On Wed, Jul 16, 2014 at 4:52 AM, Steven Haigh <[email protected]> wrote:
> Hi guys,
>
> I've been hunting through the haproxy documentation, but haven't managed
> to confirm one way or another as to if what I want is possible.
>
> The situation I'm using is closely related to SMTP (however it isn't ;)).
>
> I would like to use haproxy in TCP mode - however I would like to
> terminate the SSL side of things at haproxy and have a plain TCP session
> sent to the server. By way of example, the basic config I have as a
> proof of concept is:
>
> global
> log 127.0.0.1 local2
> user haproxy
> group haproxy
> daemon
>
> defaults
> log global
> mode tcp
> option tcp-smart-accept
> option tcp-smart-connect
> contimeout 5000
> clitimeout 50000
> srvtimeout 50000
>
> listen smtps :465
> option tcplog
> server mail mail.server.com:25 check
>
> The idea is that haproxy takes the SSL connect, then forwards plain TCP
> to the mail server on port 25 - thereby providing an SMTP over SSL
> connection.
>
> Is this possible with haproxy?
>
> --
> Steven Haigh
>
> Email: [email protected]
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
>
Hi Steven,
this is technically doable.
May work better like this:
listen smtps
bind :465 ssl
option tcplog
server mail mail.server.com:25 check
Baptiste
