Using 1.5-dev25. Sometimes for transitional support, we need to temporarily
use a non-standard port for frontend SSL traffic. Is there anything that
might prevent identical requests from matching the below frontend/backend
if they're sent to :8080 instead of :443?
frontend https-in
bind *:443 ssl crt /etc/haproxy/sslcerts/tmpcert.pem
bind *:8080 ssl crt /etc/haproxy/sslcerts/tmpcert.pem
use_backend ssl_app if { hdr_sub(host) -i app.prod }
backend ssl_app
option httpchk GET /health
server app1 app1.prod:8080 ssl check
server app2 app2.prod:8080 ssl check
The following is the output and log entry from a request to port 443:
$ curl -k https://proxy.prod/health
"OK"
haproxy[4424]: 10.20.30.40:53283 [03/Jun/2014:15:49:03.097] https-in~
app.prod/app1
455/0/97/4/556 200 147 - - ---- 0/0/0/0/0 0/0 "GET /health HTTP/1.1"
The following is an identical curl/output/log, only using port 8080 instead
$ curl -k https://proxy.prod:8080/health
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
haproxy[4424]: 10.20.30.40:53291 [03/Jun/2014:15:49:09.750] https-in~
https-in/<NOSRV> -1/-1/-1/-1/453 503 213 - - SC-- 0/0/0/0/0 0/0 "GET
/health HTTP/1.1"
