Hi,
I'm trying to configure HAProxy so that on one specific domain users
authenticate with a SSL Client certificate.
The Load Balancer has one public IP address and has a frontend configured
which is bind to port 443:
bind *:443 ssl crt ./haproxy/
I selected the correct backend as followed:
use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt
}
default_backend default_servers
When changing bind to verify the ssl certicate all other ssl traffic is no
longer allowed:
bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required
A solution would be to create another frontend with an additional public IP
address but I want to prevent this if possible.
How can I only require a SSL Client certificate on the secure.domain.tld?
Many thanks!
Martin
