Hi, I'm trying to configure HAProxy so that on one specific domain users authenticate with a SSL Client certificate.
The Load Balancer has one public IP address and has a frontend configured which is bind to port 443: bind *:443 ssl crt ./haproxy/ I selected the correct backend as followed: use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt } default_backend default_servers When changing bind to verify the ssl certicate all other ssl traffic is no longer allowed: bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required A solution would be to create another frontend with an additional public IP address but I want to prevent this if possible. How can I only require a SSL Client certificate on the secure.domain.tld? Many thanks! Martin