Hi, Its possible with the "Socket" Lua object.
The high level directives ares: - create a tcp frontend - create an hook with "tcp-request content lua" - in the lua, you read the first line with the "Channel" object (txn.req:read()) - establish the SSL conenction with "Socket" like this: "socket = core.tcp" and "socket:connect_ssl()". - forward data with a loop. TIP: read is a blocking function, so look first the amount of data available. Thierry On Sat, 8 Aug 2015 02:30:41 +0000 (UTC) prabu shyam <prabushyam_2...@yahoo.co.in> wrote: > Hi Willy, > Is there a way we can accomplish this with the http-request lua hook on > haproxy? > For example, on the process_connect lua function: > - Process the HTTP CONNECT method and extract the target server+port- > Establish a secure socket connection with the target server+port- Reply the > client with HTTP 200 and wrap the connection over ssl- Read the next HTTP > command from the client and forward it to the server > Thanks for your help! > > > On Thursday, August 6, 2015 10:57 PM, Willy Tarreau <w...@1wt.eu> wrote: > > > Hi, > > On Thu, Aug 06, 2015 at 07:25:42PM -0700, Bowen Ni wrote: > > Hi, > > > > > > I am trying to use HAProxy as a man-in-the-middle proxy for HTTPS > > traffic. When doing an HTTPS request over HAProxy, it tries to tunnel > > the HTTPS request using an HTTP CONNECT request and the HTTP CONNECT > > request is passed to backend server directly. My problem is that the > > response of the CONNECT request I got from HAProxy is always 4XX. For > > example: 403 Tunnel Forbidden, 400 Bad Request. I have tried many > > backends and none of them give me 200. Am I missing anything? > > It's not haproxy which returns this but the next server which receives > the CONNECT request. Haproxy is not a forward proxy, so it will not : > - resolve host names in uri to decide where to forward the connection ; > - extract the tunnel from a CONNECT request > > If you want a forward proxy, simply use squid. It's the expert in this > role and works pretty well. You can even put haproxy in front of it if > you want. > > Hoping this helps, > Willy > > > > > > > > >
