Hi.

Am 13-08-2015 08:45, schrieb Baptiste:
Hi Sandeep,

No, HAProxy doesn't pass through.

[snipp]

What you mean by passthrough would be something like:

 listen ssl_passthourgh
  mode tcp
  bind :443
  server 10.0.0.1:443


Maybe that this 'passthrough' wording comes from openshift document

https://docs.openshift.org/latest/architecture/core_concepts/routes.html

or from the RedHat doc?

https://access.redhat.com/documentation/en/openshift-enterprise/version-3.0/openshift-enterprise-30-architecture#passthrough-termination

The haproxy template can be found here.

https://github.com/openshift/origin/blob/9fffbd9ffb7d97c55a1072ea469b624dab89c17c/images/router/haproxy/conf/haproxy-config.template#L48

Do you know that openshift use haproxy for his routing layer?

Br Aleks

On Thu, Aug 13, 2015 at 4:53 AM, Sandeep Jindal <sandeep...@gmail.com> wrote:
Hi Baptiste,

Not sure if that answers my question. What you suggested is to enable SSL
for HAProxy.

My use case if one step further. Once HAProxy receives the SSL request,
after decrypting it,  use case require to manipulate headers and then
forward the request to a a bendend server which is SSL enabled.

It seems HAProxy can "pass through" SSL certificates but not start new
certificate for Backend.

Regards
Sandeep Jindal
201 604 5277

On Fri, Jul 31, 2015 at 2:11 AM, Baptiste <bed...@gmail.com> wrote:

On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal <sandeep...@gmail.com>
wrote:
> Hi All,
>
> My use case is to Manipulate Request Headers of the incoming request.
>
> So, for this, I would need to create a new SSL certificate, but it seems
> at
> HTTP level.
>
> Can you please suggest if this is possible and how?
>
>
> Regards
> Sandeep Jindal
> 201 604 5277


Hi Sandeep,

Simply create your certificate with openssl, and enable enable 'ssl'
and 'crt /path/to/your/cert' on your bind line in your HAProxy
frontend.

Baptiste



Reply via email to