Hi Sandeep, No, HAProxy doesn't pass through. HAProxy can terminate SSL then create a new ciphered connection:
listen ssl_reencryption mode http bind :443 ssl crt /path/to/your/cert server 10.0.0.1:443 ssl What you mean by passthrough would be something like: listen ssl_passthourgh mode tcp bind :443 server 10.0.0.1:443 Baptiste On Thu, Aug 13, 2015 at 4:53 AM, Sandeep Jindal <[email protected]> wrote: > Hi Baptiste, > > Not sure if that answers my question. What you suggested is to enable SSL > for HAProxy. > > My use case if one step further. Once HAProxy receives the SSL request, > after decrypting it, use case require to manipulate headers and then > forward the request to a a bendend server which is SSL enabled. > > It seems HAProxy can "pass through" SSL certificates but not start new > certificate for Backend. > > Regards > Sandeep Jindal > 201 604 5277 > > On Fri, Jul 31, 2015 at 2:11 AM, Baptiste <[email protected]> wrote: >> >> On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal <[email protected]> >> wrote: >> > Hi All, >> > >> > My use case is to Manipulate Request Headers of the incoming request. >> > >> > So, for this, I would need to create a new SSL certificate, but it seems >> > at >> > HTTP level. >> > >> > Can you please suggest if this is possible and how? >> > >> > >> > Regards >> > Sandeep Jindal >> > 201 604 5277 >> >> >> Hi Sandeep, >> >> Simply create your certificate with openssl, and enable enable 'ssl' >> and 'crt /path/to/your/cert' on your bind line in your HAProxy >> frontend. >> >> Baptiste > >
