10.10.10.51:80 > > #server web5 192.168.1.128 > > > > backend cluster2 > > server web3 10.10.10.52:80 > > #server web6 192.168.1.129:80 > > > > backend cluster3 > > server web4 10.10.10.53:80 > > > > Rob Cluett > > r...@robcluett.com > > 978.381.3005 > > > > *Please use this address for all email correspondence. The phone > number listed in the signature above replaces any other phone number > you may have for me. > > > > This email contains a digitally signed certificate authenticating the > sender. This certificate prevents others from posing as or spoofing > the sender, guarantees that it was sent from the named sender and when > necessary encrypts the email such that only the sender and > reciepient(s) can read it's contents. If you receive an email from > this sender without the digitally signed certificate it is not from > the sender and therefore it's contents should be disregarded. > > > > This e-mail, and any files transmitted with it, is intended solely for > the use of the recipient(s) to whom it is addressed and may contain > confidential information. If you are not the intended recipient, > please notify the sender immediately and delete the record from your > computer or other device as its contents may be confidential and its > disclosure, copying or distribution unlawful. > >
smime.p7s
Description: S/MIME cryptographic signature
