Using 1.5-dev25. Sometimes for transitional support, we need to temporarily use a non-standard port for frontend SSL traffic. Is there anything that might prevent identical requests from matching the below frontend/backend if they're sent to :8080 instead of :443?
frontend https-in bind *:443 ssl crt /etc/haproxy/sslcerts/tmpcert.pem bind *:8080 ssl crt /etc/haproxy/sslcerts/tmpcert.pem use_backend ssl_app if { hdr_sub(host) -i app.prod } backend ssl_app option httpchk GET /health server app1 app1.prod:8080 ssl check server app2 app2.prod:8080 ssl check The following is the output and log entry from a request to port 443: $ curl -k https://proxy.prod/health "OK" haproxy[4424]: 10.20.30.40:53283 [03/Jun/2014:15:49:03.097] https-in~ app.prod/app1 455/0/97/4/556 200 147 - - ---- 0/0/0/0/0 0/0 "GET /health HTTP/1.1" The following is an identical curl/output/log, only using port 8080 instead $ curl -k https://proxy.prod:8080/health <html><body><h1>503 Service Unavailable</h1> No server is available to handle this request. </body></html> haproxy[4424]: 10.20.30.40:53291 [03/Jun/2014:15:49:09.750] https-in~ https-in/<NOSRV> -1/-1/-1/-1/453 503 213 - - SC-- 0/0/0/0/0 0/0 "GET /health HTTP/1.1"