Hi,
I would like to implement the following simple scenario, all the tests I
have done unfortunately have failed (bad SSL requests, error 502...):
- Using SSL passthrough for the top level domain (mydomain.com) as the web
application is already presenting a wildcard SSL certificate for this domain.
- Offloading SSL on haproxy just for the subdomains (a SSL certificate
matching with *.sub01.mydomain.com for example).
Here is a simple configuration example showing the case:
frontend FE-https
bind 1.1.1.1:443 ssl crt /etc/ssl/certs/sub01.mydomain.com.pem
mode http
acl is_sub01 hdr_end(host) -i sub01.mydomain.com
use_backend BE-sub01 if is_sub01
default_backend BE-default
# SSL Offloading for *.sub01.mydomain.com
backend BE-sub01
mode http
server srv1 10.10.10.10:443
# SSL passthrough for *.mydomain.com
backend BE-default
mode http
server srv1 10.10.10.10:443 ssl verify none
To summarize, I would like to provide or not the right SSL certificate per
backend (depending on the url).
Thanks for your help :)
