Thanks, Willy. Frontend in http mode(may be called https terminate mode) and backend in SSL is my goal, which uses remote https connection directly, haproxy terminates SSL backend into http. this is what for performance testing sometimes.
Bests, -Igor On Sun, May 5, 2013 at 5:55 PM, Willy Tarreau <[email protected]> wrote: > Hi Igor, > > On Sun, May 05, 2013 at 05:42:21PM +0800, Igor wrote: > > Hi, > > > > For some security purpose and performance testing purpose, is it possible > > to use haproxy as SSL client? > > Yes and it was even our first goal when implementing native SSL support. > > > May config like: > > > > frontend HTTP > > bind :80 > > mode httpsclient(?) > > default_backend SSLPOOL > > > > backend SSLPOOL > > mode tcp > > server ssl1 <public_ip>:443 > > You need to add "ssl" at the end of the line above. Your backend needs > to be in http mode if the frontend is also in http mode. If you need > this for security, also take a look at the "verify" server keyword, > which is used to validate the peer's certificate (otherwise SSL will > not provide any security at all and will just make you feel safe). > > Willy > >
