Hi Alain,
On Thu, Dec 03, 2015 at 12:14:20PM +0000, Labedan, Alain wrote:
>
> Hi,
>
> I have HAPROXY in front of servers backend which are load balanced.
>
> So, in https, we have only one address where the front https haproxy listen
> : bind <address IP>:443.
> And we have some clients for which, we only pass-through the traffic, so we
> use the mode tcp .
>
> Frontend https-tcp-in
> Mode tcp
> Option tcplog
> Bind ip1:443
> Tcp-request inspect-delay 5s
> Tcp-request content accept if { req.ssl_hello_type 1 }
> Acl regle1 req.ssl_sni -i <domain1-site1>
> Use_backend site1 if regle1
>
> And we have also some clients for which in https, it is haproxy who have the
> certicate, so we use mode http ?
> ..
> Mode http
> Bind <address IP>:443 ssl crt /etc/ssl/pem
> Use_backend site1 if { ssl_fc_sni <domain1-site1>
> ..
>
> Is it possible to manage both these two situations with only one socket for
> listen https (bind <address IP>:443.) ?
1.7 might make this possible but for now the only solution consists
in having the first layer fall back to the second one, so in short
you need a backend "default_site" which connects to the other frontend.
Best regards,
Willy
