For one project I use haproxy in https tcp mode.
I configured it such, that depending on the server name detected via
SNI, the data is forwarded via the proxy protocol to a proxy protocol
aware https server (e.g. nginx)
However for a few servers I'd like haproxy to act as an SSL endpoint and
forward plain http traffic to the final host.
Can implement this with with one haproxy instance?
At the moment I'm using haproxy as SNI forwarder in TCP mode and nginx
to act as https end point.
I just wondered whether there isn't a better solution
My config looks like.
Thanks in advance foe any suggestions / ideas
frontend ft_ssl_ip
log global
option tcplog
bind 0.0.0.0:443
mode tcp
tcp-request inspect-delay 15s
tcp-request content accept if { req.ssl_hello_type 1 }
acl is_srvr1 req.ssl_sni -i server1.mydomain
acl is_srvr2 req.ssl_sni -i server2.mydomain
acl is_srvr3 req.ssl_sni -i server3.mydomain
use_backend be_srvr1 if is_srvr1
use_backend be_srvr2 if is_srvr2
use_backend be_srvr3 if is_srvr3
backend be_srvr1
mode tcp
balance roundrobin
server srvr1 ip_of_srvr1 send-proxy
backend be_srvr2
mode tcp
balance roundrobin
server srvr1 ip_of_srvr2 send-proxy
backend be_srvr3
mode tcp
balance roundrobin
server srvr1 ip_of_an_nginx_endpoint_forwarding_http_to_srvr3
send-proxy
config looks roughly like
