Hi Pablo, My answers inline.
On Sat, May 11, 2013 at 6:20 PM, pablo platt <pablo.pl...@gmail.com> wrote: > Hi, > > I need to proxy secure websockets and RTMP (normal tcp) on the same port. > In the future I'll need normal HTTP requests and static files. > haproxy will pass ssl requests to backend1 and RTMP requests to backend2. > Processes will be open for a long time (minutes - hours). > The backends are on the same machine and will be responsible for timeouts > and pings. > > Do I need to change anythinging in the default configuration like > contimeout, clitimeout and srvtimeout? I'm using the ubuntu 12.04 package. Please paste your configuration. We don't know the default configuration from each packager and OS ;) > > Is this the correct way to check for ssl requests? > acl traffic_is_ssl req_ssl_ver -gt 0 I would better use ssl_fc. Using content inspection (tcp-request inspect) rules, you can do the content switching based on ssl_fc and so split SSL and RTMP traffic to 2 different farms. (I guess this is the purpose you're trying to achieve). > When nginx will get ssl requests from haproxy it'll see haproxy's IP. > Can I terminate ssl requests in nginx even when the client IP was changed? IP change has no impact on SSL. > Thanks > Baptiste